1、首先关闭防火墙和selinux

systemctl stop firewalld.service
 systemctl disable firewalld.service
 systemctl status firewalld.service


关闭selinux
vi /etc/selinux/config,将SELINUX=enforcing改为SELINUX=disabled,然后重启

2、安装数据库
安装mariadb数据库。
yum -y install mariadb mariadb-server

3、启动并初始化数据库
启动mariadb数据库服务器

systemctl start mariadb.service
 systemctl enable mariadb

初始化数据库

[root@localhost ~]# /bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
 SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
 In order to log into MySQL to secure it, we’ll need the current
 password for the root user. If you’ve just installed MySQL, and
 you haven’t set the root password yet, the password will be blank,
 so you should just press enter here.
 Enter current password for root (enter for none):<–初次运行直接回车
 OK, successfully used password, moving on…
 Setting the root password ensures that nobody can log into the MySQL
 root user without the proper authorisation.
 Set root password? [Y/n] <– 是否设置root用户密码,输入y并回车或直接回车
 New password: <– 设置root用户的密码
 Re-enter new password: <– 再输入一次你设置的密码
 Password updated successfully!
 Reloading privilege tables…
 … Success!
 By default, a MySQL installation has an anonymous user, allowing anyone
 to log into MySQL without having to have a user account created for
 them. This is intended only for testing, and to make the installation
 go a bit smoother. You should remove them before moving into a
 production environment.
 Remove anonymous users? [Y/n] <– 是否删除匿名用户,生产环境建议删除,所以直接回车
 … Success!
 Normally, root should only be allowed to connect from ‘localhost’. This
 ensures that someone cannot guess at the root password from the network.
 Disallow root login remotely? [Y/n] <–是否禁止root远程登录,根据自己的需求选择y并回车,建议禁止
 … Success!
 By default, MySQL comes with a database named ‘test’ that anyone can
 access. This is also intended only for testing, and should be removed
 before moving into a production environment.
 Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车• Dropping test database…
 … Success!• Removing privileges on test database…
 … Success!
 Reloading the privilege tables will ensure that all changes made so far
 will take effect immediately.
 Reload privilege tables now? [Y/n] <– 是否重新加载权限表,直接回车
 … Success!
 Cleaning up…
 All done! If you’ve completed all of the above steps, your MySQL
 installation should now be secure.
 Thanks for using MySQL!
4、添加数据库和用户
 [root@localhost ~]# mysql -uroot -p创建”rsyslog”的数据库,字符编码设置为utf 8
 create database rsyslog character set utf8 collate utf8_bin;对数据库“rsyslog”创建全权限的rsyslog,的本地用户,设置密码为“rsyslog”
 这里很重要,在后面配置数据库的时候需要用到的信息
 grant all privileges on rsyslog.* to ‘rsyslog’@‘localhost’ identified by ‘rsyslog’;flush privileges;5、安装 rsyslog 的 MySQL 扩展程序包 rsyslog-mysql
 安装rsyslog
 [root@localhost ~]# yum -y install rsyslog-mysql6、将 rsyslog 的 MySQL 表导入创建的 rsyslog 数据库,并给予用户权限
 将 rsyslog 的 MySQL 表导入创建的 rsyslog 数据库
 mysql -uroot -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql[root@localhost ~]# mysql -uroot -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
 Enter password:
 [root@localhost ~]#7、创建数据库Syslog,设置本地用户rsyslog,密码rsyslog,全部权限
 mysql -uroot -p
 grant all privileges on Syslog.* to ‘rsyslog’@’%’ identified by ‘rsyslog’;flush privileges;8、修改 rsyslog 配置文件
 vi /etc/rsyslog.conf$ModLoad ommysql
. :ommysql:localhost,Syslog,rsyslog,rsyslog
 #日志 :ommysql:数据库地址,数据库名,数据库用户,数据库用户密码

使用UDP协议传输

$ModLoad imudp
 $UDPServerRun 514
 $UDPServerRun 38514#使用TCP协议传输(两者可同时使用)
 $ModLoad imtcp
 $InputTCPServerRun 514
 $InputTCPServerRun 38514 #华为交换机默认发送日志端口注意,在修改配置文件的时候,要使功能生效,需要将“#”删掉
9、重启rsyslog服务
 systemctl restart rsyslog.service
 systemctl enable rsyslog.service10、准备web环境
 安装所需软件
 yum install httpd php php-mysql php-gd -y11、下载 loganalyzer
 yum install unzip wget -y在apache的默认documentRoot目录下创建loganalyzer目录:
 mkdir -p /var/www/html/log创建loganalyzer日志目录:
 mkdir -p /var/log/httpd/log
 cd /usr/local/src
 wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.11.tar.gz
 tar -zxvf loganalyzer-4.1.11.tar.gz
 cd loganalyzer-4.1.11
 cp -r src/* /var/www/html/log
 cp -r contrib/* /var/www/html/log
 cd /var/www/html/log
 chmod +x configure.sh secure.sh
 ./configure.sh
 ./secure.sh
 touch config.php
 chmod 666 config.php
 chown -R apache.apache *
 systemctl start httpd
 systemctl enable httpd
 systemctl status httpd


重启服务器

19 登录http://你的IP/log,过程中只有两个步骤要注意:

centos7 service 服务日志 centos7搭建日志服务器_MySQL


centos7 service 服务日志 centos7搭建日志服务器_MySQL_02

搭建完毕

问题跟踪
1、无法创建后台管理员账户
灵感来自http://www.showerlee.com/archives/465
故障原因:此处应为bug,新建的数据库表格中last_login是不允许空值存在,故在setup的时候无法添加用户。
解决办法:详见安装步骤六

2、关于重新安装
解决办法:1)可直接清空config.php文件
[root@rsyslog loganalyzer]# > config.php
2)清空数据中导入的logcon_*表

3、中文显示乱码问题
解决办法:在admin center中修改“Default character encoding”项,选择UTF-8即可

4、登录后出现以下错误提示:Could not find the configured table, maybe misspelled or the tablenames are…
解决办法:修改config.php中的$CFG[‘Sources’][‘Source1’][‘DBTableName’] = ‘SystemEvents’; 注意大小写

5、关闭分析页面中的捐赠按钮
解决办法:修改include/functions_common.php中$content[‘SHOW_DONATEBUTTON’] = false; // Default = true!

6、替换分析页面logo
解决办法:替换images/main/目录下的Header-Logo.png文件