0. 准备工作
操作系统:Centos 7.x
loganalyzer 服务端:192.168.10.74
loganalyzer 客户端:192.168.10.71
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
1. 安装lamp环境并测试
yum -y install httpd PHP PHP-gd PHP-mcrypt PHP-MysqL mariadb-devel mariadb-server
systemctl start httpd.service
systemctl enable httpd.service
#创建测试页面
echo -e "<?PHP\nPHPinfo();\n?>" >/var/www/html/index.PHP
#进浏览器输入http://192.168.10.74
rm -f /var/www/html/index.PHP
2. 数据库的安全初始化
systemctl start mariadb.service
systemctl enable mariadb.service
MysqL_secure_installation
#Enter current password for root (enter for none):
#Change the root password? [Y/n]
#以下2步是让你输入密码,其它地方回车就可以了
#New password:
#Re-enter new password:
#Remove anonymous users? [Y/n]
#Disallow root login remotely? [Y/n]
#Remove test database and access to it? [Y/n]
#Reload privilege tables now? [Y/n]
yum -y install rsyslog-MysqL
MysqL -uroot -p < /usr/share/doc/rsyslog-7.4.7/MysqL-createDB.sql
MysqL -uroot -p
grant all on Syslog.* to rsysloguser@127.0.0.1 identified by 'rsyslogpwd';
grant all on Syslog.* to rsysloguser@localhost identified by 'rsyslogpwd';
flush privileges;
quit
4. 服务端配置
vi /etc/rsyslog.conf
#去掉注释
$ModLoad immark # immark是模块名,支持日志标记
$ModLoad imudp # imupd是模块名,支持udp协议
$UDPServerRun 514 #允许514端口接收使用UDP和TCP协议转发过来的日志
#添加以下信息
$ModLoad omMysqL
*.* :omMysqL:localhost,Syslog,rsysloguser,rsyslogpwd
#重启服务
systemctl restart rsyslog.service
6. 客户端配置
vi /etc/rsyslog.conf
*.* @192.168.10.74:514
#重启服务
systemctl restart rsyslog.service
7. loganalyzer准备工作
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
tar xf loganalyzer-4.1.5.tar.gz
cp -a loganalyzer-4.1.5/src/ /var/www/html/log
cp -a loganalyzer-4.1.5/contrib/*.sh /var/www/html/log/
cd /var/www/html/log
chmod +x configure.sh secure.sh
./configure.sh
./secure.sh
chmod 666 config.PHP
chown -R apache.apache *
8. 进浏览器输入http://192.168.10.74/log/ 进行安装
在客户端安装一个程序包测试一下吧!!!!!!
我的天“涯”,貌似,可能,好像,也许,大概是成功了……