Loading... <p><strong>一、前言</strong></p> <hr /> <p> 目前查看系统日志比较被动,遇到系统不正常或故障时才会主动去检查服务器系统日志,这样一来不能及时了解系统的运行情况,因此部署Logzilla+sphine+syslog-ng来弥补这不足。以下为安装、部署平台详细步骤。(Logzilla是什么新东西?其实前身就是php-syslog-ng,引用作者的话“Php-syslog-ng is now known as LogZilla. Same owner, better code :-)”)</p> <p><strong>二、平台初始化</strong></p> <hr /> <p><span style="font-size: 12px">#yum install libdbi* libnet<br />#cpan Date::Calc Text::LevenshteinXS String::CRC32</span></p> <p><strong>三、下载相关包</strong></p> <hr /> <p><span style="font-size: 12px">#cd /home/install<br />#mkdir logzilla;cd logzilla<br />#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz<br />#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm</span></p> <p><strong>四、开始安装</strong></p> <hr /> <p><span style="font-size: 12px"># cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/<br /># tar zxvf eventlog_0.2.9.tar.gz<br /># cd eventlog-0.2.9/<br /># rpmbuild –ba eventlog.spec.bb<br /># cd /usr/src/redhat/RPMS/x86_64<br /># rpm -Uvh libevtlog*<br /></span></p> <p><span style="font-size: 12px">#cd /home/install/logzilla<br />#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm</span></p> <p><strong>五、安装logzilla</strong></p> <hr /> <p><span style="font-size: 12px">#cd /www/webroot/<br />#wget http://php-syslog-ng.googlecode.com/files/logzilla_3.0.85.tgz<br />#tar -zxvf logzilla_3.0.85.tgz<br />#cd logzilla/scripts<br />#./install.pl</span><br />(根据实际情况来回应就OK了)</p> <pre class="brush:python;toolbar:false">=================== LogZilla Installation ==================== Enter the MySQL root username [root]: Enter the password for root [mysql]: Database to install to [syslog]: Database table to install to [logs]: Enter the name of the MySQL server [127.0.0.1]: Enter the port of the MySQL server [3306]: Enter the name to create as the owner of the logs database [syslogadmin]: Enter the password for the syslogadmin user [syslogadmin]: Enter the name to create as the WEBSITE owner [admin]: Enter the password for admin [admin]: Enter your email address [cdukes@cdukes.com]: Enter a name for your website [The home of LogZilla]: Enter the base url for your site (include trailing slash) [/logs/]: / Where should log files be stored? [/var/log/logzilla]: How long should I keep old logs? (in days) [30]: ======================================== Path Updates ======================================== Getting ready to replace paths in all files with "/www/webroot/logzilla" Ok to continue? [y]: Updating file paths Modifying ../scripts/db_insert.pl Modifying ../scripts/contrib/system_configs/logzilla.crontab Modifying ../scripts/contrib/system_configs/syslog-ng.conf Modifying ../scripts/contrib/system_configs/logzilla.apache Modifying ../sphinx/indexer.sh Modifying ../sphinx/sphinx.conf Updating log paths Modifying ../scripts/contrib/system_configs/logzilla.crontab Modifying ../scripts/contrib/system_configs/logzilla.logrotate ==================== Database Installation ==================== All data will be installed into the syslog database Ok to continue? [y]: ==================== Config.php generation ==================== Generating /www/webroot/logzilla/html/config/config.php Ok to continue? [y]: ==================== System files ==================== Adding LogZilla logrotate.d file to /etc/logrotate.d Ok to continue? [y]: Where is your syslog-ng.conf file located? [/etc/syslog-ng/syslog-ng.conf]: /opt/syslog-ng/etc/syslog-ng.conf Adding syslog-ng configuration to /opt/syslog-ng/etc/syslog-ng.conf Ok to continue? [y]: Found 1 sources Which source definition would you like to use? [s_all]: LogZilla installation complete... Note: you may need to enable the MySQL Event Scheduler in your /etc/my.cnf file. Please visit http://forum.logzilla.info/index.php/topic,71.0.html for more information. Also, please visit http://nms.gdd.net/index.php/Install_Guide_for_LogZilla_v3.0#UDP_Buffers to learn how to increase your UDP buffer size (otherwise you may drop messages). Please run /etc/init.d/syslog-ng restart</pre> <p><strong>六、安装 Sphinx</strong></p> <hr /> <p><span style="font-size: 12px">#cd logzilla/sphinx/src<br />#tar xzvf sphinx-0.9.9.tar.gz<br /></span></p> <p><span style="font-size: 12px">#cd sphinx-0.9.9<br />#./configure –prefix `pwd`/../..<br />#make && make install</span></p> <p><span style="font-size: 12px">#cd /www/webroot/logzilla/sphinx<br />#vi sphinx.conf<br />#!/usr/bin/php 替换成实际php的位置,如#!/usr/local/php/bin/php<br />#./indexer.sh full<br />#bin/searchd</span></p> <p>提示:<br />ERROR: index 'idx_logs': sql_query_pre[0]: Column 'max_id' cannot be null (DSN=mysql://syslogadmin:***@127.0.0.1:3306/syslog).<br />如果看到该信息,属正常,因为现在还没有数据:)</p> <p>添加作业:</p> <pre class="brush:python;toolbar:false">30 0 1 * */www/webroot/logzilla/sphinx/indexer.sh full >>/www/webroot/logzilla/sphinx/log/sphinx_indexer.log 2>&1 */5 * * * */www/webroot/logzilla/sphinx/indexer.sh delta >>/www/webroot/logzilla/sphinx/log/sphinx_indexer.log 2>&1 0 0 * * */www/webroot/logzilla/sphinx/indexer.sh merge >>/www/webroot/logzilla/sphinx/log/sphinx_indexer.log 2>&1</pre> <p>添加rc.local<br /><span style="font-size: 12px">#vi /etc/rc.local</span></p> <pre class="brush:python;toolbar:false">/www/webroot/logzilla/sphinx/bin/searchd -c /www/webroot/logzilla/sphinx/sphinx.conf</pre> <p><strong>七、配置Mysql</strong></p> <hr /> <pre class="brush:bash;toolbar:false"># mysql -u<username> -p<password> mysql> SELECT @@event_scheduler; +-------------------+ | @@event_scheduler | +-------------------+ | OFF | +-------------------+ 1 row in set (0.00 sec)</pre> <p>激活event_scheduler</p> <pre class="brush:python;toolbar:false;">view plainprint? mysql> SET GLOBAL event_scheduler = 1; Query OK, 0 rows affected (0.00 sec) mysql> SELECT @@event_scheduler; +-------------------+ | @@event_scheduler | +-------------------+ | ON | +-------------------+ 1 row in set (0.00 sec) mysql> quit;</pre> <p><strong>八、修改Syslog-ng配置</strong></p> <hr /> <p><span style="font-size: 12px">v#i /opt/syslog-ng/etc/syslog-ng.conf</span></p> <p>(略)</p> <p><strong>九、修改apache配置</strong></p> <hr /> <p><span style="font-size: 12px">#vi httpd.conf</span></p> <pre class="brush:python;toolbar:false">view plainprint? # LogZilla Alias /logs "/www/webroot/logzilla/html/" <Directory "/www/webroot/logzilla/html/"> Options Indexes MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory></pre> <p><span style="font-size: 12px">重启apache服务:/etc/init.d/apache2 restart</span></p> <p><strong>十、IONCube授权</strong></p> <hr /> <p><span style="font-size: 12px">http://127.0.0.1/logs/login.php</span><br /><img src="//cto.wang/usr/uploads/2016/07/20160703165622-9.png" title="1427441268674285.gif" alt="1.gif" /><br />下载源码包<span style="font-size: 12px">ioncube_loaders_lin_x86-64.tar.gz<br /></span></p> <p><span style="font-size: 12px">#mkdir -p /usr/local/ioncube<br />#tar -zxvf ioncube_loaders_lin_x86-64.tar.gz<br />#cd ioncube<br />#cp * /usr/local/ioncube/<br />#vi /usr/local/php/lib/php.ini<br />zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.2.so</span></p> <p><span style="font-size: 12px">#/etc/init.d/apache2 restart</span></p> <p><strong>十一、安装完毕</strong></p> <hr /> <p><span style="font-size: 12px">http://127.0.0.1/logs/login.php</span><br />根据install.pl配置的管理员帐号密码进行登录。<br />1、MainPage<br /><img src="//cto.wang/usr/uploads/2016/07/20160703165623-61.png" title="1427441301785011.png" alt="4.png" /><br />2、StatPage<br /><img src="//cto.wang/usr/uploads/2016/07/20160703165623-58.png" title="1427441316747982.png" alt="5.png" /><br /><strong>十二、客户端配置</strong></p> <hr /> <p><span style="font-size: 12px">#vi /etc/syslog.conf</span><br />在最后添加以下,其中syslog.admin.com.cn为主机域名,也可以直接用IP代替。</p> <pre class="brush:python;toolbar:false">*.emerg;*.err;*.warning @syslog.admin.com.cn</pre> <p><span style="font-size: 12px">#/etc/init.d/syslog restart</span></p> <p><span style="font-size: 12px">测试:logger -p local4.err "This is a local.err test message."</span></p> <p>参考文献:<br />http://nms.gdd.net/index.php/Install_Guide_for_LogZilla_v3.0</p> <p>如大家有什么疑问或感兴趣的话题可以通过weibo与我交流:http://t.qq.com/yorkoliu</p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信