准備程序包
rsyslog-5.8.1.tar.gz
xvf loganalyzer-3.2.1.tar.gz
vi rsyslog.sh
#!/bin/sh
#mysql conf
mysql_user=’root’
mysql_pwd=’123456′
run_user=’root’
run_pwd=’123456′
# Install env.
yum -y install mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd zlib-devel gcc gcc-c++
# Install rsyslog..
tar rsyslog-5.8.1.tar.gz
cd rsyslog-5.8.1
./configure –enable-mysql –prefix=/usr/local/rsyslog
make && make install
cd ..
# creat rsyslog config..
sed -e “s/ommysql:localhost,Syslog,root,/ommysql:localhost,Syslog,${run_user},${run_pwd};dbFormat/g” rsyslog.conf > /etc/rsyslog.conf
# stop system syslog..
service syslog stop
chkconfig syslog off
# create rsyslog startup script
cp /etc/init.d/{syslog,rsyslog}
# edit rsyslog startup script
sed -i ‘s/syslog/rsyslog/g’ /etc/init.d/rsyslog
chmod 700 /etc/init.d/rsyslog
chkconfig –add rsyslog
chkconfig rsyslog on
# create rsyslog bin ln
ln -sv /usr/local/rsyslog/sbin/rsyslogd /sbin/rsyslogd
# conf mysql
service mysqld start
chkconfig mysqld on
mysqladmin -u root password “${mysql_pwd}”
# create sql
cat > createDB.sql << EOF
CREATE DATABASE Syslog default character set ‘utf8′;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
) DEFAULT CHARSET=’utf8′;
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
) DEFAULT CHARSET=’utf8′;
grant all privileges on Syslog.* to ‘${run_user}’@localhost identified by ‘${run_pwd}’;
EOF
# import sql
mysql -u${mysql_user} -p${mysql_pwd} < createDB.sql
# start rsyslog
service rsyslog restart
# install loganalyzer
tar xvf loganalyzer-3.2.1.tar.gz
cd loganalyzer-3.2.1
cp -r src/ /var/www/html/loganalyzer
cp -r contrib/* /var/www/html/loganalyzer
cd ..
chown -R apache.apache /var/www/html/loganalyzer
# use web install loganalyzer.
/bin/sh /var/www/html/loganalyzer/configure.sh
/bin/sh /var/www/html/loganalyzer/secure.sh
# start httpd
service httpd start
chkconfig httpd on
# edit src/include/functions_common.php function GetStringWithHTMLCodes
sed -i ‘s/htmlentities.*/htmlentities(\$myStr,ENT_QUOTES,”UTF-8″);/g’ /var/www/html/loganalyzer/include/functions_common.php
# reduce the privilege
read -n 1 -p ‘Please go to install web, when finished, press Enter…’
cat > priv.sql << EOF
revoke all privileges on Syslog.* from ‘${run_user}’@localhost;
grant insert,delete,update,select,alter on Syslog.* to ‘${run_user}’@localhost identified by ‘${run_pwd}’;
EOF
mysql -u${mysql_user} -p${mysql_pwd} < priv.sql
# clean
rm -rf priv.sql createDB.sql loganalyzer-3.2.1 rsyslog-5.8.1
chmod +x rsyslog.sh
./rsyslog.sh
如與panabit流量監控相結合的話.終端會一直彈出數據.無法操作.可以改下
彈出數據為Message from syslogd@2011-06-13T19:43:04.846104+08:00 10.35.2.2 PNB0>www 1307994563
vi /etc/rsyslog.conf
#*.emerg *
service rsyslog restart