Rsyslog : データベースにログを出力する2015/03/31 |
データベースにログを出力する際の設定です。
|
|
[1] |
データベースはいくつかの主要なものから選択可能ですが、ここでは例として MySQL を利用します。
よって、こちらを参考に MySQLサーバーをインストールして起動しておきます。
|
[2] | MySQL に Rsyslog 用のユーザーやデータベースを設定します。 |
[root@dlp ~]#
[root@dlp ~]# yum -y install rsyslog-mysql cat /usr/share/doc/rsyslog-mysql-*/createDB.sql | mysql -u root -p Enter password: [root@dlp ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. # rsyslog ユーザーを作成し、Syslog DB に対して権限を付与 (password には任意のパスワードを設定) mysql> grant all privileges on Syslog.* to rsyslog@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit Bye |
[3] | ログをデータベースへ出力するように Rsyslog を設定します。 |
[root@dlp ~]#
vi /etc/rsyslog.conf # 20行目あたりに追記 $ModLoad ommysql
# 例として authpriv.* のログを DB へ出力 # 書式 ⇒ :ommysql:ホスト,DB,DBユーザー,DBパスワード authpriv.* :ommysql:localhost,Syslog,rsyslog,password
/etc/rc.d/init.d/rsyslog restart Shutting down system logger: [ OK ] Starting system logger: [ OK ] |
[4] | DB を見てみると、以下のようにログが記録されていることが分かります。 |
[root@dlp ~]# mysql -u rsyslog -p Syslog Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 13 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show tables; +------------------------+ | Tables_in_Syslog | +------------------------+ | SystemEvents | | SystemEventsProperties | +------------------------+ 2 rows in set (0.00 sec)mysql> select ReceivedAt,Facility,Priority,FromHost,Message from SystemEvents; +---------------------+----------+----------+----------+------------------------------------------------+ | ReceivedAt | Facility | Priority | FromHost | Message | +---------------------+----------+----------+----------+------------------------------------------------+ | 2015-04-01 23:21:04 | 10 | 6 | node01 | Accepted password for cent from 10.0.0.30 por | | 2015-04-01 23:21:04 | 10 | 6 | node01 | pam_unix(sshd:session): session opened for us | | 2015-04-01 23:21:09 | 10 | 6 | node01 | pam_unix(su-l:session): session opened for us | | 2015-04-01 23:21:09 | 10 | 6 | node01 | pam_unix(su-l:session): session closed for us | | 2015-04-01 23:21:09 | 10 | 6 | node01 | Received disconnect from 10.0.0.30: 11: disco | | 2015-04-01 23:21:09 | 10 | 6 | node01 | pam_unix(sshd:session): session closed for us | | 2015-04-01 23:21:50 | 10 | 6 | dlp | pam_unix(su-l:session): session opened for us | | 2015-04-01 23:22:16 | 10 | 6 | dlp | pam_unix(su-l:session): session closed for us | | 2015-04-01 23:22:18 | 10 | 6 | dlp | pam_unix(su-l:session): session closed for us | | 2015-04-01 23:22:20 | 10 | 6 | dlp | pam_unix(login:session): session closed for u | | 2015-04-01 23:22:26 | 10 | 6 | dlp | pam_unix(login:session): session opened for u | | 2015-04-01 23:22:26 | 10 | 6 | dlp | DIALUP AT ttyS0 BY cent | | 2015-04-01 23:22:26 | 10 | 6 | dlp | LOGIN ON ttyS0 BY cent | | 2015-04-01 23:22:32 | 10 | 6 | dlp | pam_unix(su-l:session): session opened for us | +---------------------+----------+----------+----------+------------------------------------------------+ 14 rows in set (0.00 sec) |
Sponsored Link |
|