CentOS8 利用rsyslog日志服务，将收集的日志记录于MySQL中 - Linux

TOP

CentOS8 利用rsyslog日志服务，将收集的日志记录于MySQL中

2023-07-23 13:37:55 【大中小】浏览:24次

log-Client:10.0.0.12
log-Server:10.0.0.11
mysql：10.0.0.13

实现步骤：

启用网络日志服务的配置：
https://www.cnblogs.com/heyongshen/p/16808684.html

1.在rsyslog服务器上安装连接mysql模块相关的程序包。

#安装提供连接mysql模块的软件包
yum install rsyslog-mysql
Installed:
  mariadb-connector-c-3.0.7-1.el8.x86_64            rsyslog-mysql-8.1911.0-6.el8.x86_64

#rsyslog服务连接MySQL的模块提供的相关文件：
[root@LogServer log]# rpm -ql rsyslog-mysql
/usr/lib/.build-id
/usr/lib/.build-id/b1
/usr/lib/.build-id/b1/435a976b2dfddfb19d0d1517964f615d510402
/usr/lib64/rsyslog/ommysql.so  #提供的模块文件
/usr/share/doc/rsyslog/mysql-createDB.sql 
#提供了一个mysql服务器用于存储rsyslog日志信息的数据库创建的sql文件
#记录怎么把日志存到mysql中

2.将创建数据库的sql文件传给mysql服务器端（10.0.0.12--->10.0.0.13）

#10.0.0.11
[root@LogServer log]# scp   /usr/share/doc/rsyslog/mysql-createDB.sql 10.0.0.13:/root

3.mysql端的相关配置：

#10.0.0.13
#导入sql文件生成对应的数据库
[root@CentOS8 ~]# mysql < mysql-createDB.sql 
[root@CentOS8 ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.21 Source distribution

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| Syslog             |
| hellodb            |
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
6 rows in set (0.34 sec)

#创建一个用于rsyslog日志服务器连接mysql的用户
mysql> create user syslog@'10.0.0.%' identified by 'redhat';
Query OK, 0 rows affected (0.24 sec)

mysql> grant all on Syslog.* to syslog@'10.0.0.%';
Query OK, 0 rows affected (0.03 sec)

#刷新权限
mysql> flush privileges;
Query OK, 0 rows affected (0.46 sec)

4.配置日志服务器将日志发送至指定数据库

# 10.0.0.11
#配置rsyslog将日志保存到mysql中
module(load="ommysql") #加载连接mysql的模块，安装软件包的时候提供

#将日志服务器的所有日志都发送到mysql服务器
格式：#facility.priority   :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
*.info                                                  :ommysql:10.0.0.13,Syslog,syslog,redhat

[root@centos8 ~]#systemctl restart rsyslog.service

5.测试：

#10.0.0.12 
#通过客户端在日志服务器上生成日志
[root@CentOS8 ~]# logger "this is a test log"
[root@CentOS8 ~]# logger "this is a test log"

#10.0.0.13
mysql> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
|        9 |
+----------+
1 row in set (0.13 sec)

mysql> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
|       10 |
+----------+
1 row in set (0.00 sec)

mysql> show tables;
+------------------------+
| Tables_in_Syslog       |
+------------------------+
| SystemEvents           |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.12 sec)


【大中小】【打印】【繁体】【投稿】【收藏】【推荐】【举报】【评论】【关闭】【返回顶部】

上一篇：如何用Virtualbox搭建一个虚拟机	下一篇：ansible配置文件