搭建lnmp见
http://liang-yao.cnblogs.com/p/8448362.html
yum install -y rsyslog-mysql
导入数据库
mysql -u root -p < /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql
可以通过 rpm -ql rsyslog-mysql | grep createDB查询位置
/usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql
创建用户并授予权限
grant all on Syslog.* to rsyslogs@localhost identified by ‘123456‘;
刷新权限
flush privileges;
vim /etc/rsyslog.conf
#### MODULES ####
$ModLoad ommysql
*.*:ommysql:localhost,Syslog,rsyslogs,123456
Syslog为数据库名,rsyslogs为数据库的用户,123456为该用户密码
$ModLoad immark #immark是模块名,支持日志标记
$ModLoad imtcp #支持TCP协议
$InputTCPServerRun 514 #打开514端口以接收日志
systemctl restart rsyslog
log-client配置
vim /etc/rsyslog.conf
*.* @@192.168.200.101:514
systemctl restart rsyslog
在log-server上查看日志
cat /var/log/messages
02为log-client主机名(主机名不要相同)
安装loganalyzer
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
tar xzvf loganalyzer-4.1.5.tar.gz
cd loganalyzer-4.1.5/src/
mkdir /usr/share/nginx/html/loganalyzer
mv * /usr/share/nginx/html/loganalyzer
chown -R nginx:nginx /usr/share/nginx/html/loganalyzer/*
访问http://192.168.200.101/loganalyzer/
touch /usr/share/nginx/html/loganalyzer/config.php
chmod 666 /usr/share/nginx/html/loganalyzer/config.php