一、安装mysql
# yum -y install mariadb-server
# systemctl enable --now mariadb && systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-12-25 03:56:37 EST; 2min 38s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 31604 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCE>
Process: 31470 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mariadb.service (code=exited>
Process: 31445 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Main PID: 31573 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 30 (limit: 11303)
Memory: 87.3M
CGroup: /system.slice/mariadb.service
└─31573 /usr/libexec/mysqld --basedir=/usr
二、安装rsyslog
# yum -y install rsyslog-mysql
#将sql脚本复制到数据库服务器
# scp /usr/share/doc/rsyslog/mysql-createDB.sql 10.0.0.28:/root/
三、配置mysql服务器
3.1 导入数据库
# mysql -uroot < mysql-createDB.sql
# mysql -e "show databases;"
+--------------------+
| Database |
+--------------------+
| Syslog |
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3.2 创建授权用户
# mysql -e "create user rsyslog@'10.0.0.%' identified by '123456';"
# mysql -e "grant all on Syslog.* to 'rsyslog'@'10.0.0.%';"
# mysql -e "select user,host from mysql.user;"
+---------+--------------+
| user | host |
+---------+--------------+
| rsyslog | 10.0.0.% |
| root | 127.0.0.1 |
| root | ::1 |
| root | localhost |
| root | mysql-server |
+---------+--------------+
四、配置rsyslog服务器
4.1 配置日志服务器将日志发送至指定数据库
[root@ rsyslog-server ~]#vim /etc/rsyslog.conf
####MODULES#### #在 MODULES 语言下面添加
module(load="ommysql")
#在RULES语句块下面添加
#### RULES ####
#facility.priority :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
*.info :ommysql:10.0.0.28,Syslog,rsyslog,123456
[root@ rsyslog-server ~]# systemctl restart rsyslog.service
4.2 测试
#在日志服务器上生成日志
# logger "this is a test log"
#在数据库上查询到上面的测试日志
$> mysql -e "select count(*) from Syslog.SystemEvents;"
+----------+
| count(*) |
+----------+
| 1907 |
+----------+
# 可以看到测试日记已经存到Mysql的Syslog库中
# mysql -e "select * from Syslog.SystemEvents\G" | grep -C10 "this is a test log"
GenericFileName: NULL
SystemID: NULL
*************************** 1904. row ***************************
ID: 1904
CustomerID: NULL
ReceivedAt: 2021-12-25 17:25:29
DeviceReportedTime: 2021-12-25 17:25:29
Facility: 1
Priority: 5
FromHost: reyslog
Message: this is a test log
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
五、部署配置LogAnalyzer
5.1 安装LogAnalyzer
# wget https://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz
# tar xvf loganalyzer-4.1.10.tar.gz
# mkdir /var/www/html/log
# mv loganalyzer-4.1.10/src/* /var/www/html/log
5.2 安装相关服务
# yum -y install httpd php-fpm php-mysqlnd php-gd
# systemctl enable --now httpd php-fpm && systemctl status httpd php-fpm
5.3 测试php
php是使用套接字和httpd通讯的,并非监听在9000端口。
需要监听在端口,修改配置文件/etc/php-fpm.d/www.conf,监听端修改为:listen = 127.0.0.1:9000
# cat > /var/www/html/info.php << EOF
<?php phpinfo() ?>
EOF
# 打开浏览器访问http://10.0.0.38/info.php,没问题继续下一步操作
六、基于 web 页面初始化LogAnalyzer
6.1 打开浏览器
访问http://10.0.0.38/log 实现初始化
6.2 提示缺失配置文件
# touch /var/www/html/log/config.php
# chmod 666 /var/www/html/log/config.php
6.3 重新访问
6.4 测试
[root@reyslog ~]# logger "this is a test log"
[root@reyslog ~]# logger "this is a newtest log
图表展示