LogAnalyzer
LogAnalyzer 是一款syslog日志和其他网络事件数据的Web前端。它提供了对日志的简单浏览、搜索、基本分析和一些图表报告的功能。数据可以从数据库或一般的syslog文本文件中获取,所以LogAnalyzer不需要改变现有的记录架构。基于当前的日志数据,它可以处理syslog日志消息,Windows事件日志记录,支持故障排除,使用户能够快速查找日志数据中看出问题的解决方案。
LogAnalyzer 获取客户端日志会有两种保存模式,一种是直接读取客户端/var/log/目录下的日志并保存到服务端该目录下,一种是读取后保存到日志服务器数据库中,推荐使用后者。LogAnalyzer 采用php开发,所以日志服务器需要php的运行环境,本文采用LNMP(Linux Nginx Mariadb PHP)
系统环境:
- Debian9
- nginx
- mariadb-server-10.1
- php7.0
- php7.0-gd
- php7.0-fpm
- php7.0-mysql
- rsyslog-mysql
配置LNMP环境
第一步:安装相关包
apt install nginx mariadb-server-10.1 php7.0 php7.0-gd php7.0-fpm php7.0-mysql rsyslog-mysql
第二步:安装完成后,配置项
php7.0-fpm:
- /etc/php/7.0/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
nginx 配置
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
启动服务:
root@logserver:~# systemctl restart php7.0-fpm.service
root@logserver:~# systemctl restart nginx.srevice
root@logserver:~# systemctl restart mariadb.service
检查服务项启动:
root@logserver:~# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 80 127.0.0.1:3306 *:*
登录 MariaDB 服务器,创建初始的库表的连接用户。
root@logserver:~# mysql -u root -p
Enter password:
...
MariaDB [(none)]>
MariaDB [(none)]>create database if not exists syslog;
MariaDB [(none)]>grant select,insert,update on syslog.* to lognan@'127.0.0.%' identified by 'password';
MariaDB [(none)]>use syslog;
MariaDB [(none)]>\. /usr/share/dbconfig-common/data/rsyslog-mysql/install/mysql
会建立起两张表:SystemEvents、SystemEventsProperties,日志也记录在第一张表里。
配置rsyslog
配置rsyslog使用ommysql模块,/etc/rsyslog.d/mysql.conf
$ModLoad ommysql
*.* :ommysql:127.0.0.1,syslog,logana,password
-
'ommysql’之后分别时:数据库服的地址,数据库名称,登录数据库的用户名,登录数据库的密码
-
启动服务rsyslog服务
root@logserver:~# systemctl restart rsyslog.service
- 检查rsyslog服务:
登录 MariaDB 服务器,看表里已有的日志: MariaDB [(none)]> SELECT * from SystemEvents\G
安装loganalyzer
http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
tar -xf loganalyzer-3.6.5.tar.gz
cd loganalyzer-3.6.5/
cp -a src /var/www/html/loganalyzer
cd /var/www/html
ln -sv loganalyzer log
cd log
touch config.php
chmod 666 config.php
在浏览器安装向导中安装LogAnalyzer,打开浏览器访问"服务器地址/log"
config.php 日志源部分的关键配置
$CFG['DefaultSourceID'] = 'Source1';
$CFG['Sources']['Source1']['ID'] = 'Source1';
$CFG['Sources']['Source1']['Name'] = 'My Syslog Source';
$CFG['Sources']['Source1']['ViewID'] = 'SYSLOG';
$CFG['Sources']['Source1']['SourceType'] = SOURCE_PDO;
$CFG['Sources']['Source1']['DBTableType'] = 'monitorware';
$CFG['Sources']['Source1']['DBType'] = DB_MYSQL;
$CFG['Sources']['Source1']['DBServer'] = '127.0.0.1';
$CFG['Sources']['Source1']['DBName'] = 'syslog';
$CFG['Sources']['Source1']['DBUser'] = 'logana';
$CFG['Sources']['Source1']['DBPassword'] = 'a4h3ljbn';
$CFG['Sources']['Source1']['DBTableName'] = 'SystemEvents';
$CFG['Sources']['Source1']['DBEnableRowCounting'] = true;
原文出处:https://raw.githubusercontent.com/panhaitao/DeploymentGuideForDebian9/master/ops/loganalyzer.md
