(1)LAMP
yum install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-cli php-gd httpd -y
(2)下载、安装rsyslog,需要先安装2个依赖包
<1>下载libestr,http://libestr.adiscon.com/
tar zxf libestr-*.*.*.tar.gz
cd libestr-*.*.*
./configure --libdir=/usr/lib --includedir=/usr/include/
make && make install
<2>下载lbee,http://www.libee.org
tar zxf libee-*.*.*.tar.gz
cd libee-*.*.*
./configure --libdir=/usr/lib --includedir=/usr/include/
make && make install
<3>下载rsyslog,http://www.rsyslog.com/download/
tar zxf rsyslog-*.*.*.tar.gz
cd rsyslog-*.*.*
./configure --enable-mysql --prefix=/usr/local/rsyslog
make && make install
(3)配置rsyslog
<1>vi /etc/rsyslog.conf
-------------------------------------------------------------------------------------------
#if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance
# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,user,passwd
#*.* :ommysql:database-server,database-name,database-userid,database-password
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /rsyslog/spool # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so # load module
#$InputTCPServerRun 514 # start up TCP listener at port 514
#UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
-------------------------------------------------------------------------------------------
<2>cp /etc/init.d/{syslog,rsyslog}
<3>sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
<4>chmod +x /etc/init.d/rsyslog
<5>ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
<6> /etc/init.d/syslog stop
<7> chkconfig syslog off
<8> /etc/init.d/rsyslog start
<9> chkconfig rsyslog on
(4)配置mysql
<1>/etc/init.d/mysqld start
<2>chkconfig mysqld on
<3>mysqladmin -u root -p password passwd(root初始密码为空)
或/usr/bin/mysql_secure_installation设置root密码,并进行安全设置。
<4>mysql -uroot -ppasswd < rsyslog-*.*.*/plugins/ommysql/createDB.sql
<5>cat createDB.sql
-------------------------------------------------------------------------------------------
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
-------------------------------------------------------------------------------------------
<6>mysql -uroot -ppasswd
>grant all privileges on Syslog.* to 'user'@localhost identified by 'passwd';
>quit
<7>/etc/init.d/rsyslog restart
<8>/etc/init.d/mysqld restart
<9>mysql -uuser -ppasswd
>use Syslog;
>select * from SystemEvents;#有数据说明成功
(5)下载、安装、配置loganalyzer,http://loganalyzer.adiscon.com/downloads
<1>tar zxf loganalyzer-*.*.*.tar.gz
<2>cd loganalyzer-*.*.*
<3>cp -r src/ /var/www/html/loganalyzer
<4>cp -r contrib/* /var/www/html/loganalyzer
<5>chown -R apache.apahce /var/www/html/loganalyzer
<6>/bin/sh /var/www/html/loganalyzer/configure.sh
<7>/bin/sh /var/www/html/loganalyzer/secure.sh
(6)启动http,进入日志web界面
<1> /etc/init.d/httpd start
<2> chkconfig httpd on
访问http://127.0.0.1/loganalyzer或http://IP/loganalyzer,进入web页面。
(7)web页面配置
