Cacti—rsyslog收集外部裝置日誌
一、安裝rsyslog
一般centos6及以上系統已經安裝好了,這裡使用的centos7.4
使用rpm -qa rsyslog檢視是否安裝
[root@localhost ~]# rpm -qa rsyslog
出現安裝包就說明已安裝,然後只需安裝rsyslog-mysql
[root@localhost ~]#yum install -y rsyslog-mysql
編輯配置檔案,在檔案最後面新增以下內容
[root@localhost ~]# vi /etc/rsyslog.conf
------------------------------------------------------------------------------------------------------------------------------------------------------------
$ModLoad imudp
$UDPServerRun 514
$ModLoad ommysql
$template cacti_syslog,"INSERT INTO syslog_incoming(facility, priority, date, time, host, message) values (%syslogfacility%, %syslogpriority%, '%timereported:::date-mysql%', '%timereported:::date-mysql%', '%HOSTNAME%', '%msg%')", SQL
*.* >localhost
------------------------------------------------------------------------------------------------------------------------------------------------------------------
紅色字型部分根據實際情況修改 (為資料庫地址、資料庫名、使用者名稱、密碼)
[root@localhost ~]# vi /etc/sysconfig/rsyslog //修改為下圖所示
-------------------------------------------------------------------
SYSLOGD_OPTIONS="-c 5 -r -m 0"
KLOGD_OPTIONS="-x"
--------------------------------------------------------------------
重啟服務
[root@localhost ~]# systemctl restart rsyslog
開機自啟
[root@localhost ~]# systemctl enable rsyslog
二、配置資料庫
資料庫安裝參考連結:https://www.cnblogs.com/xiaopotian/p/8196464.html
登入mysql:mysql -uroot -p
建立資料庫:create database syslog default character set utf8;
授權:grant all privileges on syslog.* to cactiuser@localhost identified by 'cactipasswd';
注:syslog為資料庫名,cactiuser為cacti使用者,cactipasswd為cacti使用者密碼
立即生效:flush privileges;
三、安裝syslog外掛
先安裝setting
[root@localhost plugins]# cd /var/www/html/cacti/plugins/
[root@localhost]#wget http://docs.cacti.net/_media/plugin:settings-v0.71-1.tgz -O settings.tgz
[root@localhostplugins]#tar zxvf settings.tgz
在安裝syslog
[root@localhost]#wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz -O syslog.tgz
[root@localhost plugins]#tar zxvf syslog*.tgz
修改配置
[root@localhost plugins]#vi /var/www/html/cacti/plugins/syslog/config.php
更改紅色字型內容
/* revert if you dont use the Cacti database */
$use_cacti_db = false;
if (!$use_cacti_db) {
$syslogdb_type = 'mysql';
$syslogdb_default = 'syslog';
$syslogdb_hostname = 'localhost';
$syslogdb_username = 'cactiuser';
$syslogdb_password = 'cactipasswd';
$syslogdb_port = 3306;
}else{
$syslogdb_type = $database_type;
$syslogdb_default = $database_default;
$syslogdb_hostname = $database_hostname;
$syslogdb_username = $database_username;
$syslogdb_password = $database_password;
$syslogdb_port = $database_port;
}
最後將資料庫匯入
mysql –ucactiuser -pcactipaswd syslog < /var/www/html/cacti/plugins/syslog/syslog.sql
四、防火牆新增規則,開放tcp和udp514埠
iptables -A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
service iptables save
service iptables status
cacti 裡的安裝設定
安裝完成,首頁多了個選項
參考文獻:https://www.cactifans.org/cacti/450.html