手机版
你好,游客 登录 注册 搜索
背景:
阅读新闻

RHEL5.4部署中央日志服务器之rsyslog+loganalyzer

[日期:2010-12-24] 来源:51cto  作者:freehat [字体: ]

1 系统需求
   mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd

2需要的源码包软件
   rsyslog-5.6.2.tar.gz
   loganalyzer-3.0.4.tar.gz

3安装rsyslog
 #tar xvf rsyslog-5.6.2.tar.gz
 #./configure --enable-mysql
 #make && make install

 4 修改rsyslog 的主配置文件
 修改如下
 #if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance
# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
$ModLoad immark   # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # kernel logging (formerly provided by rklogd)
$ModLoad ommysql
*.*       :ommysql:localhost,Syslog,root,frank
     # 注 localhost 字节是database-server
          Syslog 是数据中database-name
          root 是database-userid
          frank 是root用户登录mysql的密码
      #该行的格式
      #*.*       :ommysql:database-server,database-name,database-userid,database-password
#同样要注意的是database-name 必须和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql 中的相同
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*                                                 /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                -/var/log/messages
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
# Log cron stuff
cron.*                                                  -/var/log/cron
# Everybody gets emergency messages
*.emerg                                                 *
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          -/var/log/spooler
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /rsyslog/spool # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so # load module
#$InputTCPServerRun 514 # start up TCP listener at port 514
########## 下面的配置接受远程主机的日志
UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514

5 关闭系统自带的syslog 进程
     #service syslog stop
     #chkconfig syslog off

 6 因为rsyslog 没有启动脚本,并修改该脚本此时用的是syslog的启动脚本,
 #cp /etc/init.d/{syslog,rsyslog}
 把脚本中syslog 替换成rsyslog
 #sed -i ‘s/syslog/rsyslog/g’ /etc/init.d/rsyslog
 #chmod 700 /etc/init.d/rsyslog
 #chkconfig –add rsyslog
 #chkconfig rsyslog on

linux
相关资讯       RHEL 
本文评论   查看全部评论 (0)
表情: 表情 姓名: 字数

       

评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款