rsyslog+loganalyzer的安裝配置
環境LAMP+rsyslog+loganalyzer
系統CentOS 5.4 32位
rsyslog-5.9.0.tar.gz、loganalyzer-3.2.1.tar.gz 上傳到/tmp目錄下
1、LAMP環境安裝
yum -y install httpd* mysql* php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml gd* gcc*
設定mysql密碼
進入資料庫: mysql -p
更改密碼: UPDATE mysql.user SET Password=PASSWORD ('123456') WHERE User='root';
2、rsyslog的安裝
下載下傳位址:http://download.csdn.net/detail/lovejuan007/3738966
cd /tmp/
tar zxvf rsyslog-5.9.0.tar.gz
cd rsyslog-5.9.0
./configure --enable-mysql
注: make之前先檢視下面的錯誤一
make
make install
ln -s /usr/local/sbin/rsyslogd /sbin/rsyslogd
cp rsyslog.conf /etc
vim /etc/rsyslog.conf 這3行下面添加
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
=====下面這2行是要添加的====
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,root,123456
=====去掉下面2行的注釋,主要是接收客戶的日志====
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
儲存退出,開啟防火牆的UDP 514端口,重新開機防火牆
==================================================================================
解釋下這句話的含義:
Syslog 是資料中database-name
tmp 是database-userid
mima是tmp使用者登入mysql的密碼
該行的格式
*.* :ommysql:database-server,database-name,database-userid,database-password
同樣要注意的是database-name 必須和/tmp/rsyslog-5.9.0/plugins/ommysql/createDB.sql 中的相同
建立rsyslog啟動腳本
cp -rp /etc/init.d/syslog /etc/init.d/rsyslog
sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
=====停止自帶的syslog日志服務====
service syslog stop
導入資料庫
cd /tmp/syslog/rsyslog-5.9.0/plugins/ommysql
mysql -uroot -p <createDB.sql
密碼:
啟動rsyslog
service rsyslog start
檢查資料庫是否有相應資料
mysql -utmp -p
use Syslog;
select * from SystemEvents;
如果有資料,則表示成功
建立syslog使用者通路Syslog
grant all on Syslog.* to syslog@'localhost' identified by 'syslog';
flush privileges;
密碼是syslog
錯誤一:
make[2]: Entering directory `/tmp/rsyslog-5.9.0/tools'
CCLD rsyslogd
../runtime/.libs/librsyslog.a(librsyslog_la-parser.o): In function `uncompressMessage':
/tmp/rsyslog-5.9.0/runtime/parser.c:247: undefined reference to `uncompress'
collect2: ld returned 1 exit status
make[2]: *** [rsyslogd] Error 1
make[2]: Leaving directory `/tmp/rsyslog-5.9.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/rsyslog-5.9.0'
make: *** [all] Error 2
解決方法:
vi /tmp/rsyslog-5.9.0/runtime/parser.c
注釋掉247行
//ret = uncompress((uchar *) deflateBuf, &iLenDefBuf, (uchar *) pszMsg+1, lenMsg-1);
3、loganalyzer的安裝
http://download.csdn.net/detail/lovejuan007/3738744
cd /tmp/
tar zxvf loganalyzer-3.2.1.tar.gz
mkdir /var/www/html/syslog
cp -r /tmp/loganalyzer-3.2.1/src/* /var/www/html/syslog/
cp -r /tmp/loganalyzer-3.2.1/contrib/* /var/www/html/syslog/
cd /var/www/html/syslog
chmod 755 *.sh
./configure.sh
後續的安裝請參考附件
配置apache日志
vi /etc/rsyslog.conf
# Apache
if $syslogfacility-text == 'local6' and $programname == 'httpd' then /var/log/httpd/access_log
if $syslogfacility-text == 'local7' and $programname == 'httpd' then /var/log/httpd/error_log
vi /etc/httpd/conf/httpd.conf
CustomLog "|/usr/bin/logger -t httpd -p local6.info" combined
ErrorLog "|/usr/bin/logger -t httpd -p local7.info"
<a href="http://down.51cto.com/data/2359186" target="_blank">附件:http://down.51cto.com/data/2359186</a>
本文轉自 holy2009 51CTO部落格,原文連結:http://blog.51cto.com/holy2010/703118
![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)