一、服务端的安装
YUM源新建,如果有的话,可以省略
- # cat >> /etc/yum.repos.d/sohu.repo <<EOF
- [sohu]
- name=sohu's mirrors
- baseurl=http://mirrors.sohu.com/centos/5/os/x86_64/
- enabled=1
- gpgcheck=0
- EOF
安装LAMP环境及rsyslog,如果有LAMP,只需要安装rsyslog rsyslog-mysql即可
- yum install rsyslog rsyslog-mysql mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd
导入rsyslog数据库
- mysql -u root -p < $(rpm -ql rsyslog-mysql | grep sql$)
创建数据库用户
- mysql -u root -p
- mysql> grant all privileges on Syslog.* to logger@localhost identified by 'logger';
- mysql> flush privileges;
- mysql> exit;
修改rsyslog的配置文件
- # vi /etc/rsyslog.conf //修改一下即可
- # Use traditional timestamp format
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- # Provides kernel logging support (previously done by rklogd)
- # Provides support for local system logging (e.g. via logger command)
- $ModLoad immark
- $ModLoad imuxsock
- $ModLoad imklog
- $ModLoad ommysql
- *.* :ommysql:127.0.0.1,Syslog,logger,logger
- $ModLoad imudp.so
- $UDPServerRun 514
- # Log all kernel messages to the console.
- # Logging much else clutters up the screen.
- #kern.* /dev/console
- # Log anything (except mail) of level info or higher.
- # Don't log private authentication messages!
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- # The authpriv file has restricted access.
- authpriv.* /var/log/secure
- # Log all the mail messages in one place.
- mail.* -/var/log/maillog
- # Log cron stuff
- cron.* /var/log/cron
- # Everybody gets emergency messages
- *.emerg *
- # Save news errors of level crit and higher in a special file.
- uucp,news.crit /var/log/spooler
- # Save boot messages also to boot.log
- local7.* /var/log/boot.log
红色部分是添加的,其它的对比一下,有的就略过,没的就添加一下吧。
安装LogAnalyzer
- # wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz
- # tar xf loganalyzer-3.6.3.tar.gz
- # mkdir /var/www/html/loganalyzer
- # mv loganalyzer-3.6.3/src/* /var/www/html/loganalyze
- # touch /var/www/html/loganalyzer/config.php
- # chmod 666 /var/www/html/loganalyzer/config.php
通过浏览器安装即可
以上就完成了loganalyzer的安装,登陆查看
二、Windows客户端安装
下载evtsys http://code.google.com/p/eventlog-to-syslog/
- 解压缩放到 C:\Windows\System32
- evtsys -i -s 10 -h log-server-ip -p 514
- net start evtsys
在安装的时候,会报一个错误,是配置文件的问题,可以忽略不用管,只要看到最后的安装成功即可。以下附上详细的参数
- Version: 4.4 (32-bit)
- Usage: evtsys.exe -i|-u|-d [-h host] [-b host] [-f facility] [-p port]
- [-s minutes] [-l level] [-n]
- -i Install service
- -u Uninstall service
- -d Debug: run as console program
- -h host Name of log host
- -b host Name of secondary log host (optional)
- -f facility Facility level of syslog message
- -l level Minimum level to send to syslog.\n", stderr);
- 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info
- -n Include only those events specified in the config file.
- -p port Port number of syslogd
- -q bool Query the Dhcp server to obtain the syslog/port to log to
- (0/1 = disable/enable)
- -s minutes Optional interval between status messages. 0 = Disabled
- Default port: 514
- Default facility: daemon
- Default status interval: 0
- Host (-h) required if installing.
以下是在Loganalyzer上看到的Windows的日志,很明显的windows日志。监控Linux日志就很简单了,直接修改配置文件,把日志发送一份到日志服务器即可,这里不再详细的说明。
本文转自 gm100861 51CTO博客,原文链接:http://blog.51cto.com/gm100861/1191164