9.3. 日志管理系统搭建

这个文章主要介绍使用日志服务器收集多个服务器的日志信息到mysql数据库中,然后使用 分析工具来分析日志和监控。

9.3.1. 架构图

9.3.2. 日志服务器配置

 1[root@centos-7 ~]$yum install rsyslog-mysql mariadb-server
 2[root@centos-7 ~]$systemctl restart mariadb
 3[root@centos-7 ~]$ss -tunl |grep 3306
 4tcp    LISTEN     0      50        *:3306                  *:*
 5[root@centos-7 ~]$mysql_secure_installation
 6[root@centos-7 ~]$mysql -u root -p </usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
 7[root@centos-7 ~]$mysql -u root -p
 8Enter password:
 9Welcome to the MariaDB monitor.  Commands end with ; or \g.
10Your MariaDB connection id is 13
11Server version: 5.5.56-MariaDB MariaDB Server
12
13Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
14
15Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
16
17MariaDB [(none)]> use Syslog
18Reading table information for completion of table and column names
19You can turn off this feature to get a quicker startup with -A
20
21Database changed
22MariaDB [Syslog]> show tables;
23+------------------------+
24| Tables_in_Syslog       |
25+------------------------+
26| SystemEvents           |
27| SystemEventsProperties |
28+------------------------+
292 rows in set (0.00 sec)
30
31MariaDB [Syslog]> grant all on Syslog.* to syslog@'192.168.46.%' identified by 'syslog';
32Query OK, 0 rows affected (0.00 sec)

9.3.3. 应用服务器配置

 1# app1上操作
 2[root@centos-158 ~]# yum install rsyslog-mysql
 3
 4[root@centos-158 ~]# rpm -ql rsyslog-mysql
 5/usr/lib64/rsyslog/ommysql.so
 6/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
 7$ModLoad ommysql
 8*.info            :ommysql:192.168.46.7,Syslog,syslog,syslog
 9[root@centos-158 yum.repos.d]# systemctl restart rsyslog
10
11# 复制一份到app2
12[root@centos-158 ~]# scp /etc/rsyslog.conf  192.168.46.159:/etc/
13# app2安装包
14[root@centos-159 yum.repos.d]# yum install rsyslog-mysql
15# 重启服务
16[root@centos-159 yum.repos.d]# systemctl restart rsyslog

9.3.4. 日志服务器测试

 1# app1的服务器发送一个日志
 2[root@centos-158 ~]# logger auth.*  "this is a test"
 3# app2的服务器发送一个日志
 4[root@centos-158 ~]# logger auth.*   "this is another test"
 5
 6
 7# 日志服务器查看下
 8MariaDB [Syslog]> select message,fromhost,facility  from SystemEvents where message like '%test%';
 9+-----------------------------+------------+----------+
10| message                     | fromhost   | facility |
11+-----------------------------+------------+----------+
12| auth.* this is a test       | centos-158 |        1 |
13| auth.* this is another test | centos-159 |        1 |
14+-----------------------------+------------+----------+
152 rows in set (0.00 sec)

9.3.5. 日志分析服务器配置

 1[root@centos-152 ~]# yum install httpd php php-mysql php-gd
 2[root@centos-152 ~]# systemctl restart httpd
 3[root@centos-152 ~]# ss -tunl |grep 80
 4tcp    LISTEN     0      128      :::80                   :::*
 5[root@centos-152 /]# cd /usr/src
 6[root@centos-152 src]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.6.tar.gz
 7[root@centos-152 src]# tar xf loganalyzer-4.1.6.tar.gz
 8[root@centos-152 src]# mv loganalyzer-4.1.6 /var/www/html/log
 9[root@centos-152 src]# cd /var/www/html/log
10[root@centos-152 log]# cat contrib/*
11#!/bin/sh
12
13touch config.php
14chmod 666 config.php
15#!/bin/sh
16chmod 644 config.php
17[root@centos-152 log]# touch src/config.php
18[root@centos-152 log]# chmod 666 src/config.php

接下来打开浏览器输入http://192.168.46.152/log/src进行访问

具体步骤如下

9.3.6. 完善工作

1[root@centos-152 log]# chmod 644 src/config.php