共计 9400 个字符,预计需要花费 24 分钟才能阅读完成。
公司使用 CactiEz 做为网络监控平台,可以实时监控网络设备及出口流量外加邮件报警,虽然有一个延迟但基本够用。除此之外,还需要一个日志服务器。因为设备比较多,设备如果断电重启,问题排除还需借助日志。
华为交换机端配置如下:
info-center source default channel 2 log level warning #日志级别,设置为 warning 警告最为合适
info-center loghost source Vlanif1101 # 源 vlan
info-center loghost 192.168.2.2 #syslog 服务器地址
CentOS6.8 环境下安装 rsyslog 与 loganalezer 日志分析工具
1、做本地源、yum 安装相应包、关闭防火墙、安装 http
# 做本地 yum 源
[root@localhost yum.repos.d]# mv *.repo back/
vim /etc/yum.repos.d/media.repo
[media]
name=media
baseurl=file:///media
enabled=1
gpgcheck=0
# 更新本地源
yum clean all
yum makecache
yum repolist
# 关闭 Selinux,修改配置文件;关闭 iptables
[root@localhost yum.repos.d]# vim/etc/selinux/config
SELINUX=disabled
[root@localhost yum.repos.d]# getenforce
Enforcing
[root@localhost yum.repos.d]# setenforce 0
[root@localhost yum.repos.d]# getenforce
Permissive
[root@localhost yum.repos.d]#services iptables stop
[root@localhost yum.repos.d]# chkconfig iptables off
# 安装软件包
yum install mysql-server mysql-devel libcurl-devel net-snmp-devel php php-gd php-xml php-mysql httpd –y
# 检查相关包
[root@bogon html]# rpm -qa | grep rsyslog
|rsyslog-gssapi-5.8.10-10.el6_6.x86_64
rsyslog-mysql-5.8.10-10.el6_6.x86_64
rsyslog-relp-5.8.10-10.el6_6.x86_64
rsyslog-pgsql-5.8.10-10.el6_6.x86_64
rsyslog-gnutls-5.8.10-10.el6_6.x86_64
rsyslog-5.8.10-10.el6_6.x86_64
# 启动 http
[root@localhost yum.repos.d]#/etc/init.d/httpd start
[root@localhost yum.repos.d]#chkconfig httpd on
正在启动 httpd:httpd: Could not reliably determine the server’s fully qualifieddomain name, using localhost.localdomain for ServerName
# 测试 http 运行环境
[root@localhost yum.repos.d] cd /var/www/html/
[root@TS html]# cat > index.php <<EOF
> <?php
> phpinfo();
> ?>
> EOF
打开浏览器打开浏览器访问:http://192.168.2.2/index.php
# 启动数据库
[root@localhost yum.repos.d]#/etc/init.d/mysqld start
[root@localhost yum.repos.d]#chkconfig mysqld on
# 设置 mysql 密码,查看数据库表
[root@bogon html]# cd /usr/share/doc/rsyslog-mysql-5.8.10/
[root@bogon rsyslog-mysql-5.8.10]# mysql -uroot -pqaz,123 < createDB.sql
[root@bogon ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| Syslog |
| mysql |
| test |
+——————–+
4 rows in set (0.00 sec)
mysql> use Syslog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+————————+
| Tables_in_Syslog |
+————————+
| SystemEvents |
| SystemEventsProperties |
+————————+
2 rows in set (0.00 sec)
# 授权 rsyslog 往里读写权限并提交更改
mysql> grant all on Syslog.* to rsyslog@localhost identified by ‘adminqaz’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
# 修改 rsyslog 配置文件,开启 UDP 端口;并使用 mysql 与 rsyslog 相关联,
[root@bogon ~]# vim /etc/rsyslog.conf
# 新增下面两行
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,rsyslog,adminqaz
说明:localhost 表示本地主机,Syslog 为数据库名,rsyslog 为数据库的用户,adminqaz 为该用户密码。
# 开启相关模块
# vi /etc/rsyslog.conf
$ModLoad immark #immark 是模块名,支持日志标记
$ModLoad imudp #imupd 是模块名,支持 udp 协议
$UDPServerRun 514 #允许 514 端口日志
# 重启 rsyslog 服务
/etc/init.d/rsyslog restart
如果正常的话,/var/log/messages 下可以接收服务器、交换机的配置信息。
CentOS 6.7 搭建 Rsyslog 日志服务器 http://www.linuxidc.com/Linux/2016-06/132418.htm
Rsyslog+MySQL+Loganalyzer 搭建日志服务器 http://www.linuxidc.com/Linux/2016-09/134849.htm
Rsyslog+MySQL+Loganalyzer 搭建日志服务器 http://www.linuxidc.com/Linux/2016-09/134849.htm
CentOS 6.5+Rsyslog+LogAnalyzer 搭建中央日志服务器 http://www.linuxidc.com/Linux/2014-06/102867.htm
CentOS 6.5 rsyslog+MySQL+loganalyzer 日志集中分析管理 http://www.linuxidc.com/Linux/2016-11/137656.htm
Rsyslog 的详细介绍 :请点这里
Rsyslog 的下载地址 :请点这里
更多详情见请继续阅读下一页的精彩内容 :http://www.linuxidc.com/Linux/2017-02/140240p2.htm
2、安装 LogAnalyzer
[root@bogon home]# ls
loganalyzer-3.6.5 loganalyzer-3.6.5.tar.gz
[root@bogon home]# tar xzvf loganalyzer-3.6.5.tar.gz
[root@bogon home]# cd loganalyzer-3.6.5
[root@bogon loganalyzer-3.6.5]#mkdir -p /var/www/html/loganalyzer
[root@bogon loganalyzer-3.6.5]# rsync -a src/* /var/www/html/loganalyzer/
# 打开浏览器 http://192.168.2.2/loganalyzer, 点击 here
# 点击 next
# 调整权限,recheck 重新配置
# touch /var/www/html/loganalyzer/config.php
# chmod 666 /var/www/html/loganalyzer/config.php
# 点击 next
# 配置基本信息
# 点击 next
# 点击 next
第 6 步:创建用户名密码用于管理 loganalyzer 此处无图
# 选择日志源 sql 表,用于与 syslog 关联
# 点击 next
# 重新登陆会看到日志
界面如下:
公司使用 CactiEz 做为网络监控平台,可以实时监控网络设备及出口流量外加邮件报警,虽然有一个延迟但基本够用。除此之外,还需要一个日志服务器。因为设备比较多,设备如果断电重启,问题排除还需借助日志。
华为交换机端配置如下:
info-center source default channel 2 log level warning #日志级别,设置为 warning 警告最为合适
info-center loghost source Vlanif1101 # 源 vlan
info-center loghost 192.168.2.2 #syslog 服务器地址
CentOS6.8 环境下安装 rsyslog 与 loganalezer 日志分析工具
1、做本地源、yum 安装相应包、关闭防火墙、安装 http
# 做本地 yum 源
[root@localhost yum.repos.d]# mv *.repo back/
vim /etc/yum.repos.d/media.repo
[media]
name=media
baseurl=file:///media
enabled=1
gpgcheck=0
# 更新本地源
yum clean all
yum makecache
yum repolist
# 关闭 Selinux,修改配置文件;关闭 iptables
[root@localhost yum.repos.d]# vim/etc/selinux/config
SELINUX=disabled
[root@localhost yum.repos.d]# getenforce
Enforcing
[root@localhost yum.repos.d]# setenforce 0
[root@localhost yum.repos.d]# getenforce
Permissive
[root@localhost yum.repos.d]#services iptables stop
[root@localhost yum.repos.d]# chkconfig iptables off
# 安装软件包
yum install mysql-server mysql-devel libcurl-devel net-snmp-devel php php-gd php-xml php-mysql httpd –y
# 检查相关包
[root@bogon html]# rpm -qa | grep rsyslog
|rsyslog-gssapi-5.8.10-10.el6_6.x86_64
rsyslog-mysql-5.8.10-10.el6_6.x86_64
rsyslog-relp-5.8.10-10.el6_6.x86_64
rsyslog-pgsql-5.8.10-10.el6_6.x86_64
rsyslog-gnutls-5.8.10-10.el6_6.x86_64
rsyslog-5.8.10-10.el6_6.x86_64
# 启动 http
[root@localhost yum.repos.d]#/etc/init.d/httpd start
[root@localhost yum.repos.d]#chkconfig httpd on
正在启动 httpd:httpd: Could not reliably determine the server’s fully qualifieddomain name, using localhost.localdomain for ServerName
# 测试 http 运行环境
[root@localhost yum.repos.d] cd /var/www/html/
[root@TS html]# cat > index.php <<EOF
> <?php
> phpinfo();
> ?>
> EOF
打开浏览器打开浏览器访问:http://192.168.2.2/index.php
# 启动数据库
[root@localhost yum.repos.d]#/etc/init.d/mysqld start
[root@localhost yum.repos.d]#chkconfig mysqld on
# 设置 mysql 密码,查看数据库表
[root@bogon html]# cd /usr/share/doc/rsyslog-mysql-5.8.10/
[root@bogon rsyslog-mysql-5.8.10]# mysql -uroot -pqaz,123 < createDB.sql
[root@bogon ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| Syslog |
| mysql |
| test |
+——————–+
4 rows in set (0.00 sec)
mysql> use Syslog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+————————+
| Tables_in_Syslog |
+————————+
| SystemEvents |
| SystemEventsProperties |
+————————+
2 rows in set (0.00 sec)
# 授权 rsyslog 往里读写权限并提交更改
mysql> grant all on Syslog.* to rsyslog@localhost identified by ‘adminqaz’;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
# 修改 rsyslog 配置文件,开启 UDP 端口;并使用 mysql 与 rsyslog 相关联,
[root@bogon ~]# vim /etc/rsyslog.conf
# 新增下面两行
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,rsyslog,adminqaz
说明:localhost 表示本地主机,Syslog 为数据库名,rsyslog 为数据库的用户,adminqaz 为该用户密码。
# 开启相关模块
# vi /etc/rsyslog.conf
$ModLoad immark #immark 是模块名,支持日志标记
$ModLoad imudp #imupd 是模块名,支持 udp 协议
$UDPServerRun 514 #允许 514 端口日志
# 重启 rsyslog 服务
/etc/init.d/rsyslog restart
如果正常的话,/var/log/messages 下可以接收服务器、交换机的配置信息。
CentOS 6.7 搭建 Rsyslog 日志服务器 http://www.linuxidc.com/Linux/2016-06/132418.htm
Rsyslog+MySQL+Loganalyzer 搭建日志服务器 http://www.linuxidc.com/Linux/2016-09/134849.htm
Rsyslog+MySQL+Loganalyzer 搭建日志服务器 http://www.linuxidc.com/Linux/2016-09/134849.htm
CentOS 6.5+Rsyslog+LogAnalyzer 搭建中央日志服务器 http://www.linuxidc.com/Linux/2014-06/102867.htm
CentOS 6.5 rsyslog+MySQL+loganalyzer 日志集中分析管理 http://www.linuxidc.com/Linux/2016-11/137656.htm
Rsyslog 的详细介绍 :请点这里
Rsyslog 的下载地址 :请点这里
更多详情见请继续阅读下一页的精彩内容 :http://www.linuxidc.com/Linux/2017-02/140240p2.htm
3、关于日志轮循相关内容,linux 中的日志轮循是使用 logrotate
# 查看 logrotate 相关配置文件
[root@bogon ~]# rpm -ql logrotate
/etc/cron.daily/logrotate
/etc/logrotate.conf
/etc/logrotate.d
/usr/sbin/logrotate
/usr/share/doc/logrotate-3.7.8
/usr/share/doc/logrotate-3.7.8/CHANGES
/usr/share/doc/logrotate-3.7.8/COPYING
/usr/share/man/man5/logrotate.conf.5.gz
/usr/share/man/man8/logrotate.8.gz
/var/lib/logrotate.status
# 编缉 logrotate 配置文件
vim /etc/logrotate.conf
[root@bogon ~]# cat /etc/logrotate.conf
# see “man logrotate” for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# 以周为单位轮循,4 次:messages1…..messages4 massages1…..massages4……,往前覆盖
/var/log/messages {
weekly
rotate 4
dateext
compress
missingok
create 644 root root
postrotate
/usr/bin/killall -HUP rsyslogd #平滑重启 rsyslog 或者使用 /var/run/syslogd.pid 更准确
endscript
}
# system-specific logs may be also be configured here.
# 以时间为结尾,如下:
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2017-02/140240.htm
