Archive for 九月 2019

Syslog记录软件

之前写过在Linux中记录syslog的方法,若急用,也可以使用软件来实现。Syslog Watcher就是这样一款在WINDOWS下使用的软件(下载地址,提取码:jw8k)。

运行主程序后,在Listen状态下即能监控syslog数据包,如下图:

syslog03

点击上图中的Settings,进行相应设置,如考虑若每天的日志量很大,可以设置为每天生成一个日志文件;并设置日志存放的路径,如下图所示。

syslog04

CentOS 8发布

CentOS8发布,CentOS-8-x86_64-1905-dvd1.iso。

下载地址

CentOS7中,利用rsyslog搭建日志服务器(采集syslog日志),并使用loganalyzer实现日志图形化管理

Rsyslog是一个syslogd的多线程增强版,在syslog的基础上扩展了很多其他功能,如数据库支持(MySQL, PostgreSQL、Oracle等)、日志内容筛选、定义日志格式模板等。除了默认的udp协议外,rsyslog还支持tcp协议来接收日志。

交换机、路由器、防火墙、上网行为管理等设备都支持syslog日志标准输出,网络中如有日志审计设备,即可将日志输出至日志审计设备中,实现日志记录,等保中网内设备日志的记录也是最基本的要求。

若没有专用日志审计设备,可通过相关日志管理软件实现,本文将介绍通过Linux自带的Rsyslog来记录外部日志,并通过loganalyzer实现日志图形化管理。

一、在CentOS7(1804)中配置Rsyslog

1、安装 CentOS

在虚拟化平台中完成CentOS操作系统的安装,准备存放日志的/或/var目录空间相对配置大些,用于存放日志。

2、关闭防火墙

通过systemctl status firewalld.service命令查看防火墙正在运行,如下图:

[root@localhost ~]# systemctl status firewalld.service
鈼[0m firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-09-13 22:43:44 CST; 16h ago
     Docs: man:firewalld(1)
  Main PID: 802 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           鈹斺攢802 /usr/bin/python -Es /usr/sbin/firewalld –nofork –nopid

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynami…
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic…
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#

rsyslog01

通过命令关闭防火墙,并禁用关机启用防火墙:

[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl status firewalld.service
鈼firewalld.service – firewalld – dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sat 2019-09-14 15:20:48 CST; 6s ago
     Docs: man:firewalld(1)
  Process: 802 ExecStart=/usr/sbin/firewalld –nofork –nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
  Main PID: 802 (code=exited, status=0/SUCCESS)

Sep 13 22:43:42 localhost.localdomain systemd[1]: Starting firewalld – dynamic firew….
Sep 13 22:43:44 localhost.localdomain systemd[1]: Started firewalld – dynamic firewa….
Sep 14 15:20:46 localhost.localdomain systemd[1]: Stopping firewalld – dynamic firew….
Sep 14 15:20:48 localhost.localdomain systemd[1]: Stopped firewalld – dynamic firewa….
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]#

如上,通过systemctl stop firewalld.service关闭防火墙功能,通过systemctl disable firewalld.service关闭自启动模式。

3、关闭SELINUX

执行如下命令,将SELINUX关闭。

[root@localhost ~]# sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
[root@localhost ~]# more /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing – SELinux security policy is enforced.
#     permissive – SELinux prints warnings instead of enforcing.
#     disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted – Targeted processes are protected,
#     minimum – Modification of targeted policy. Only selected processes are protected.
#     mls – Multi Level Security protection.
SELINUXTYPE=targeted

[root@localhost ~]# reboot

完成 后reboot重启服务器。

4、配置并启动Rsyslog

rsyslog一般是预先就安装于linux系统的发行版上的,使用如下命令检查下是否已安装Rsyslog:

[root@localhost ~]# rpm -qa | grep rsyslog
rsyslog-8.24.0-16.el7.x86_64
[root@localhost ~]# rsyslogd -v
rsyslogd 8.24.0, compiled with:
        PLATFORM:                               x86_64-redhat-linux-gnu
        PLATFORM (lsb_release -d):
        FEATURE_REGEXP:                         Yes
        GSSAPI Kerberos 5 support:              Yes
        FEATURE_DEBUG (debug build, slow code): No
         32bit Atomic operations supported:      Yes
        64bit Atomic operations supported:      Yes
        memory allocator:                       system default
        Runtime Instrumentation (slow code):    No
        uuid support:                           Yes
        Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.
[root@localhost ~]#

如上显示默认已安装rsyslog。

rsyslog后台进程默认不能接受外部信息的,但可以通过配置它的配置文件/etc/rsyslog.conf来使之接受外部日志信息,使其变成一台日志管理服务器。使用vi命令配置/etc/rsyslog.conf文件:

[root@localhost ~]# vi /etc/rsyslog.conf

将四个#字符去除,原为:

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

去除后变为:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

并在最后添加如下内容(目前如下日志文件名称的写法是第天会生成一个log日志文件,若希望一直是一个日志文件,则可以将年月日变量去除,修改为syslog_%FROMHOST-IP%.log即可):

$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/syslog_%$YEAR%-%$MONTH%-%$DAY%_%FROMHOST-IP%.log”
*.* ?RemoteLogs
& ~
fromhost-ip, !isequal, “127.0.0.1”
?Remote
& ~

完成后wq!保存退出。

重启rsyslog进程,并加入开机启动:

[root@localhost ~]# systemctl restart rsyslog
[root@localhost ~]# systemctl enable rsyslog
[root@localhost ~]#

然后查看rsyslog进程是否在运行,514端口是否在侦听:

[root@localhost ~]# systemctl status rsyslog
鈼[0m rsyslog.service – System Logging Service
    Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-09-14 21:57:02 CST; 16s ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
  Main PID: 5651 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           鈹斺攢5651 /usr/sbin/rsyslogd -n

Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘isequal,’ treated as ‘…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: action ‘127’ treated as ‘:omus…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]:  Could not find template 1 ‘Re…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during parsing file /etc…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: warning: ~ action is deprecate…]
Sep 14 21:57:02 localhost.localdomain rsyslogd[5651]: error during config processing…]
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# netstat -antup | grep 514
tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      5651/rsyslogd      
tcp6       0      0 :::514                  :::*                    LISTEN      5651/rsyslogd      
udp        0      0 0.0.0.0:514             0.0.0.0:*                           5651/rsyslogd      
udp6       0      0 :::514                  :::*                                5651/rsyslogd      
[root@localhost ~]#

至此rsyslog配置结束,接着配置一台华为5720交换机,配置成将syslog日志传输至本服务器上(192.168.10.209):

[center-s5700]info-center enable
[center-s5700]info-center loghost 192.168.10.209

完成后进入日志服务器的/var/log/syslog目录,生成了一个center-5700的文件夹,进入后,有一个syslog_2019-09-14_192.168.10.253.log日志文件,如下:

rsyslog02

[root@localhost xxx-center-s5700]# cd ..
[root@localhost syslog]# ls
xxx-center-s5700  localhost
[root@localhost syslog]#
[root@localhost syslog]# cd xxx-center-s5700/
[root@localhost xxx-center-s5700]# ls
syslog_2019-09-14_192.168.10.253.log
[root@localhost xxx-center-s5700]# ^C
[root@localhost xxx-center-s5700]#

如上,说明日志文件已经生成,使用more syslog_2019-09-14_192.168.10.253.log查看日志内容

[root@localhost xxx-center-s5700]# more syslog_2019-09-14_192.168.10.253.log
Nov  6 03:17:11 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[0]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”info-center loghost 192.168.10.209″)
Nov  6 03:17:12 xxx-center-s5700 DS/4/DATASYNC_CFGCHANGE: OID 1.3.6.1.4.1.2011.5.25.
191.3.1 configurations have been changed. The current change number is 1, the change loo
p count is 0, and the maximum number of records is 4095.
Nov  6 03:17:55 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[1]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[2]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”quit”)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/LOGOUT(s)[3]: The user succeeded in log
ging out of VTY0. (UserType=Telnet, UserName=, Ip=192.168.10.66, VpnName=)
Nov  6 03:17:56 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[4]: Recorded command infor
mation. (Task=VT0, Ip=**, VpnName=, User=**, AuthenticationMethod=”Null”, Command=”undo
debugging all”)
Nov  6 03:18:03 xxx-center-s5700 %%01SHELL/5/LOGIN(s)[5]: The user succeeded in logg
ing in to VTY0. (UserType=Telnet, UserName=, AuthenticationMethod=”Password”, Ip=192.168
.10.66, VpnName=)
Nov  6 03:18:04 xxx-center-s5700 %%01SHELL/5/CMDRECORD(s)[6]: Recorded command infor
mation. (Task=VT0, Ip=192.168.10.66, VpnName=, User=**, AuthenticationMethod=”Password”,
  Command=”system-view”)

说明5700交换机日志可以传输至日志服务器上,至此rsyslog配置完成。

但目前只能通过文件的方式来查看日志的内容,不能直观的查看,故下面将介绍结合使用loganalyzer来实现图形化的管理。

二、安装及配置loganalyzer

loganalyzer是一款日志分析工具,配合rsyslog使用,rsyslog用于搜集日志,loganalyzer根据rsyslog搜集到的数据进行分析与图形化展示,并能生成相应报表等功能。

1、安装mariadb(mysql)、httpd(apache)、php

利用yum安装LAMP运行环境,包括mysql、php、httpd等,如下:

[root@localhost /]# yum -y install httpd mariadb-server mariadb php php-mysql mysql-devel
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
  * base: mirrors.163.com
  * extras: mirrors.huaweicloud.com
  * updates: mirrors.163.com
base                                                             | 3.6 kB  00:00:00    
extras                                                           | 3.4 kB  00:00:00    
updates                                                          | 3.4 kB  00:00:00  

…………………………………..

Installed:
  httpd.x86_64 0:2.4.6-89.el7.centos.1          mariadb.x86_64 1:5.5.60-1.el7_5       
  mariadb-devel.x86_64 1:5.5.60-1.el7_5         php.x86_64 0:5.4.16-46.el7            
  php-mysql.x86_64 0:5.4.16-46.el7            

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7_4.1                apr-util.x86_64 0:1.5.2-6.el7           
  httpd-tools.x86_64 0:2.4.6-89.el7.centos.1  keyutils-libs-devel.x86_64 0:1.5.8-3.el7
  krb5-devel.x86_64 0:1.15.1-37.el7_6         libcom_err-devel.x86_64 0:1.42.9-13.el7 
  libkadm5.x86_64 0:1.15.1-37.el7_6           libselinux-devel.x86_64 0:2.5-14.1.el7  
  libsepol-devel.x86_64 0:2.5-10.el7          libverto-devel.x86_64 0:0.2.5-4.el7     
  libzip.x86_64 0:0.10.1-8.el7                mailcap.noarch 0:2.1.41-2.el7           
  openssl-devel.x86_64 1:1.0.2k-16.el7_6.1    pcre-devel.x86_64 0:8.32-17.el7         
  php-cli.x86_64 0:5.4.16-46.el7              php-common.x86_64 0:5.4.16-46.el7       
  php-pdo.x86_64 0:5.4.16-46.el7              zlib-devel.x86_64 0:1.2.7-18.el7        

Dependency Updated:
  e2fsprogs.x86_64 0:1.42.9-13.el7           e2fsprogs-libs.x86_64 0:1.42.9-13.el7     
  krb5-libs.x86_64 0:1.15.1-37.el7_6         libcom_err.x86_64 0:1.42.9-13.el7         
  libselinux.x86_64 0:2.5-14.1.el7           libselinux-python.x86_64 0:2.5-14.1.el7   
  libselinux-utils.x86_64 0:2.5-14.1.el7     libsepol.x86_64 0:2.5-10.el7              
  libss.x86_64 0:1.42.9-13.el7               mariadb-libs.x86_64 1:5.5.60-1.el7_5      
  openssl.x86_64 1:1.0.2k-16.el7_6.1         openssl-libs.x86_64 1:1.0.2k-16.el7_6.1   
  zlib.x86_64 0:1.2.7-18.el7               

Complete!
[root@localhost /]#

如下,完成安装。启动apache和mysql:

[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# systemctl start mariadb.service
[root@localhost ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@localhost ~]#

使用如下命令查看服务是否启动:

[root@localhost rsyslog-8.24.0]# ss -naplt | grep httpd
LISTEN     0      128         :::80                      :::*                   users:((“httpd”,pid=12789,fd=4),(“httpd”,pid=12788,fd=4),(“httpd”,pid=12787,fd=4),(“httpd”,pid=2433,fd=4),(“httpd”,pid=2432,fd=4),(“httpd”,pid=2431,fd=4),(“httpd”,pid=2430,fd=4),(“httpd”,pid=2429,fd=4),(“httpd”,pid=2426,fd=4))
[root@localhost rsyslog-8.24.0]# ss -naplt | grep mysqld
LISTEN     0      50           *:3306                     *:*                   users:((“mysqld”,pid=12580,fd=13))
[root@localhost rsyslog-8.24.0]#

2、测试PHP

进入html目录,新建index.php文件,如下

[root@localhost www]# cd html     
[root@localhost html]# vi index.php

      在index.php文件中写入如下内容:

<?php
    phpinfo()
?>

      保存退出。
浏览器打开服务器地址http://192.168.10.209,出现如下界面,PHP则运行正常。

rsyslog03

3、安装rsyslog连接数据库模块插件,并导入rsyslog自带的sql脚本

安装rsyslog日志软件连接mysql插件:

[root@localhost ~]# yum -y install rsyslog-mysql

完成安装后,开始导入脚本,首先设置mariadb的root帐号密码,密码为syslog123,如下:

[root@localhost rsyslog-8.24.0]# mysqladmin -u root password syslog123
[root@localhost rsyslog-8.24.0]#

然后进入/usr/share/doc/rsyslog-8.24.0目录,执行mysql-createDB.sql脚本,如下:

[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# pwd
/usr/share/doc/rsyslog-8.24.0
[root@localhost rsyslog-8.24.0]# ls
AUTHORS  ChangeLog  COPYING  COPYING.ASL20  COPYING.LESSER  mysql-createDB.sql
[root@localhost rsyslog-8.24.0]# mysql -u root -p < mysql-createDB.sql
Enter password:
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]#
[root@localhost rsyslog-8.24.0]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| Syslog             |
| mysql              |
| performance_schema |
| test               |
+——————–+
5 rows in set (0.00 sec)

MariaDB [(none)]> use syslog;
ERROR 1049 (42000): Unknown database ‘syslog’
MariaDB [(none)]> use Syslog;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [Syslog]> show tables;
+————————+
| Tables_in_Syslog       |
+————————+
| SystemEvents           |
| SystemEventsProperties |
+————————+
2 rows in set (0.00 sec)

MariaDB [Syslog]>

如上所示,导入后没有错误产生,查询有SystemEvents、SystemEventsProperties两张表,说明导入脚本成功。

4、创建数据库用户,并使支持rsyslog-mysql模块

库和表已经创建完成,开始创建一个数据库用户,能够写入syslog数据表中,进行如下操作:

MariaDB [Syslog]> grant all on Syslog.* to rsyslog@’localhost’ identified by ‘syslog123’;
Query OK, 0 rows affected (0.01 sec)

MariaDB [Syslog]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [Syslog]> exit
Bye
[root@localhost rsyslog-8.24.0]#

完成后,开始配置rsyslog.conf配置文件,使支持rsyslog-mysql模块:

[root@localhost rsyslog-8.24.0]# vi /etc/rsyslog.conf

将#$ModLoad immark  # provides –MARK– message capability语句的#号去除,并添加如下内容:

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

最终变成:

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
$ModLoad immark  # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$Modload ommysql
*.* :ommysql:localhost,Syslog,rsyslog,syslog123

#### GLOBAL DIRECTIVES ####

rsyslog04

完成修改后,wq!保存退出,并重启rsyslog进程:

[root@localhost rsyslog-8.24.0]# systemctl restart rsyslog.service

5、安装并配置loganalyzer

从官网下载安装包,解压并复制至 /var/www/html目录下:

[root@localhost home]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.7.tar.gz
[root@localhost home]# tar -zxvf loganalyzer-4.1.7.tar.gz
[root@localhost home]# ls
aa  loganalyzer-4.1.7  loganalyzer-4.1.7.tar.gz
[root@localhost home]# cd loganalyzer-4.1.7/
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cd src
[root@localhost src]# ls
admin               convert.php  favicon.ico  js                   search.php
asktheoracle.php    cron         images       lang                 statistics.php
BitstreamVeraFonts  css          include      login.php            templates
chartgenerator.php  details.php  index.php    reportgenerator.php  themes
classes             export.php   install.php  reports.php          userchange.php
[root@localhost src]# cd ..
[root@localhost loganalyzer-4.1.7]# ls
ChangeLog  contrib  COPYING  doc  INSTALL  src
[root@localhost loganalyzer-4.1.7]# cp -a ./src/* /var/www/html/
cp: overwrite 鈥var/www/html/index.php鈥 y
[root@localhost loganalyzer-4.1.7]# cp -a ./contrib/* /var/www/html/
[root@localhost loganalyzer-4.1.7]#
[root@localhost loganalyzer-4.1.7]#

完成后,打开浏览器,输入http://192.168.10.209,点击HERE开始安装:

rsyslog05

点击next开始下一步

rsyslog06

提供config.sh文件不存在,权限错误,如下图

rsyslog07

运行软件根目录下的configure.sh,如下:

[root@localhost loganalyzer-4.1.7]# cd /var/www/html/
[root@localhost html]# ls
admin               convert.php  images       login.php            templates
asktheoracle.php    cron         include      reportgenerator.php  themes
BitstreamVeraFonts  css          index.php    reports.php          userchange.php
chartgenerator.php  details.php  install.php  search.php
classes             export.php   js           secure.sh
configure.sh        favicon.ico  lang         statistics.php
[root@localhost html]# sh configure.sh
[root@localhost html]#

完成后,点击上图中的ReCheck按扭,错误清除,如下图,继续next进行下一步

rsyslog08

配置数据库,选择YES,数据库名称Syslog,用户名rsyslog,密码是刚才创建用户时的密码,如下图

rsyslog09

创建表

rsyslog10

检查SQL语句

rsyslog11

创建管理员用户

rsyslog12

通过如下创建一个测试日志文件:

[root@localhost log]# echo 1 > /var/log/syslogtest

syslog file中输入syslogtest,如下图:

rsyslog13

完成安装。

rsyslog14

在刚才的syslogtest中添加一些字符,首页即会产生相应显示,则说明loganalyzer运行正常。

rsyslog15

6、在loganalyzer中添加数据源

综上已经完成了loganalyzer的安装工作,下面开始添加数据源,之前在安装rsyslog时已经添加了两台交换机的日志,并已经在/var/log/syslog目录生成了相应的日志文件,如下图所示:

rsyslog16

点击首页的Login按扭,输入刚才创建的admin用户

rsyslog17

选择Admin Center,如下

rsyslog18

选择Sources,数据源,如下

rsyslog19

选择Add new Sources,添加新的数据源,如下

rsyslog20

如下图,完成日志添加的相应信息

rsyslog21

若出现不能添加的问题,如下

rsyslog22

则需要修改/var/log下相关日志文件的权限,设置为777,如下:

[root@localhost log]# chmod -R 777 syslog

完成后,列表中会增加一个huawei5720的条目,如下

rsyslog23

返回首页,右上角Select Source中选择刚才创建的huawei-5720数据源条目

rsyslog24

刷新后,即能看到5720交换机的相关日志信息,如下图。

rsyslog25

到此,rsyslog和LogAnalyzer安装结束,第一次使用和安装,文中难免有逻辑等错误,仅供参考。

参考文章:

1、https://www.linuxidc.com/Linux/2017-10/147693.htm

2、https://www.cnblogs.com/lsdb/articles/8072115.html

3、https://blog.csdn.net/xdnabl/article/details/51120873

4、https://www.cnblogs.com/zhaodahai/p/6824523.html

5、https://loganalyzer.adiscon.com/doc/install.html

6、https://blog.csdn.net/xdnabl/article/details/51120873

7、https://www.jianshu.com/p/0f6cb74a7280

Debian 10.1发布

下载地址

debian-10.1.0-amd64-DVD-1.iso
debian-10.1.0-amd64-DVD-2.iso
debian-10.1.0-amd64-DVD-3.iso

debian10