Reference from:
the_script :https://yq.aliyun.com/articles/675198
Mountains, deep: https://www.cnblogs.com/skychenjiajun/p/8244099.html
cmzsteven:https://blog.csdn.net/cmzsteven/article/details/50413837
Linux commune: https://www.linuxidc.com/Linux/2017-10/147693.htm
Image files and software used to build the server:
CentOS image file download address: http: //mirror.nsc.liu.se/centos/7.6.1810/isos/x86_64/CentOS-7-x86_64-DVD-1810.iso
First, some companies will buy a professional hardware equipment to collect all network devices within the network, servers and other log information; but in addition to the production network is not important systems (such as office systems, etc.), the budget is not sufficient case, buy a separate server device a little luxury;
log management server can address the following issues:
1, no longer needed by servers to query the system log file
2, the routine of the system information stored in the mysql data, to facilitate query, statistics, audit filtering operation
3, expansion can be achieved by other software platform log collection, such as the use evtsys acquisition window logs sent to the linux server log
4, under linux rsyslog configuration is relatively simple, relatively easy to maintain.
5, rsyslog + loganalyzer distal end may be implemented graphical query operation.
Two, the rsyslog installation and configuration
with yum installed one package:
1, installation LAMP:
yum install mysql-server mysql-devel httpd,php-mysql php php-gd php-xml -y
2, the drive and install rsyslog
yum install libcurl-devel net-snmp-devel rsyslog rsyslog-mysql -y
3、mysql-server
(1) online download mysql57-community-release-el7-11.noarch.rpm
Rpm installation and use: rpm -ivh mysql57-community-release-el7-11.noarch.rpm
(2) using wget and yum download and install;
① use wget to download
[the root @ localhost ~] # wget HTTPS: // dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm - 2018 - 01 - 08 16 : 57 is : 46 is - HTTPS: / / dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm Resolving host dev.mysql.com (dev.mysql.com) ... 137.254 . 60.11 connecting dev.mysql.com (dev.mysql.com) | 137.254 . 60.11 |: 443 ... connected. HTTP request has been issued, awaiting response ... 302 Found Location: HTTPS: // repo.mysql.com //mysql57-community-release-el7-11.noarch.rpm [to follow new the URL of] - 2018 - 01 - 08 16 : 57 : 48 - HTTPS: // repo.mysql.com // mysql57-Community Community-Release -el7-11.noarch.rpm Resolving host repo.mysql.com (repo.mysql.com) ... 23.1 . 165.122 connecting repo.mysql.com (repo.mysql.com) | 23.1 . 165.122 |: 443 ... connected. HTTP request has been issued, awaiting response ... 200 is the OK length: 25680 (25K) [file application / X-RedHat-at package- Manager] Saving to: "mysql57Release-el7---community . 11 .noarch.rpm " 100 % [================================== ================================================== =========
========================================= ================================================== ======
====>] 25 , 680 --.- K / S when a 0 .1s 2018 - 01 - 08 16 : 57 is : 48 ( 232 KB / S) - saved "mysql57-community- el7--Release . 11 .noarch.rpm "[ 25680 / 25680 ]) [the root @ localhost ~] #
② use yum to install;
yum localinstall -y mysql57-community-release-el7-11.noarch.rpm
③ Check whether the installation was successful Mysql source
[root@localhost ~]# yum repolist enabled | grep "mysql.*-community.*" mysql-connectors-community/x86_64 MySQL Connectors Community 42 mysql-tools-community/x86_64 MySQL Tools Community 55 mysql57-community/x86_64 MySQL 5.7 Community Server 227 [root@localhost ~]#
④ installation Mysql service
yum install -y mysql-community-server
⑤ Check whether the installation was successful Mysql service
[root@localhost ~]# systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
[root@localhost ~]#
Third, start mysql service:
1, randomly generated when you first start /var/log/mysqld.log root password, use grep 'password' '/var/log/mysqld.log' view: 
2, just find the password Log in and change the root password:
. mysqladmin -u root password 'yourpassword'
assumption that the root password is set to 123456:
the sET password for root @ 'localhost' = password ( '12345678');
will prompt error message: 
the reason for the mysql default parameters validate_password_policy = medium, this value is set to 0, set global validate_password_policy = 0; modification to use relatively simple password.
Also can not manually set this value directly configure a more complex password on it (the case has + sign + number).
3, is provided as the default character set mysql UTF-8: /etc/my.cnf edit file, adding a line in the [mysqld]:
Character-SET-Server-name = UTF8 Skip Resolve-### = ON prohibited DNS ( If the English can not modify)
Then restart the mysql service: systemctl restart mysqld
4, using just installed sql file under rsyslog-mysql package documentation directory is created rsyslog database:
Use rpm -ql rsyslog-mysql sql query and locate the file
using the file to create root -p <mysql-createDB database mysql -u. sql
database created named: syslog
5, mysql create database users using the syslog Syslog and authorized:
Grant All ON Syslog * to 'syslog' @ '127.0.0.1 (native IP)' IDENTIFIED by. '111111 (password) " ;
flush privileges;
6, modify the configuration file rsyslog:
Vim / etc / sysconfig / rsyslog
add two lines:
the SYSLOGD_OPTIONS = "- -R & lt the -X-C 2 180 [-m"
KLOGD_OPTIONS = "- X"
Edit rsyslog master configuration file /etc/rsyslog.conf:
The following operations at #### MODULES ####:
Cancel ModLoadimudp, UDPServerRun 514 Note that two lines 514 represents the log file received by the UPD port protocol.
####### add $ ModLoad ommysql line configuration server support rsyslog-mysql module
added:. Ommysql: 127.0.0.1, Syslog, rsyslog, 123456789 
restart rsyslog:
systemctl restart rsyslog
Four, loganalyzer configuration
1, created in the default directory loganalyzer documentRoot the apache directory:
mkdir -p / var / the WWW / HTML / loganalyzer
create loganalyzer log directory:
mkdir -p / var / log / httpd / loganalyzer
2, the official online download loganalyzer extracted to / usr / LOCA / the src:
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.6.tar.gz
CD / usr / local / the src
the tar-4.1.6.tar -zxvf loganalyzer .gz
replication in the src loganalyzer-4.1.6 unpacked directory / file with all contrib / under the next / var / www / html / loganalyzer directory:
CP -R & lt src / * / var / www / html / loganalyzer
CP -r contrib / * / var / www / html / loganalyzer
3、在/var/www/html/loganalyzer下创建config.php并设置权限:
touch config.php
chmod 666 config.php
4.在/etc/httpd/conf/httpd.conf文件为找到并修改配置为:
Listen 8080
DocumentRoot "/var/www/html/loganalyzer"
ErrorLog /var/log/httpd/loganalyzer/error.log
CustomLog /var/log/httpd/loganalyzer/access_log combined
重启httpd: systemctl restart httpd
5、浏览器上输入日志服务器ip+端口号:
点击next 到step3:
配置后数据库用户及密码,点击next。
step6:创建loganalyzer登录用户:
step7:
点击next并登录即可完成初始化配置:
6、可以在网上搜索下载loganalyzer3.6.5 中文语言包并将解压后的3个文件放在/var/www/html/loganalyzer/lang下并重启rsyslog即可使用loganalyzer中文界面:
若出现如下界面:Could not find the configured table, maybe misspelled or the tablenames are case sensitive
需要修改config.php中的$CFG['Sources']['Source1']['DBTableName'] = 'SystemEvents'; 大小写不一致
7.修改客户端服务器/etc/rsyslog.conf文件实现将日志传输至构建好的日志服务器:
在#### RULES ####中添加配置:
@表示使用upd协议传输文件,划线部分为搭建的集中日志服务器ip.
也可以使用. @ip 表示所有日志文件都传输至日志服务器
8、刷新loganalyzer页面就可看到客户端服务器的日志信息也被记录到数据库中,构建完成.
五、安装中文语音包
LogAnalyzer默认为中文,个人也是推荐使用英文。这里也提供中文语言包。
完整PDF文档可以到Linux公社资源站下载:
免费下载地址在 http://linux.linuxidc.com/
用户名与密码都是www.linuxidc.com
具体下载目录在 /2017年资料/10月/16日/CentOS7.3下部署Rsyslog+LogAnalyzer+MySQL中央日志服务器/
下载方法见 http://www.linuxidc.com/Linux/2013-07/87684.htm
解压后将整个目录方至/var/www/html/loganalyzer/lang目录下。然后再次访问页面在右上角选择中文即可。
This article permanently updated link address : http://www.linuxidc.com/Linux/2017-10/147693.htm