syslog-ng+loganalyzer log system install guide-阿里云开发者社区

syslog-ng+loganalyzer log system install guide

2017-11-23 1068

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

本文涉及的产品

RDS MySQL Serverless 基础系列，0.5-2RCU 50GB

云数据库 RDS MySQL，集群系列 2核4GB

日志服务 SLS，月写入数据量 50GB 1个月

简介：

一，创建Syslog数据库
mysql> CREATE DATABASE Syslog character set utf8;
mysql> USE Syslog;
mysql> CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
mysql> CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
二，设置数据库权限
mysql> GRANT ALL ON Syslog.* TO syslog_ng@localhost IDENTIFIED BY 'syslog_ngpass';
mysql> FLUSH PRIVILEGES;
三，配置syslog-ng服务端
rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm
rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm
rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm
rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm
rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm
vim /etc/syslog-ng/syslog-ng.conf
========================================================================================================================
source s_src {
unix-stream("/dev/log");
udp(ip("192.168.122.200") port(514));
};
destination d_mysql {
sql(type(mysql)
host("localhost") username("syslog_ng") password("syslog_ngpass")
database("Syslog") table("SystemEvents")
columns("ID int unsigned not null auto_increment primary key","ReceivedAt datetime NULL", "DeviceReportedTime datetime NULL",
"Facility smallint NULL","Priority smallint NULL","FromHost varchar(60) NULL",
"Message text","InfoUnitID int NULL","SysLogTag varchar(60)",
"CustomerID bigint","NTSeverity int NULL","Importance int NULL","EventSource varchar(60)","EventUser varchar(60) NULL",
"EventCategory int NULL","EventID int NULL","EventBinaryData text NULL","MaxAvailable int NULL","CurrUsage int NULL","MinUsage int NULL",
"MaxUsage int NULL","EventLogType varchar(60)","GenericFileName VarChar(60)","SystemID int NULL")
values("","$R_ISODATE", "$S_ISODATE","$FACILITY_NUM","$LEVEL_NUM","$HOST",
"$MSGONLY","1","$MSGHDR","","","","","","","","","","","","","","","")
indexes("ID","ReceivedAt","Facility","Priority","FromHost","SysLogTag",));
};
log { source(s_src); destination(d_mysql); };
==========================================================================================================================
四。配置loganalyzer日志web页面
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.1.tar.gz
tar xf loganalyzer-3.6.1.tar.gz
cd loganalyzer-3.6.1
mkdir /var/www/html/loganalyzer
mv ./src/* /var/www/html/loganalyzer
cp contrib/* /var/www/html/loganalyzer
cd /var/www/html/loganalyzersh
sh configure.sh
cat >/etc/cron.daily/syslog-clean.sh <<EOF
#!/bin/bash
MYSQL_USER="syslog_ng"
MYSQL_PASS="syslog_ngpass"
MYSQL_DB="Syslog"
mysql -u\${MYSQL_USER} -p\${MYSQL_PASS} \${MYSQL_DB} -e "DELETE FROM SystemEvents WHERE ReceivedAt < DATE_SUB(CURDATE(),INTERVAL 30 DAY)"
EOF
chmod 700 /etc/cron.daily/syslog-clean.sh
http://192.168.122.200/loganalyzer/install.php
五，配置客户端syslog-ng
rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm
rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm
rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm
rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm
rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm
vim /etc/syslog-ng/syslog-ng.conf
===================================================================================
destination d_euid { file("/var/log/user"); };
filter f_euid { match("euid" value("euid")) or facility(authpriv); };
log { source(s_sys); filter(f_euid);destination(d_euid); };
log { source(s_sys);filter(f_euid); destination(d_udp);};
log { source(s_sys); destination(d_udp);};
==================================================================================
cat >>/etc/bashrc <<EOF
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[hostname- $(hostname)]": "[euid=$(whoami)]":$(who am i):[`pwd`]:"$msg"; }'
EOF
#rsyslog
#sed -i "s/SYSLOGD_OPTIONS=\"-c 5\"/SYSLOGD_OPTIONS=\"-c 2 -r -m 0\"/g" /etc/sysconfig/rsyslog
#echo "*.* @192.168.122.200" >> /etc/rsyslog.conf

本文转自it你好 51CTO博客，原文链接：http://blog.51cto.com/itnihao/1176492，如需转载请自行联系原作者

syslog-ng+loganalyzer log system install guide

热门文章

最新文章

相关电子书

相关实验场景

热门

活动广场

任务中心

开发者评测

高校计划

乘风者计划

训练营

阿里云MVP

话题

直播

下载

镜像站

技术资料

插件

syslog-ng+loganalyzer log system install guide

热门文章

最新文章

相关电子书

相关实验场景