Introduction to Log Analyr
The Log Analyzer tool provides an easy-to-use, powerful front-end for searching, viewing and analyzing network activity data, including system logs, event logs and many other log sources. Since it only presents data to our users, the data itself needs to be collected by another program, such as syslogd, rsyslog (now the default syslogd for distribution), WinSyslog or MonitorWare agents. Log Analyzer is also applicable to Linux and Windows. It is mainly a free software written in PHP and an open source application based on GPL. Data can be obtained either from databases or from plain text files.
This case plan:
2. Deploy LAMP environment on rsyslog server.
1. Install httpd
[root@rsyslog ~]# yum install httpd -y [root@rsyslog ~]# systemctl start httpd [root@rsyslog ~]# systemctl enable httpd
2. Install mysql
[root@rsyslog ~]# yum install mysql mysql-server -y [root@rsyslog ~]# systemctl start mariadb [root@rsyslog ~]# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. [root@rsyslog ~]# mysqladmin -u root password 'rsyslog.ppp'
Login under test, install php after no problem
3. Install php
[root@rsyslog ~]# yum install php php-mysql php-gd -y [root@rsyslog ~]# cat /var/www/html/test.php <?php phpinfo(); ?>
Open the client browser for access test http://192.168.30.67/test.php
4. Install rsyslog and add boot start
[root@rsyslog ~]# wget -O /etc/yum.repos.d/rsyslog.repo http://rpms.adiscon.com/v8-stable/rsyslog.repoc[root@rsyslog ~]# yum install rsyslog-* --skip-broken -y [root@rsyslog ~]# systemctl enable rsyslog
5.rsyslog library building script, path in / usr/share/doc/rsyslog-mysql-8.18.0/createDB.sql, now we login to the database to create a rsyslogdb library, and import the library building script
[root@rsyslog ~]# more /usr/share/doc/rsyslog-mysql-8.18.0/createDB.sql CREATE DATABASE rsyslogdb; USE rsyslogdb; [root@rsyslog ~]# mysql -uroot -p < /usr/share/doc/rsyslog-mysql-8.18.0/createDB.sql Enter password:
Log in to test if the library is ready
[root@rsyslog ~]# mysql -uroot -p rsyslogdb Enter password: .... MariaDB [rsyslogdb]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | rsyslogdb | +--------------------+4 rows in set (0.00 sec) //Create users and authorize MariaDB [rsyslogdb]> GRANT ALL ON rsyslogdb.* TO rsyslogdbadmin@localhost IDENTIFIED BY 'rsyslog.ppp'; Query OK, 0 rows affected (0.00 sec) MariaDB [rsyslogdb]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [rsyslogdb]> exit //Finally, test the user's login [root@rsyslog ~]# mysql -ursyslogdbadmin -p rsyslogdb
6. Modify the rsyslog.conf file as follows:
View Code
Restart the rsyslog service and log in to mysql for validation.
MariaDB [rsyslogdb]> use rsyslogdb Database changed MariaDB [rsyslogdb]> select count(*) from SystemEvents; +----------+ | count(*) | +----------+ | 44 | +----------+1 row in set (0.00 sec) MariaDB [rsyslogdb]> select * from SystemEvents where ID=1\G; *************************** 1. row *************************** ID: 1 CustomerID: NULL ReceivedAt: 2016-05-10 15:11:19DeviceReportedTime: 2016-05-10 15:11:19 Facility: 5 Priority: 6 FromHost: rsyslog Message: [origin software="rsyslogd" swVersion="8.18.0" x-pid="3902" x-info="http://www.rsyslog.com"] start NTSeverity: NULL Importance: NULL EventSource: NULL EventUser: NULL EventCategory: NULL EventID: NULL EventBinaryData: NULL MaxAvailable: NULL CurrUsage: NULL MinUsage: NULL MaxUsage: NULL InfoUnitID: 1 SysLogTag: rsyslogd: EventLogType: NULL GenericFileName: NULL SystemID: NULL1 row in set (0.00 sec) ERROR: No query specified
III. Deployment of Log Analyzer
1. Download
[root@rsyslog~]# wget-c http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz decompression [root@rsyslog ~]# tar zxvf loganalyzer-3.6.6.tar.gz Copy files to [root@rsyslog ~]# cp -r loganalyzer-3.6.6/src/ /var/www/html/loganalyzer [root@rsyslog ~]# cp -r loganalyzer-3.6.6/contrib/* /var/www/html/loganalyzer/ Enter the loganalyzer program and grant execution privileges to the following scripts [root@rsyslog ~]# cd /var/www/html/loganalyzer/ [root@rsyslog loganalyzer]# chmod +x configure.sh secure.sh Running configure.sh creates a blank config.php configuration file [root@rsyslog loganalyzer]# ./configure.sh
2. Open the browser and access the http://192.168.30.67/log analyzer installation interface. As follows, there will be an error. Select here.
Select here for installation
Choose next
Verify the config file, which we generated last time we did not run configure.sh
In the basic configuration, fill in the database connection information
Create a table and select next directly
Check that there is no failure. Continue with the next step
Create a web management user named rsyslog
Check for details
Here, the source type needs to be modified to the mysql native source, and then fill in the mysql related information. Note that the database table name is wrong for me to write and fill in, and the correct answer should be System Events.
After that, the next step is to log analyzer.
Enter rsyslog and the password you set.
Here, you can see that the logs collected by the last rsyslog server are displayed on the home page.
