实现流程:Cacti服务器安装syslog-ng为中央日志服务器,Cacti通过syslog插件展示,从服务器通过网络将日志实时发送到中央日志服务器。
Cacti下syslog插件安装:
1 2 3 4 | cd /home/wwwroot/cacti/plugins/wget -O syslog.tar.gz http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgztar zxvf syslog.tar.gz |
新建syslog数据库并授权:
1 2 3 | mysql -u root -pcreate database syslog;grant all privileges on syslog.* to cacti@localhost; |
导入syslog数据库:
1 | mysql -u root -p syslog < syslog/syslog.sql |
修改syslog插件配置文件,然后通过web界面安装syslog插件,略过。
1 2 3 4 5 6 7 8 9 10 | vim syslog/config.php $use_cacti_db = false; #不使用cacti默认数据库#定义syslog数据库信息if (!$use_cacti_db) { $syslogdb_type = 'mysql'; $syslogdb_default = 'syslog'; $syslogdb_hostname = 'localhost'; $syslogdb_username = 'cactiuser'; $syslogdb_password = 'password'; $syslogdb_port = 3306; |
Cacti服务器端安装syslog-ng服务端,yum安装需先安装epel源。
1 2 3 4 5 | yum -y install syslog-ngservice syslog stopchkconfig syslog offservice syslog-ng startchkconfig syslog-ng on |
编辑syslog-ng配置文件添加以下内容:
1 2 3 4 5 6 7 8 9 10 11 12 13 | vim /etc/syslog-ng/syslog-ng.conf source net { #源设备为网络接收数据 udp();};destination d_mysql { #目的操作 pipe("/tmp/mysql.pipe" template("INSERT INTO syslog_incoming (host, facility, priority, date, time, message) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$MSG' );\n") template-escape(yes) ); };log { source(net); destination(d_mysql); };#log { source(s_sys); destination(d_mysql); }; |
新建日志数据库导入脚本:
1 2 3 4 5 6 7 8 9 | vim /etc/syslog-ng/syslog.sh #!/bin/bashif [ ! -e /tmp/mysql.pipe ]; then mkfifo /tmp/mysql.pipe fi while [ -e /tmp/mysql.pipe ] do mysql -u root --password=passwd syslog < /tmp/mysql.pipedone |
启动脚本并配置开机启动:
1 2 | sh /etc/syslog-ng/syslog.sh &echo "sh /etc/syslog-ng/syslog.sh" >> /etc/rc.local |
从服务器配置syslog将日志发送到syslog-ng服务器:
1 2 | echo "*.* @server" >> /etc/syslog.conf/etc/init.d/syslog restart |
上张效果图: