@[TOC](第二十七章 日志管理)
实验:实现日志web展示通过loganalyzer展示数据库中的日志
环境
| IP地址 | 服务 |
|---|---|
| 37.7 | 日志服务器 |
| 37.18 | 数据库服务器 |
| 37.28 | PHP |
18数据库服务器
[root@mariadb ~]# yum install mariadb-server -y
[root@mariadb ~]# systemctl start mariadb
7 日志服务器
[root@rsyslog ~]# yum install rsyslog-mysql -y
[root@rsyslog ~]# scp /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql 192.168.37.18:/data/
18数据库服务器
[root@mariadb ~]# mysql < /data/mysql-createDB.sql
#创建账号并且授权
[root@mariadb ~]# mysql -e "grant all on Syslog.* to loguser@'192.168.37.%' identified by 'centos'"
7 日志服务器
[root@rsyslog ~]# vim /etc/rsyslog.conf
...
$ModLoad ommysql <--
# Provides UDP syslog reception
*.info;mail.none;authpriv.none;cron.none /var/log/messages
服务器地址 数据库用户
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.37.18,Syslog,loguser,centos <--
调用什么模块 数据库名称 数据密码
...
#重启日志服务
[root@rsyslog ~]# systemctl restart rsyslog
18数据库服务器
[root@mariadb ~]# mysql
MariaDB [(none)]> use Syslog
MariaDB [Syslog]> show tables;
MariaDB [Syslog]> select * from SystemEvents;
+----+------------+---------------------+---------------------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
| ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID |
+----+------------+---------------------+---------------------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
| 1 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 3 | 6 | rsyslog | Stopping System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 2 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 5 | 6 | rsyslog | [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="9139" x-info="http://www.rsyslog.com"] exiting on signal 15. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
| 3 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 3 | 6 | rsyslog | Stopped System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 4 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 3 | 6 | rsyslog | Starting System Logging Service... | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
| 5 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 5 | 6 | rsyslog | [origin software="rsyslogd" swVersion="8.24.0-34.el7" x-pid="9402" x-info="http://www.rsyslog.com"] start | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL |
| 6 | NULL | 2022-07-16 00:04:27 | 2022-07-16 00:04:27 | 3 | 6 | rsyslog | Started System Logging Service. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | systemd: | NULL | NULL | NULL |
+----+------------+---------------------+---------------------+----------+----------+----------+----------------------------------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+
6 rows in set (0.01 sec)
7 日志服务器
#测试、生成一条新的日志信息
[root@rsyslog ~]# logger "This is a test log"
18数据库服务器
MariaDB [Syslog]> select * from SystemEvents\G
...
*************************** 7. row ***************************
ID: 7 <--
CustomerID: NULL
ReceivedAt: 2022-07-16 00:07:31 <--
DeviceReportedTime: 2022-07-16 00:07:31 <--
Facility: 1
Priority: 5
FromHost: rsyslog
Message: This is a test log <--
NTSeverity: NULL
Importance: NULL
EventSource: NULL
EventUser: NULL
EventCategory: NULL
EventID: NULL
EventBinaryData: NULL
MaxAvailable: NULL
CurrUsage: NULL
MinUsage: NULL
MaxUsage: NULL
InfoUnitID: 1
SysLogTag: root:
EventLogType: NULL
GenericFileName: NULL
SystemID: NULL
7 rows in set (0.00 sec)
27PHP服务器
[root@php ~]# yum install -y httpd php php-mysql php-gd
[root@php ~]# cd /data/
[root@php data]# ls
loganalyzer-4.1.7.tar.gz
#解压缩
[root@php data]# tar xvf loganalyzer-4.1.7.tar.gz -C /var/www/html/
[root@php data]# cd /var/www/html/
[root@php html]# cp -a loganalyzer-4.1.7/src/ /var/www/html/loganalyze
[root@php html]# cd loganalyzer
#创建文件
[root@php loganalyzer]# touch config.php
#添加权限
[root@php loganalyzer]# chmod 666 config.php
#为了安全加强、将权限改为644
[root@php loganalyzer]# chmod 644 config.php
#权限变成644
[root@php loganalyzer]# ll config.php
-rw-r--r-- 1 root root 11680 Jul 16 01:23 config.php
#可以看到刚刚配置时的部分信息
[root@php loganalyzer]# cat config.php
...
$CFG['Sources']['Source1']['ID'] = 'Source1';
$CFG['Sources']['Source1']['Name'] = 'My Syslog Source';
$CFG['Sources']['Source1']['ViewID'] = 'SYSLOG';
$CFG['Sources']['Source1']['SourceType'] = SOURCE_DB;
$CFG['Sources']['Source1']['DBTableType'] = 'monitorware';
$CFG['Sources']['Source1']['DBType'] = DB_MYSQL;
$CFG['Sources']['Source1']['DBServer'] = '192.168.37.18'; <--
$CFG['Sources']['Source1']['DBName'] = 'Syslog'; <--
$CFG['Sources']['Source1']['DBUser'] = 'loguser'; <--
$CFG['Sources']['Source1']['DBPassword'] = 'centos'; <--
$CFG['Sources']['Source1']['DBTableName'] = 'SystemEvents'; <--
$CFG['Sources']['Source1']['DBEnableRowCounting'] = false;
...
