log-Client:10.0.0.12 log-Server:10.0.0.11 mysql:10.0.0.13 實現步驟: 啟用網路日誌服務的配置: https://www.cnblogs.com/heyongshen/p/16808684.html 1.在rsyslog伺服器上安裝連接mysq ...
-
log-Client:10.0.0.12
-
log-Server:10.0.0.11
-
mysql:10.0.0.13
實現步驟:
啟用網路日誌服務的配置:
https://www.cnblogs.com/heyongshen/p/16808684.html
- 1.在rsyslog伺服器上安裝連接mysql模塊相關的程式包。
#安裝提供連接mysql模塊的軟體包
yum install rsyslog-mysql
Installed:
mariadb-connector-c-3.0.7-1.el8.x86_64 rsyslog-mysql-8.1911.0-6.el8.x86_64
#rsyslog服務連接MySQL的模塊提供的相關文件:
[root@LogServer log]# rpm -ql rsyslog-mysql
/usr/lib/.build-id
/usr/lib/.build-id/b1
/usr/lib/.build-id/b1/435a976b2dfddfb19d0d1517964f615d510402
/usr/lib64/rsyslog/ommysql.so #提供的模塊文件
/usr/share/doc/rsyslog/mysql-createDB.sql
#提供了一個mysql伺服器用於存儲rsyslog日誌信息的資料庫創建的sql文件
#記錄怎麼把日誌存到mysql中
- 2.將創建資料庫的sql文件傳給mysql伺服器端(10.0.0.12--->10.0.0.13)
#10.0.0.11
[root@LogServer log]# scp /usr/share/doc/rsyslog/mysql-createDB.sql 10.0.0.13:/root
- 3.mysql端的相關配置:
#10.0.0.13
#導入sql文件生成對應的資料庫
[root@CentOS8 ~]# mysql < mysql-createDB.sql
[root@CentOS8 ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.21 Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| Syslog |
| hellodb |
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
6 rows in set (0.34 sec)
#創建一個用於rsyslog日誌伺服器連接mysql的用戶
mysql> create user syslog@'10.0.0.%' identified by 'redhat';
Query OK, 0 rows affected (0.24 sec)
mysql> grant all on Syslog.* to syslog@'10.0.0.%';
Query OK, 0 rows affected (0.03 sec)
#刷新許可權
mysql> flush privileges;
Query OK, 0 rows affected (0.46 sec)
- 4.配置日誌伺服器將日誌發送至指定資料庫
# 10.0.0.11
#配置rsyslog將日誌保存到mysql中
module(load="ommysql") #載入連接mysql的模塊,安裝軟體包的時候提供
#將日誌伺服器的所有日誌都發送到mysql伺服器
格式:#facility.priority :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
*.info :ommysql:10.0.0.13,Syslog,syslog,redhat
[root@centos8 ~]#systemctl restart rsyslog.service
- 5.測試:
#10.0.0.12
#通過客戶端在日誌伺服器上生成日誌
[root@CentOS8 ~]# logger "this is a test log"
[root@CentOS8 ~]# logger "this is a test log"
#10.0.0.13
mysql> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
| 9 |
+----------+
1 row in set (0.13 sec)
mysql> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
| 10 |
+----------+
1 row in set (0.00 sec)
mysql> show tables;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.12 sec)
