1 系统需求
mysql mysql-devel mysql-server php php-mysql php-pdo php-common php-gd httpd
2需要的源码包软件
rsyslog-5.6.2.tar.gz
loganalyzer-3.0.4.tar.gz
3安装rsyslog
#tar xvf rsyslog-5.6.2.tar.gz
#./configure --enable-mysql
#make && make install
4 修改rsyslog 的主配置文件
修改如下
#if you experience problems, check
# for assistance
# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!
# You may need to set the module load path if modules are not found.
$ModLoad immark # provides --MARK-- message capability
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # kernel logging (formerly provided by rklogd)
$ModLoad ommysql
*.* :ommysql:localhost,Syslog,root,frank
# 注 localhost 字节是database-server
Syslog 是数据中database-name
root 是database-userid
frank 是root用户登录mysql的密码
#该行的格式
#*.* :ommysql:database-server,database-name,database-userid,database-password
#同样要注意的是database-name 必须和/root/rsyslog-5.6.2/plugins/ommysql/creatDB.sql 中的相同
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* -/var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit -/var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Remote Logging (we use TCP for reliable delivery)
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$WorkDirectory /rsyslog/spool # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ######### Receiving Messages from Remote Hosts ##########
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so # load module
#$InputTCPServerRun 514 # start up TCP listener at port 514
########## 下面的配置接受远程主机的日志
UDP Syslog Server:
$ModLoad imudp.so # provides UDP syslog reception
$UDPServerRun 514 # start a UDP syslog server at standard port 514
5 关闭系统自带的syslog 进程
#service syslog stop
#chkconfig syslog off