View linux Log in web interface

rsyslog+mariadb+loganalyzer

An architecture that can use web pages to view logs

Environment preparation: just like the centralized log server architecture mentioned in the previous course, this architecture is built on the server, that is, the host with IP address of 192.168.1.55

Environment preparation and setting of server side

Packages required for setp1 installation

[root@localhost ~]# dnf install mariadb mariadb-server rsyslog-mysql -y

step2 start mariadb service

[root@localhost ~]# systemctl restart mariadb
[root@localhost ~]# systemctl status mariadb

step3 set mariadb

##Set the administrator password of mariadb to '123456'
[root@localhost ~]# mysqladmin -u root password 123456

##Establish the database needed for log service
[root@localhost ~]# cd /usr/share/doc/rsyslog/
[root@localhost rsyslog]# mysql -u root -p < mysql-createDB.sql 
Enter password: 

##Enter mariadb to verify whether there is a database called Syslog. If there is one, it means the previous operation is successful
[root@localhost rsyslog]# mysql -u root -p
Enter password: 
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| Syslog             |

Step 4 authorizes the users to be used later, and allows users to access the Syslog Library in mailadb

#Allow a user named syslogroot to access my database from 127.0.0.1, 192.168.1.55 and 192.168.1.18 IP addresses. The password is syslogpass. After setting, refresh and exit (if there are other hosts in your architecture, just change the IP address in the database statement)
MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@'127.0.0.1'identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@'192.168.1.55'identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> grant all on Syslog.* to 'syslogroot'@'192.168.1.18'identified by 'syslogpass';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> quit
Bye

setp5 modify the configuration file of rsyslog service

[root@localhost ~]# vim /etc/rsyslog.conf 
7 #### MODULES ####
.
.
.
 24 module(load="imtcp") # needs to be done just once
 25 input(type="imtcp" port="514")
 26 module(load="ommysql")#Loading a module called ommmysql is that the log service can connect to mariadb
 .
 .
 65 local7.*                 /var/log    /boot.log
 66 
 #Tell the log service to send the log information to the Syslog Library of 192.168.1.55 through the ommysql module. The user name and password used are the syslogroot and syslogpass we set in the previous step
 67 *.*     :ommysql:192.168.1.55,Syslog,syslogroot,syslogpass

 ##Restart the log service
 [root@localhost ~]# systemctl restart rsyslog

Step 6 test whether the log information can be recorded in the database

[root@localhost ~]# logger "hello test test test"
[root@localhost ~]# mysql -u root -p
Enter password: 
MariaDB [(none)]> use Syslog;
Database changed
MariaDB [Syslog]> select * from SystemEvents\G
*************************** 8. row ***************************
                ID: 8
        CustomerID: NULL
        ReceivedAt: 2019-12-07 03:22:31
DeviceReportedTime: 2019-12-07 03:22:31
          Facility: 1
          Priority: 5
          FromHost: localhost
           Message: hello test test test
###If you can see the log information generated by logger and rsyslog, you can save the log information into the database

Step 7 sets the client(192.168.1.18). This step is the only one that needs to be set for the client

##Install package
[root@localhost ~]# dnf install rsyslog-mysql -y

##Modify the configuration file of the service to add the corresponding content (consistent with the content added on the server side)
[root@localhost ~]# vim /etc/rsyslog.conf
module(load="ommysql")
*.*     :ommysql:192.168.1.55,Syslog,syslogroot,syslogpass
[root@localhost ~]# systemctl restart rsyslog

###Test whether the log information of the client can be viewed in the database on the server side
###client
[root@localhost ~]# logger "hello this is a test from client 18"

####The server side uses the same method as before to view the content
MariaDB [Syslog]> select * from SystemEvents\G
*************************** 28. row ***************************
                ID: 28
        CustomerID: NULL
        ReceivedAt: 2019-12-07 03:30:28
DeviceReportedTime: 2019-12-07 03:30:28
          Facility: 1
          Priority: 5
          FromHost: localhost
           Message: hello this is a test from client 18

Step 8 server side installs log analyzer, a tool supporting web page viewing logs

[root@localhost ~]# dnf install httpd php php-mysqlnd php-gd -y
[root@localhost ~]# tar fx loganalyzer-4.1.8.tar.gz 
[root@localhost ~]# cp -r loganalyzer-4.1.8/src/* /var/www/html/
[root@localhost ~]# cp loganalyzer-4.1.8/contrib/* /var/www/html/
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# sh configure.sh 
[root@localhost html]# systemctl restart httpd

Step 9 creates the library, user and authorization needed by lyzeruser tool in mariadb

[root@localhost html]# mysql -u root -p
Enter password: 
MariaDB [(none)]> create database loganalyzer;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> grant all on loganalyzer.* to lyzeruser@'192.168.1.55' identified by 'lyzeruser';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> quit
Bye

Step 10 open browser and deploy log analyzer

! [image-20191207164609190] (Chapter 7 log management. assets/image-20191207164609190.png)

! [image-20191207164635046] (Chapter 7 log management. assets/image-20191207164635046.png)

! [image-20191207164704698] (Chapter 7 log management. assets/image-20191207164704698.png)

! [image-20191207164929730] (Chapter 7 log management. assets/image-20191207164929730.png)

! [image-20191207164950624] (Chapter 7 log management. assets/image-20191207164950624.png)

! [image-20191207165010297] (Chapter 7 log management. assets/image-20191207165010297.png)

! [image-20191207165056960] (Chapter 7 log management. assets/image-20191207165056960.png)

! [image-20191207165711728] (Chapter 7 log management. assets/image-20191207165711728.png)

! [image-20191207165220988] (Chapter 7 log management. assets/image-20191207165220988.png)

! [image-20191207165748067] (Chapter 7 log management. assets/image-20191207165748067.png)

Tags: Linux MariaDB Database MySQL PHP

Posted on Thu, 14 May 2020 10:39:32 -0400 by lunny