前情提要:
此情境視為將安裝client 端rsyslog server
並安裝 rsyslog-mysql套件將其syslog透過3306port 寫入至db
故需要再/etc/rsyslog.conf 寫入設定,
而主機名稱會以hostname決定呈現名稱。
安裝監控
cd /var/www/html/cacti/plugins
wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz
mv plugin:syslog-v1.22-2.tgz syslog-v1.22-2.tgz
tar -zxvf syslog-v1.22-2.tgz
==
mysql -u root -p
Enter password:
mysql> create database syslog;
mysql> show databases;
mysql> quit
===
cd /var/www/html/cacti/plugins/syslog
mysql -u root -p -A syslog < syslog.sql
mysql -u root -p
grant all on syslog.* to 'cactiuser'@'' identified by "cacti";
flush privileges;
==
cd /var/www/html/cacti/plugins/syslog/
vi config.php
$use_cacti_db = false; '將 ture 改為 false
$syslogdb_username = 'cactiuser'; '改成您所設定的帳號
$syslogdb_password = 'cactipassword'; '改成您所設定的密碼
=cacti office=
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactipassword";
$database_port = "3306";
$database_ssl = false;
==
log server 主機防火牆設定
sudo firewall-cmd --permanent --zone=public --add-port=3306/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
service rsyslog status
=========
client
==================
yum install rsyslog-mysql
vi /etc/rsyslog.conf
==
#cacti 20160716 edwin.chen
$ModLoad ommysql.so
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* :ommysql:192.168.1.10,syslog,cactiuser,cactipassword;cacti_syslog
$ModLoad imudp.so
$ModLoad imtcp.so
$UDPServerRun 514
$InputTCPServerRun 514
==
*.* :ommysql:資料庫所在的主機, 所用的資料庫,資料庫的使用者帳號,密碼;SyslogInsert(自定義)
==
service rsyslog restart
chkconfig rsyslog on
======
於switch設定
R1(config)# logging trap
R1(config)# logging 192.168.10
R1(config)# logging on