- 版本V1.0
- 時間2012-12-29
- 版權GPL
- 做者itnihao
- 郵箱 itnihao@qq.com
- 博客 http://itnihao.blog.51cto.com
- 如需從新發行,請註明以上信息,謝謝合做
-
-
- 一,建立Syslog數據庫
- mysql> CREATE DATABASE Syslog character set utf8;
- mysql> USE Syslog;
- mysql> CREATE TABLE SystemEvents
- (
- ID int unsigned not null auto_increment primary key,
- CustomerID bigint,
- ReceivedAt datetime NULL,
- DeviceReportedTime datetime NULL,
- Facility smallint NULL,
- Priority smallint NULL,
- FromHost varchar(60) NULL,
- Message text,
- NTSeverity int NULL,
- Importance int NULL,
- EventSource varchar(60),
- EventUser varchar(60) NULL,
- EventCategory int NULL,
- EventID int NULL,
- EventBinaryData text NULL,
- MaxAvailable int NULL,
- CurrUsage int NULL,
- MinUsage int NULL,
- MaxUsage int NULL,
- InfoUnitID int NULL ,
- SysLogTag varchar(60),
- EventLogType varchar(60),
- GenericFileName VarChar(60),
- SystemID int NULL
- );
-
-
-
- mysql> CREATE TABLE SystemEventsProperties
- (
- ID int unsigned not null auto_increment primary key,
- SystemEventID int NULL ,
- ParamName varchar(255) NULL ,
- ParamValue text NULL
- );
-
- 二,設置數據庫權限
- mysql> GRANT ALL ON Syslog.* TO syslog_ng@localhost IDENTIFIED BY 'syslog_ngpass';
- mysql> FLUSH PRIVILEGES;
-
- 三,配置syslog-ng服務端
- rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm
- rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm
- rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm
- rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm
- rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm
-
- vim /etc/syslog-ng/syslog-ng.conf
- ========================================================================================================================
- source s_src {
- unix-stream("/dev/log");
- udp(ip("192.168.122.200") port(514));
- };
- destination d_mysql {
- sql(type(mysql)
- host("localhost") username("syslog_ng") password("syslog_ngpass")
- database("Syslog") table("SystemEvents")
-
- columns("ID int unsigned not null auto_increment primary key","ReceivedAt datetime NULL", "DeviceReportedTime datetime NULL",
- "Facility smallint NULL","Priority smallint NULL","FromHost varchar(60) NULL",
- "Message text","InfoUnitID int NULL","SysLogTag varchar(60)",
- "CustomerID bigint","NTSeverity int NULL","Importance int NULL","EventSource varchar(60)","EventUser varchar(60) NULL",
- "EventCategory int NULL","EventID int NULL","EventBinaryData text NULL","MaxAvailable int NULL","CurrUsage int NULL","MinUsage int NULL",
- "MaxUsage int NULL","EventLogType varchar(60)","GenericFileName VarChar(60)","SystemID int NULL")
- values("","$R_ISODATE", "$S_ISODATE","$FACILITY_NUM","$LEVEL_NUM","$HOST",
- "$MSGONLY","1","$MSGHDR","","","","","","","","","","","","","","","")
- indexes("ID","ReceivedAt","Facility","Priority","FromHost","SysLogTag",));
- };
- log { source(s_src); destination(d_mysql); };
- ==========================================================================================================================
- 四。配置loganalyzer日誌web頁面
- wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.1.tar.gz
- tar xf loganalyzer-3.6.1.tar.gz
- cd loganalyzer-3.6.1
- mkdir /var/www/html/loganalyzer
- mv ./src/* /var/www/html/loganalyzer
- cp contrib/* /var/www/html/loganalyzer
- cd /var/www/html/loganalyzersh
- sh configure.sh
-
- cat >/etc/cron.daily/syslog-clean.sh <<EOF
-
- MYSQL_USER="syslog_ng"
- MYSQL_PASS="syslog_ngpass"
- MYSQL_DB="Syslog"
- mysql -u\${MYSQL_USER} -p\${MYSQL_PASS} \${MYSQL_DB} -e "DELETE FROM SystemEvents WHERE ReceivedAt < DATE_SUB(CURDATE(),INTERVAL 30 DAY)"
- EOF
- chmod 700 /etc/cron.daily/syslog-clean.sh
- http://192.168.122.200/loganalyzer/install.php
-
-
- 五,配置客戶端syslog-ng
- rpm -ivh libnet-1.1.5-1.el6.x86_64.rpm
- rpm -ivh eventlog-0.2.12-1.el6.x86_64.rpm
- rpm -ivh syslog-ng-3.2.5-3.el6.x86_64.rpm
- rpm -ivh libdbi-0.8.3-3.1.el6.x86_64.rpm
- rpm -ivh syslog-ng-libdbi-3.2.5-3.el6.x86_64.rpm
-
-
- vim /etc/syslog-ng/syslog-ng.conf
- ===================================================================================
- destination d_euid { file("/var/log/user"); };
- filter f_euid { match("euid" value("euid")) or facility(authpriv); };
- log { source(s_sys); filter(f_euid);destination(d_euid); };
- log { source(s_sys);filter(f_euid); destination(d_udp);};
- log { source(s_sys); destination(d_udp);};
- ==================================================================================
-
- cat >>/etc/bashrc <<EOF
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[hostname- $(hostname)]": "[euid=$(whoami)]":$(who am i):[`pwd`]:"$msg"; }'
- EOF
-
-
-