- 日志文件巨大,硬盘IO压力大
- 无法实时分析
- 分析需要消耗很多计算机资源且困难
- IO压力:我们可以将日志收集在数据库中,海量的日志通过分布式存储的底层支撑加上数据库对数据的高效管理,使得数据读写变得轻松,避免了原理日志服务器的IO压力。
- 无法实时分析:可以部署一个日志分析系统来辅助分析,苦难的分析工作瞬间变得简单。
- 分析需要消耗很多计算机资源:分布式处理分担处理压力
setp 1 安装所需要的软件包
[root@zutuanxue ~]# dnf install mariadb mariadb-server rsyslog-mysql -y
step 2 启动mariadb服务
[root@zutuanxue ~]# systemctl restart mariadb
[root@zutuanxue ~]# systemctl status mariadb
step 3 设置mariadb
[root@zutuanxue ~]# mysqladmin -u root password 123456
[root@zutuanxue ~]# cd /usr/share/doc/rsyslog/
[root@zutuanxue rsyslog]# mysql -u root -p < mysql-createDB.sql
Enter password:
[root@zutuanxue rsyslog]# mysql -u root -p
Enter password:
MariaDB [(none)]> show databases;
| Database |
| Syslog |
step 4 为后面将要用到的用户进行授权,允许用户访问mairadb中的Syslog库
MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@''identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@''identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@''identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> quit
setp 5 修改rsyslog服务的配置文件
[root@zutuanxue ~]# vim /etc/rsyslog.conf
7 #### MODULES ####
24 module(load="imtcp") # needs to be done just once
25 input(type="imtcp" port="514")
26 module(load="ommysql")#加载一个叫ommysql的模块是日志服务可以连接mariadb
65 local7.* /var/log /boot.log
67 *.* :ommysql:,Syslog,syslogroot,syslogpass
[root@zutuanxue ~]# systemctl restart rsyslog
step 6 测试一下日志信息能否记录到数据库中
[root@zutuanxue ~]# logger "hello test test test"
[root@zutuanxue ~]# mysql -u root -p
Enter password:
MariaDB [(none)]> use Syslog;
Database changed
MariaDB [Syslog]> select * from SystemEvents\G
*************************** 8. row ***************************
ID: 8
CustomerID: NULL
ReceivedAt: 2019-12-07 03:22:31
DeviceReportedTime: 2019-12-07 03:22:31
Facility: 1
Priority: 5
FromHost: localhost
Message: hello test test test
step 7 设置client(,此步骤是唯一一步需要对client的做出的设置
[root@zutuanxue ~]# dnf install rsyslog-mysql -y
[root@zutuanxue ~]# vim /etc/rsyslog.conf
*.* :ommysql:,Syslog,syslogroot,syslogpass
[root@zutuanxue ~]# systemctl restart rsyslog
[root@zutuanxue ~]# logger "hello this is a test from client 18"
MariaDB [Syslog]> select * from SystemEvents\G
*************************** 28. row ***************************
ID: 28
CustomerID: NULL
ReceivedAt: 2019-12-07 03:30:28
DeviceReportedTime: 2019-12-07 03:30:28
Facility: 1
Priority: 5
FromHost: localhost
Message: hello this is a test from client 18
step 8 server端安装支持web页面查看日志的工具loganalyzer
[root@zutuanxue ~]# dnf install httpd php php-mysqlnd php-gd -y
[root@zutuanxue ~]# tar fx loganalyzer-4.1.8.tar.gz
[root@zutuanxue ~]# cp -r loganalyzer-4.1.8/src/* /var/www/html/
[root@zutuanxue ~]# cp loganalyzer-4.1.8/contrib/* /var/www/html/
[root@zutuanxue ~]# cd /var/www/html/
[root@zutuanxue html]# sh configure.sh
[root@zutuanxue html]# systemctl restart httpd
step 9 在mariadb中创建lyzeruser工具需要用到的库、用户并授权
[root@zutuanxue html]# mysql -u root -p
Enter password:
MariaDB [(none)]> create database loganalyzer;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all on loganalyzer.* to lyzeruser@'' identified by 'lyzeruser';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> quit
step 10 打开浏览器,部署loganalyzer
