rsyslog+loganalyzer的安装配置
 
环境LAMP+rsyslog+loganalyzer
系统CentOS 5.4 32位
 
rsyslog-5.9.0.tar.gz、loganalyzer-3.2.1.tar.gz 上传到/tmp目录下
 
1、LAMP环境安装
   yum -y install httpd* mysql* php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml gd* gcc*
 
   设置mysql密码
   进入数据库: mysql -p
   更改密码:   UPDATE mysql.user SET Password=PASSWORD ('123456') WHERE User='root';
2、rsyslog的安装
   下载地址:http://download.csdn.net/detail/lovejuan007/3738966
    cd /tmp/
    tar zxvf rsyslog-5.9.0.tar.gz
    cd rsyslog-5.9.0
    ./configure --enable-mysql
    注: make之前先查看下面的错误一
    make
    make install
    ln -s /usr/local/sbin/rsyslogd /sbin/rsyslogd
    cp rsyslog.conf /etc
    vim /etc/rsyslog.conf   这3行下面添加
    $ModLoad immark   # provides --MARK-- message capability
    $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
    $ModLoad imklog   # kernel logging (formerly provided by rklogd)
    =====下面这2行是要添加的====
    $ModLoad ommysql
    *.*       :ommysql:localhost,Syslog,root,123456
    =====去掉下面2行的注释,主要是接收客户的日志====
    $ModLoad imudp.so # provides UDP syslog reception
    $UDPServerRun 514 # start a UDP syslog server at standard port 514
    保存退出,开启防火墙的UDP 514端口,重启防火墙
    ==================================================================================
    解释下这句话的含义:
    *.*       :ommysql:localhost,Syslog,root,123456
    Syslog 是数据中database-name
    tmp 是database-userid
    mima是tmp用户登录mysql的密码
    该行的格式
    *.*       :ommysql:database-server,database-name,database-userid,database-password
    同样要注意的是database-name 必须和/tmp/rsyslog-5.9.0/plugins/ommysql/createDB.sql 中的相同
    ==================================================================================
    建立rsyslog启动脚本
    cp -rp /etc/init.d/syslog /etc/init.d/rsyslog
    sed -i 's/syslog/rsyslog/g' /etc/init.d/rsyslog
    =====停止自带的syslog日志服务====
    service syslog stop
    导入数据库
    cd /tmp/syslog/rsyslog-5.9.0/plugins/ommysql
    mysql -uroot -p <createDB.sql
    密码:
    启动rsyslog
    service rsyslog start
    检查数据库是否有相应数据
    mysql -utmp -p
    use Syslog;
    select * from SystemEvents;
    如果有数据,则表示成功
    创建syslog用户访问Syslog
    grant all on Syslog.* to syslog@'localhost' identified by 'syslog';
    flush privileges;   
    密码是syslog
 
 
错误一:
make[2]: Entering directory `/tmp/rsyslog-5.9.0/tools'
 CCLD   rsyslogd
../runtime/.libs/librsyslog.a(librsyslog_la-parser.o): In function `uncompressMessage':
/tmp/rsyslog-5.9.0/runtime/parser.c:247: undefined reference to `uncompress'
collect2: ld returned 1 exit status
make[2]: *** [rsyslogd] Error 1
make[2]: Leaving directory `/tmp/rsyslog-5.9.0/tools'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/rsyslog-5.9.0'
make: *** [all] Error 2   
解决方法:
vi /tmp/rsyslog-5.9.0/runtime/parser.c
注释掉247行
//ret = uncompress((uchar *) deflateBuf, &iLenDefBuf, (uchar *) pszMsg+1, lenMsg-1);
  
3、loganalyzer的安装
   http://download.csdn.net/detail/lovejuan007/3738744 
   cd /tmp/
   tar zxvf loganalyzer-3.2.1.tar.gz
   mkdir /var/www/html/syslog
   cp -r /tmp/loganalyzer-3.2.1/src/* /var/www/html/syslog/
   cp -r /tmp/loganalyzer-3.2.1/contrib/* /var/www/html/syslog/
   cd /var/www/html/syslog
   chmod 755 *.sh
   ./configure.sh

 

后续的安装请参考附件

 

配置apache日志
vi /etc/rsyslog.conf

# Apache
if $syslogfacility-text == 'local6' and $programname == 'httpd' then /var/log/httpd/access_log
if $syslogfacility-text == 'local7' and $programname == 'httpd' then /var/log/httpd/error_log


vi /etc/httpd/conf/httpd.conf

CustomLog "|/usr/bin/logger -t httpd -p local6.info" combined
ErrorLog "|/usr/bin/logger -t httpd -p local7.info"