配置rsyslog+loganalyzer+lamp日志查看工具

最新推荐文章于 2025-06-04 11:30:36 发布

wang161x

最新推荐文章于 2025-06-04 11:30:36 发布

阅读量578

点赞数 1

CC 4.0 BY-SA版权

分类专栏： linux 文章标签： rsyslog loganalyzer lamp

本文链接：https://blog.youkuaiyun.com/weixin_41363156/article/details/84490372

linux 专栏收录该内容

29 篇文章

订阅专栏

本文详细介绍了如何在CentOS 7上部署LogAnalyzer日志分析系统，包括安装LAMP环境、设置MySQL用户权限、生成数据库和表、配置rsyslog及ommysql模块、安装并配置LogAnalyzer工具，最后通过浏览器访问LogAnalyzer界面进行日志查看。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Loganalyzer是一款syslog日志和其他网络事件数据的Web前端。它提供了对日志的简单浏览、搜索、基本分析和一些图表报告的功能。数据可以从数据库或一般的syslog文本文件中获取，所以LogAnalyzer不需要改变现有的记录架构。基于当前的日志数据，它可以处理syslog日志消息，Windows事件日志记录，支持故障排除，使用户能够快速查找日志数据中看出问题的解决方案
1.安装lamp

[root@localhost wang161x]#yum -y install httpd php php-mysql mariadb-server php-gd
[root@localhost wang161x]# systemctl start httpd.service
[root@localhost wang161x]# systemctl start mariadb.service

在这里插入图片描述

<img src="http://119.29.214.107/wp-content/uploads/2018/01/选区_079-300x21.png" alt="" width="300" height="21" class="alignnone size-medium wp-image-553" />
2.授权mysql用户：rsyslog，
[cc lang="php"]
[root@localhost wang161x]# systemctl start mariadb
[root@localhost wang161x]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> grant all on Syslog.* to rsyslog@'127.0.0.1' identified by '123';
Query OK, 0 rows affected (0.04 sec)

MariaDB [(none)]> grant all on Syslog.* to rsyslog@'localhost' identified by '123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

在这里插入图片描述
此时已经完成数据库rsyslog用户授权，因为在centos7中rsyslog自带，所以不用安装rsyslog，但安装rsyslog-mysql包，来连接数据库。

[root@localhost wang161x]# yum install rsyslog-mysql

在这里插入图片描述
3.生成需要的数据库和表

[root@localhost wang161x]# mysql < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql

4.配置rsyslog，增加ommysql模块，并添加*.* ：ommysql：localhost，Syslog，rsyslog，123 规则，并开启 $M o d L o a d i m m a r k 、$ ModLoad imudp
、$UDPServerRun 514 模块

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,rsyslog,123
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

在这里插入图片描述
5.配置结束，重启rsyslog服务，并安装loganalyzer工具

systemctl restart rsyslog
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

在这里插入图片描述

[root@localhost wang161x]# tar xf loganalyzer-3.6.5.tar.gz 
[root@localhost wang161x]# cd loganalyzer-3.6.5/
[root@localhost loganalyzer-3.6.5]# mkdir /var/www/html/loganalyzer
[root@localhost loganalyzer-3.6.5]# cp -a src/* /var/www/html/loganalyzer
[root@localhost loganalyzer-3.6.5]# cp -a contrib/* /var/www/html/loganalyzer

在这里插入图片描述

[root@localhost loganalyzer-3.6.5]# chmod +x /var/www/html/loganalyzer/*.sh
[root@localhost loganalyzer-3.6.5]# cd /var/www/html/loganalyzer/
[root@localhost loganalyzer]# ./configure.sh 
[root@localhost loganalyzer]# ./secure.sh 
[root@localhost loganalyzer]# chmod 666 config.php

打开浏览器http://172.16.200.139/log/index.php
在这里插入图片描述
查看日志

[root@localhost log]# tail /var/log/messages
Jan 31 18:41:22 bogon setroubleshoot: SELinux is preventing /usr/sbin/httpd from read access on the file index.php. For complete SELinux messages run: sealert -l e968063f-310a-4612-ab0d-1450bf627ca1
Jan 31 18:41:22 bogon python: SELinux is preventing /usr/sbin/httpd from read access on the file index.php.#012#012*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************#012#012If you want to allow httpd to read user content#012Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.#012You can read 'None' man page for more details.#012Do#012setsebool -P httpd_read_user_content 1#012#012*****  Plugin catchall (11.6 confidence) suggests   **************************#012#012If you believe that httpd should be allowed read access on the index.php file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012

原来是selinux的问题，我们暂时关闭selinux

setenforce 0

然后访问http://172.16.200.139/log/index.php
在这里插入图片描述
如图所示一共有8个步骤：

点击任意一个红色箭头即可

将此表中红色箭头项更改为图中数据即可

—————–First Syslog Source———————
Name of the Source My Syslog Source
Source Type MYSQL Native
Select View Syslog Fields
—————-Database Type Options———————
Table type MonitorWare
Database Host localhost
Database Name Syslog
Database Tablename SystemEvents
Database User rsyslog
Database Password ●●●
Enable Row Counting No
在这里插入图片描述
结束！

是不是看到了日志了，是不是很方便啊，更多的功能可以自行探索！！！