¡Ø °¢½Ã½ºÅÛ ·Î±×¸¦ ·Î±×ÅëÇÕ¼¹ö¿¡ ¿ø°Ý º¸°üÇÏ°í À¥¿¡¼ ¸ð´ÏÅ͸µÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù.
¿ø°Ý·Î±× ¼³Á¤ÀÌ µÇ¾îÀÖ´Â ¼¹ö´Â ÅëÇÕ¼¹ö¿¡ ·Î±×À» ±â·ÏÇϸç ÅëÇÕ¼¹ö¿¡¼´Â MYSQL DB·Î ÀúÀå°ü¸®ÇÏ´Â ¹æ½ÄÀÔ´Ï´Ù.
1. ·Î±× ÅëÇÕ¼¹ö
# yum -y install rsyslog rsyslog-mysql
# yum mysql* php53* httpd*
# chkconfig rsyslog on
# service rsyslog start
1) mysql ¼³Á¤
- µ¥ÀÌŸ ÃʱâÈ
# mysql -u root < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
- ±ÇÇÑ ¹× À¯Àú »ý¼º
mysql> create user 'rsyslog'@'localhost' identified by 'rsyslog';
mysql> grant all on Syslog.* to 'rsyslog'@'localhost' with grant option;
mysql> flush privileges;
mysql> exit;
2) rsyslog ¼³Á¤
# cat /etc/rsyslog.conf
# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
$UDPServerRun 514
$ModLoad ommysql.so
$template dbFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%FROMHOST%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",SQL
*.info;mail.none;authpriv.none;cron.none :ommysql:localhost,Syslog,rsyslog,rsyslog;dbFormat
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# /etc/sysconfig/rsyslog
SYSLOGD_OPTIonS="-r -m 0"
3). À¥¼¹ö ¼³Á¤
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.5.1.tar.gz
# tar zxvf loganalyzer-3.5.1.tar.gz
# mv ./loganalyzer-3.5.1/src /var/www/html/syslog
# mv ./loganalyzer-3.5.1/contrib/* /var/www/html/syslog
# cd /var/www/html/syslog
# chmod u+x configure.sh secure.sh
# ./configure.sh