日誌的作用:記錄系統從開機到關機的一切操作,由三部分組成
1)syslogd:主要記錄系統和網絡等服務的日誌信息
2)klogd:主要記錄內核產生的各項信息
3)logretate:主要用來對日誌文件進行切割循環記錄等
rsyslog中的術語:
facility:
是從功能或程序上對日誌進行分類,並由專門的工具負責記錄相應的日誌信息,同時在每一個facility上我們還要爲其定義一個級別,叫做priority
常用的facility有:
| auth(authpriv) | 與認證相關的信息 |
| cron | 週期性任務計劃cron、at等 |
| daemon | 與各個服務有關的信息 |
| kern | 內核產生的日誌信息 |
| lpr | 與打印系統相關的信息 |
| 與郵件系統相關的信息 | |
| news | 與新聞相關的信息 |
| security | security與安全相關的信息 |
| syslog | syslogd程序自身產生的信息 |
| user,uucp,local0-local7 | 系統本身產生的信息 |
priority:
日誌級別
| 等級 | 等級名稱 | 描述 |
| 1 | info | 僅僅是一些基本信息的說明 |
| 2 | notice | 比info更需要注意的一些說明 |
| 3 | warning、warm | 警告信息,但不至於影響應用程序的運行 |
| 4 | err,error | 一些重大的錯誤日誌,已經影響了應用程序的運行 |
| 5 | crit | 比error還要重要的錯誤信息 |
| 6 | alert | 已經是有嚴重級別的錯誤信息了,比crit更嚴重 |
| 7 | emerg,panic | 要死機了,內核已出現了恐慌了 |
| 8 | debug | 調試信息,通常用於應用程序的調試過程 |
| * | 所有級別 | |
| none | 沒有級別 |
rsyslog的配置文件
/etc/rsyslog.conf,其規則爲:
facility.priority target
設施.級別 何處
target:日誌信息發送的位置:
1、文件路徑,在文件路徑之前使用“-”,表示異步寫入
2、用戶,將日誌信息通知指定用戶,*表示所有用戶
3、日誌服務器地址 @SERVER,此時服務器必須要監聽在tvp或udp協議的514端口上提供服務
4、管道,可以通過管道命令送給某個命令進行處理 |COMMAND
通常的日誌格式:
事件產生的日期間 時間 機 主機 進程(pid) 事件內容
: 如: /var/log/messages :系統
/var/log/secure :系統安裝日誌,文本格式,應週期性分析
/var/log/btmp :當前系統上,用戶的失敗嘗試登錄相關的日誌信息,二進制格式,lastb 命令進行查看
/var/log/wtmp :當前系統上,用戶正常登錄系統的相關日誌信息,二進制格式,last命令可以查看
/var/log/lastlog: 每一個用戶最近一次的登錄 信息,二進制格式,lastlog 命令 可以查看
/var/log/dmesg :系統引導過程中的日誌信息,文本格式文本查看工具查看專用命令dmesg 查看
/var/log/messages
實驗一:搭建日誌服務器
(1) 將centos6上的日誌發送到centos7上面,C-7爲服務器端,C-6爲客戶端,基於UDP協議
一、配置服務器端
[root@J-7 ~]# vim /etc/rsyslog.conf #打開配置文件 # rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imjournal # provides access to the systemd journal #$ModLoad imklog # reads kernel messages (the same are read from journald) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception #啓用UDP的模塊,並監聽端口514,去掉下面2行的“#”號即可 $ModLoad imudp $UDPServerRun 514 …… [root@J-7 ~]# systemctl restart rsyslog #重啓服務 [root@J-7 ~]# ss -nutl #查看514端口是否開啓 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:514 *:* udp UNCONN 0 0 :::514 :::* udp UNCONN 0 0 :::69 :::* tcp LISTEN 0 50 *:3306 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 128 :::80 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::* [root@J-7 ~]# tail -f /var/log/messages #用tail命令監視着這個日誌文件 Aug 11 10:05:01 localhost systemd: Created slice user-0.slice. Aug 11 10:05:01 localhost systemd: Starting user-0.slice. Aug 11 10:05:01 localhost systemd: Started Session 35 of user root. Aug 11 10:05:01 localhost systemd-logind: New session 35 of user root. Aug 11 10:05:01 localhost systemd: Starting Session 35 of user root. Aug 11 10:51:41 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1352" x-info="http://www.rsyslog.com"] exiting on signal 15. Aug 11 10:51:42 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="7237" x-info="http://www.rsyslog.com"] start Aug 11 10:51:41 localhost systemd: Stopping System Logging Service... Aug 11 10:51:42 localhost systemd: Starting System Logging Service... Aug 11 10:51:42 localhost systemd: Started System Logging Service.
二、配置客戶端
[root@centos6 ~]# logger "this is test" #測試C-6能否記錄日誌 [root@centos6 ~]# tail -5 /var/log/messages #查看一下測試的結果,最後行表示測試成功 Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> (eth2): device state change: failed -> disconnected (reason 'none') [9 3 0] Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> (eth2): deactivating device (reason 'none') [0] Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> Policy set 'Auto eth3' (eth3) as default for IPv4 routing and DNS. Jun 23 23:37:07 centos6 NetworkManager[1616]: <info> Policy set 'Auto eth3' (eth3) as default for IPv4 routing and DNS. Jun 23 23:38:58 centos6 root: this is test [root@centos6 ~]# vim /etc/rsyslog.conf #修改配置文件 …… #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages #註釋掉原來的這樣 *.info;mail.none;authpriv.none;cron.none @172.16.252.61 #新增這一行,把日誌寫到C-7的機子上 # The authpriv file has restricted access. authpriv.* /var/log/secure …… [root@centos6 ~]# service rsyslog restart #重啓服務 Shutting down system logger: [ OK ] Starting system logger: [ OK ] [root@centos6 ~]# logger "this is from centos6" #寫一個測試語句
三、驗證實驗正確性
[root@J-7 ~]# tail -f /var/log/messages #查看我們監視的結果,下面數據表示實驗成功 Aug 11 10:05:01 localhost systemd: Created slice user-0.slice. Aug 11 10:05:01 localhost systemd: Starting user-0.slice. Aug 11 10:05:01 localhost systemd: Started Session 35 of user root. Aug 11 10:05:01 localhost systemd-logind: New session 35 of user root. Aug 11 10:05:01 localhost systemd: Starting Session 35 of user root. Aug 11 10:51:41 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="1352" x-info="http://www.rsyslog.com"] exiting on signal 15. Aug 11 10:51:42 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="7237" x-info="http://www.rsyslog.com"] start Aug 11 10:51:41 localhost systemd: Stopping System Logging Service... Aug 11 10:51:42 localhost systemd: Starting System Logging Service... Aug 11 10:51:42 localhost systemd: Started System Logging Service. Aug 11 11:01:01 localhost systemd: Started Session 36 of user root. Aug 11 11:01:01 localhost systemd: Starting Session 36 of user root. Aug 11 11:07:13 localhost systemd: Started Session 37 of user root. Aug 11 11:07:13 localhost systemd-logind: New session 37 of user root. Aug 11 11:07:13 localhost systemd: Starting Session 37 of user root. Aug 11 11:08:05 localhost systemd-logind: Removed session 37. Jun 23 23:48:10 centos6 kernel: imklog 5.8.10, log source = /proc/kmsg started. #下面的都是來自C-6的日誌信息 Jun 23 23:48:10 centos6 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2970" x-info="http://www.rsyslog.com"] start Jun 23 23:48:59 centos6 root: this is from centos6
(2) 將centos6上的日誌發送到centos7上面,C-7爲服務器端,C-6爲客戶端,基於TCP協議
一、修改C-7上面的配置文件,讓他支持TCP協議,並且重新指定一個存放日誌的路徑
[root@J-7 ~]# vim /etc/rsyslog.conf #修改日誌配置 …… # Provides UDP syslog reception #將剛剛開啓的UDP協議註銷掉,前面加“#”號即可 #$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception #啓動TCP協議 $ModLoad imtcp $InputTCPServerRun 514 # Save boot messages also to boot.log local7.* /var/log/boot.log local1.* /var/log/ssh2.log #新增local1設施,將日誌寫到本機的/var/log/ssh2.log下 …… [root@J-7 ~]# systemctl restart rsyslog #重啓服務 [root@J-7 ~]# ss -nutl #確認TCP的514端口啓動 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 :::69 :::* tcp LISTEN 0 50 *:3306 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 25 *:514 *:* tcp LISTEN 0 128 :::80 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::* tcp LISTEN 0 25 :::514 :::* [root@J-7 ~]# tail -f /var/log/sshd2.log #監聽我們指定的日誌,此刻目錄還不在 tail: cannot open ‘/var/log/sshd2.log’ for reading: No such file or directory tail: no files remaining
二、修改客戶端C-6上面的配置,讓它去鏈接服務器端C-7
[root@centos6 ~]# vim /etc/ssh/sshd_config #修改ssh服務的配置 …… # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #SyslogFacility AUTHPRIV #註釋掉原來這一句設施描述 #LogLevel INFO SyslogFacility local1 #使用local1來 # Authentication: …… [root@centos6 ~]# service sshd restart #重啓sshd服務 Stopping sshd: [ OK ] Starting sshd: [ OK ] [root@centos6 ~]# vim /etc/rsyslog.conf #修改rsyslog的配置文件 ………… #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages #*.info;mail.none;authpriv.none;cron.none @172.16.252.61 #註釋掉之前UDP的這條配置 local1.* @@172.16.252.61 #爲local1 寫一條專門的配置,注意走TCP協議這兒是兩個“@@” # The authpriv file has restricted access. authpriv.* /var/log/secure …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
三、隨便用個機器鏈接一下C-6
[root@localhost ~]# ssh 172.16.252.63 [email protected]'s password: Last login: Sat Jun 24 02:47:53 2017 from 172.16.252.250
四、去C-7看結果,成功!
[root@J-7 log]# ls /var/log/ssh2.log #日誌確實生成了,並記錄了外來的登錄信息 /var/log/ssh2.log [root@J-7 log]# cat /var/log/ssh2.log Jun 24 03:32:25 centos6 sshd[3660]: Received disconnect from 172.16.252.250: 11: disconnected by user Jun 24 03:32:30 centos6 sshd[4147]: Accepted password for root from 172.16.252.250 port 40136 ssh2
實驗二、rsyslog將日誌記錄於MySQL中
C-6日誌服務器、c-7數據庫服務器
一、在C-7上面安裝數據庫,執行初始化安全腳本
[root@J-7 ~]# yum -y install mariadb-server #安裝mariadb數據庫的服務端,它會把客戶端依賴包等都裝好 Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 elpl …… Installed: mariadb-server.x86_64 1:5.5.52-1.el7 Dependency Installed: mariadb.x86_64 1:5.5.52-1.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete! [root@J-7 ~]# systemctl start mariadb #啓動數據庫服務 [root@J-7 ~]# ss -ntl #查看端口,確定3306已經打開 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 ~]# mysql_secure_installation #執行安全初始化腳本,根據系統的提示就可以完成,這裏不細說 NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! …… ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! | 4.3 kB 00:00:00
二、C-6上安裝鏈接數據的工具,並修改相關配置
[root@centos6 ~]# yum list rsyslog* #查看系統與rsyslog相關的 Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages rsyslog.x86_64 5.8.10-10.el6_6 @anaconda-CentOS-201703281317.x86_64/6.9 Available Packages rsyslog-gnutls.x86_64 5.8.10-10.el6_6 base rsyslog-gssapi.x86_64 5.8.10-10.el6_6 base rsyslog-mysql.x86_64 5.8.10-10.el6_6 base rsyslog-pgsql.x86_64 5.8.10-10.el6_6 base rsyslog-relp.x86_64 5.8.10-10.el6_6 base rsyslog-snmp.x86_64 5.8.10-10.el6_6 base rsyslog7.x86_64 7.4.10-7.el6 base rsyslog7-elasticsearch.x86_64 7.4.10-7.el6 base rsyslog7-gnutls.x86_64 7.4.10-7.el6 base rsyslog7-gssapi.x86_64 7.4.10-7.el6 base rsyslog7-mysql.x86_64 7.4.10-7.el6 base rsyslog7-pgsql.x86_64 7.4.10-7.el6 base rsyslog7-relp.x86_64 7.4.10-7.el6 base rsyslog7-snmp.x86_64 7.4.10-7.el6 base [root@centos6 ~]# yum -y install rsyslog-mysql #安裝鏈接數據庫的模塊 Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================= Package Arch Version Repository Size ========================================================================================= Installing: rsyslog-mysql x86_64 5.8.10-10.el6_6 base 21 k Transaction Summary ========================================================================================= Install 1 Package(s) Total download size: 21 k Installed size: 15 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Installed: rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Complete! [root@centos6 ~]# yum -y install mysql #安裝mysql Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Package mysql-5.1.73-8.el6_8.x86_64 already installed and latest version Nothing to do [root@centos6 ~]# yum list mysql #看一下mysql的相關信息,已安裝 Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages mysql.x86_64 5.1.73-8.el6_8 @anaconda-CentOS-201703281317.x86_64/6.9 [root@centos6 ~]# rpm -ql rsyslog-mysql #看一下剛剛安裝的鏈接mysql模塊的文件的相關文件 /lib64/rsyslog/ommysql.so #模塊文件 /usr/share/doc/rsyslog-mysql-5.8.10 /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #自動創建數據庫的腳本 [root@centos6 ~]# cat /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #看一下腳本的內容 CREATE DATABASE Syslog; #規定了庫名 USE Syslog; CREATE TABLE SystemEvents ( ID int unsigned not null auto_increment primary key, CustomerID bigint, ReceivedAt datetime NULL, DeviceReportedTime datetime NULL, Facility smallint NULL, Priority smallint NULL, FromHost varchar(60) NULL, Message text, NTSeverity int NULL, Importance int NULL, EventSource varchar(60), EventUser varchar(60) NULL, EventCategory int NULL, EventID int NULL, EventBinaryData text NULL, MaxAvailable int NULL, CurrUsage int NULL, MinUsage int NULL, MaxUsage int NULL, InfoUnitID int NULL , SysLogTag varchar(60), EventLogType varchar(60), GenericFileName VarChar(60), SystemID int NULL ); CREATE TABLE SystemEventsProperties ( ID int unsigned not null auto_increment primary key, SystemEventID int NULL , ParamName varchar(255) NULL , ParamValue text NULL );
三、在C-7數據庫服務器端創建用於存儲日誌文件的數據庫和用戶
[root@J-7 ~]# mysql -uroot -p123456 #登錄數據庫 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> grant all on Syslog.* to log@'%' identified by '123456'; #創建Syslog數據庫和用戶,並授權 Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
四、在C-6上執行創建腳本
[root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 </usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql #執行腳本 [root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 #登錄上去看一下 Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; #看有那些表 +--------------------+ | Database | +--------------------+ | information_schema | | Syslog | +--------------------+ 2 rows in set (0.01 sec) mysql> select count(*) from Syslog.SystemEvents; #看一下Syslog表裏面的有沒有數據 +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.00 sec) mysql>exit [root@centos6 ~]# vim /etc/rsyslog.conf #修改日誌配置 # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability $ModLoad ommysql #增加鏈接mysql的模塊 # Provides UDP syslog reception …… # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none :ommysql:172.16.252.61,Syslog,log,123456 #鏈接配置 # The authpriv file has restricted access. …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] [root@centos6 ~]# logger "this is mysqldb" #寫一條測試數據
五、在mysql服務器端測試驗證,成功
[root@J-7 ~]# mysql -uroot -p123456 #登錄數據庫 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use Syslog; #使用Syslog Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [Syslog]> show tables; #看一下有哪些表 +------------------------+ | Tables_in_Syslog | +------------------------+ | SystemEvents | | SystemEventsProperties | +------------------------+ 2 rows in set (0.00 sec) MariaDB [Syslog]> select count(*) from SystemEvents; #查看有多少記錄 +----------+ | count(*) | +----------+ | 32 | +----------+ 1 row in set (0.00 sec) MariaDB [Syslog]> select * from SystemEvents; #查看數據,確實生成,實驗成功 +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ | ID | CustomerID | ReceivedAt | DeviceReportedTime | Facility | Priority | FromHost | Message | NTSeverity | Importance | EventSource | EventUser | EventCategory | EventID | EventBinaryData | MaxAvailable | CurrUsage | MinUsage | MaxUsage | InfoUnitID | SysLogTag | EventLogType | GenericFileName | SystemID | +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ | 1 | NULL | 2017-06-24 00:10:12 | 2017-06-24 00:10:12 | 0 | 6 | centos6 | imklog 5.8.10, log source = /proc/kmsg started. | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | kernel: | NULL | NULL | NULL | | 2 | NULL | 2017-06-24 00:10:12 | 2017-06-24 00:10:12 | 5 | 6 | centos6 | [origin software="rsyslogd" swVersion="5.8.10" x-pid="3105" x-info="http://www.rsyslog.com"] start | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | rsyslogd: | NULL | NULL | NULL | | 3 | NULL | 2017-06-24 00:11:50 | 2017-06-24 00:11:50 | 1 | 5 | centos6 | this is mysqldb | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 1 | root: | NULL | NULL | NULL | +----+------------+---------------------+---------------------+----------+----------+----------+-----------------------------------------------------------------------------------------------------+------------+------------+-------------+-----------+---------------+---------+-----------------+--------------+-----------+----------+----------+------------+-----------+--------------+-----------------+----------+ 3 rows in set (0.00 sec)
實驗三:通過loganalyzer 展示數據庫中的日誌
注:這個實驗是在上面這個鏈接在數據庫的實驗的基礎上做的,因爲我是恢復了快照,所以前面和上面重複的過程我會不多做解釋說明
(1)C-7數據庫服務端的配置
[root@J-7 ~]# yum -y install httpd php php-mysql php-gd mariadb-server Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 elpl | 4.3 kB 00:00:00 Determining fastest mirrors Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-45.el7.centos will be installed …… Installed: httpd.x86_64 0:2.4.6-45.el7.centos mariadb-server.x86_64 1:5.5.52-1.el7 php.x86_64 0:5.4.16-42.el7 php-gd.x86_64 0:5.4.16-42.el7 php-mysql.x86_64 0:5.4.16-42.el7 Dependency Installed: apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-45.el7.centos libXpm.x86_64 0:3.5.11-3.el7 libzip.x86_64 0:0.10.1-8.el7 mailcap.noarch 0:2.1.41-2.el7 mariadb.x86_64 1:5.5.52-1.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 php-cli.x86_64 0:5.4.16-42.el7 php-common.x86_64 0:5.4.16-42.el7 php-pdo.x86_64 0:5.4.16-42.el7 t1lib.x86_64 0:5.1.2-14.el7 Complete! [root@J-7 log]# mysql -uroot -p123456 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> grant all on Syslog.* to log@'%' identified by '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> [root@J-7 ~]# pwd /root [root@J-7 ~]# rz [root@J-7 ~]# tar xf loganalyzer-4.1.5.tar.gz [root@J-7 ~]# cd loganalyzer-4.1.5 [root@J-7 loganalyzer-4.1.5]# mv src/ /var/www/html/log [root@J-7 loganalyzer-4.1.5]# cd /var/www/html/log/ [root@J-7 log]# ls admin cron images login.php themes asktheoracle.php css include reportgenerator.php userchange.php BitstreamVeraFonts details.php index.php reports.php chartgenerator.php doc install.php search.php classes export.php js statistics.php convert.php favicon.ico lang templates [root@J-7 log]# cat /root/loganalyzer-4.1.5/contrib/configure.sh #!/bin/sh touch config.php chmod 666 config.php [root@J-7 log]# cat /root/loganalyzer-4.1.5/contrib/secure.sh #!/bin/sh chmod 644 config.php [root@J-7 log]# touch config.php [root@J-7 log]# chmod 666 config.php [root@J-7 log]# iptables -F [root@J-7 log]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 log]# systemctl start httpd [root@J-7 log]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@J-7 log]# systemctl start mariadb [root@J-7 log]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current …… All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@J-7 log]# iptables -F [root@J-7 log]# setenforce 0
(2)C-6服務端的配置
[root@centos6 ~]# yum -y install rsyslog-mysql Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================= Package Arch Version Repository Size ================================================================================================= Installing: rsyslog-mysql x86_64 5.8.10-10.el6_6 base 21 k Transaction Summary ================================================================================================= Install 1 Package(s) Total download size: 21 k Installed size: 15 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Verifying : rsyslog-mysql-5.8.10-10.el6_6.x86_64 1/1 Installed: rsyslog-mysql.x86_64 0:5.8.10-10.el6_6 Complete! [root@centos6 ~]# yum list mysql Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Installed Packages mysql.x86_64 5.1.73-8.el6_8 @anaconda-CentOS-201703281317.x86_64/6.9 [root@centos6 ~]# mysql -ulog -p123456 -h172.16.252.61 </usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql [root@centos6 ~]# vim /etc/rsyslog.conf # rsyslog v5 configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability $ModLoad ommysql # Provides UDP syslog reception …… # Log anything (except mail) of level info or higher. # Don't log private authentication messages! #*.info;mail.none;authpriv.none;cron.none /var/log/messages *.info;mail.none;authpriv.none;cron.none :ommysql:172.16.252.61,Syslog,log,123456 …… [root@centos6 ~]# service rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ]
(三)、下面就是一些在瀏覽器頁面安裝的時候的一些頁面
直接選擇next進入下一步
這兒可以不管,直接下一步
這個位置也可以不做任何修改,默認設置就行,進入下一步
這兒要注意了喲、在下面First Syslog Source的下面選擇Source Type選擇MySQL native,就會出來下面一個小框,跟你你的數據庫信息填寫配置。(注:1、可能有細心的小夥伴注意到我換了瀏覽器了,那是因爲我之前用的360極速瀏覽器,下面那個框總是加載不出來,我就更換了的。2、如果做錯了,可以直接把之前我們創建的config.php裏面的信息刪除,就可以重新來一步一步的設置)
設置完成,可以根據自己的需要做一些修改設置
