11.3. 日志管理系统搭建¶

这个文章主要介绍使用日志服务器收集多个服务器的日志信息到mysql数据库中，然后使用分析工具来分析日志和监控。

11.3.1. 架构图¶

11.3.2. 日志服务器配置¶

[root@centos-7 ~]$yum install rsyslog-mysql mariadb-server
[root@centos-7 ~]$systemctl restart mariadb
[root@centos-7 ~]$ss -tunl |grep 3306
tcp    LISTEN     0      50        *:3306                  *:*
[root@centos-7 ~]$mysql_secure_installation
[root@centos-7 ~]$mysql -u root -p </usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@centos-7 ~]$mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use Syslog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [Syslog]> show tables;
+------------------------+
| Tables_in_Syslog       |
+------------------------+
| SystemEvents           |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.00 sec)

MariaDB [Syslog]> grant all on Syslog.* to syslog@'192.168.46.%' identified by 'syslog';
Query OK, 0 rows affected (0.00 sec)

11.3.3. 应用服务器配置¶

# app1上操作
[root@centos-158 ~]# yum install rsyslog-mysql

[root@centos-158 ~]# rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
$ModLoad ommysql
*.info            :ommysql:192.168.46.7,Syslog,syslog,syslog
[root@centos-158 yum.repos.d]# systemctl restart rsyslog

# 复制一份到app2
[root@centos-158 ~]# scp /etc/rsyslog.conf  192.168.46.159:/etc/
# app2安装包
[root@centos-159 yum.repos.d]# yum install rsyslog-mysql
# 重启服务
[root@centos-159 yum.repos.d]# systemctl restart rsyslog

11.3.4. 日志服务器测试¶

# app1的服务器发送一个日志
[root@centos-158 ~]# logger auth.*  "this is a test"
# app2的服务器发送一个日志
[root@centos-158 ~]# logger auth.*   "this is another test"


# 日志服务器查看下
MariaDB [Syslog]> select message,fromhost,facility  from SystemEvents where message like '%test%';
+-----------------------------+------------+----------+
| message                     | fromhost   | facility |
+-----------------------------+------------+----------+
| auth.* this is a test       | centos-158 |        1 |
| auth.* this is another test | centos-159 |        1 |
+-----------------------------+------------+----------+
2 rows in set (0.00 sec)

11.3.5. 日志分析服务器配置¶

[root@centos-152 ~]# yum install httpd php php-mysql php-gd
[root@centos-152 ~]# systemctl restart httpd
[root@centos-152 ~]# ss -tunl |grep 80
tcp    LISTEN     0      128      :::80                   :::*
[root@centos-152 /]# cd /usr/src
[root@centos-152 src]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.6.tar.gz
[root@centos-152 src]# tar xf loganalyzer-4.1.6.tar.gz
[root@centos-152 src]# mv loganalyzer-4.1.6 /var/www/html/log
[root@centos-152 src]# cd /var/www/html/log
[root@centos-152 log]# cat contrib/*
#!/bin/sh

touch config.php
chmod 666 config.php
#!/bin/sh
chmod 644 config.php
[root@centos-152 log]# touch src/config.php
[root@centos-152 log]# chmod 666 src/config.php

接下来打开浏览器输入http://192.168.46.152/log/src进行访问

具体步骤如下

11.3.6. 完善工作¶

[root@centos-152 log]# chmod 644 src/config.php