CentOS8 利用rsyslog日志服务，将收集的日志记录于MySQL中

• log-Client:10.0.0.12

• log-Server:10.0.0.11

• mysql：10.0.0.13

实现步骤：

• 1.在rsyslog服务器上安装连接mysql模块相关的程序包。

#安装提供连接mysql模块的软件包 yum install rsyslog-mysql Installed:   mariadb-connector-c-3.0.7-1.el8.x86_64            rsyslog-mysql-8.1911.0-6.el8.x86_64 

#rsyslog服务连接MySQL的模块提供的相关文件： [root@LogServer log]# rpm -ql rsyslog-mysql /usr/lib/.build-id /usr/lib/.build-id/b1 /usr/lib/.build-id/b1/435a976b2dfddfb19d0d1517964f615d510402 /usr/lib64/rsyslog/ommysql.so  #提供的模块文件 /usr/share/doc/rsyslog/mysql-createDB.sql  #提供了一个mysql服务器用于存储rsyslog日志信息的数据库创建的sql文件 #记录怎么把日志存到mysql中 

• 2.将创建数据库的sql文件传给mysql服务器端（10.0.0.12--->10.0.0.13）

#10.0.0.11 [root@LogServer log]# scp   /usr/share/doc/rsyslog/mysql-createDB.sql 10.0.0.13:/root  

• 3.mysql端的相关配置：

#10.0.0.13 #导入sql文件生成对应的数据库 [root@CentOS8 ~]# mysql < mysql-createDB.sql  [root@CentOS8 ~]# mysql Welcome to the MySQL monitor.  Commands end with ; or g. Your MySQL connection id is 12 Server version: 8.0.21 Source distribution  Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.  Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.  Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.  mysql> show databases; +--------------------+ | Database           | +--------------------+ | Syslog             | | hellodb            | | information_schema | | mysql              | | performance_schema | | sys                | +--------------------+ 6 rows in set (0.34 sec)  #创建一个用于rsyslog日志服务器连接mysql的用户 mysql> create user syslog@'10.0.0.%' identified by 'redhat'; Query OK, 0 rows affected (0.24 sec)  mysql> grant all on Syslog.* to syslog@'10.0.0.%'; Query OK, 0 rows affected (0.03 sec)  #刷新权限 mysql> flush privileges; Query OK, 0 rows affected (0.46 sec) 

• 4.配置日志服务器将日志发送至指定数据库

# 10.0.0.11 #配置rsyslog将日志保存到mysql中 module(load="ommysql") #加载连接mysql的模块，安装软件包的时候提供  #将日志服务器的所有日志都发送到mysql服务器 格式：#facility.priority   :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD *.info                                                  :ommysql:10.0.0.13,Syslog,syslog,redhat  [root@centos8 ~]#systemctl restart rsyslog.service 

• 5.测试：

#10.0.0.12  #通过客户端在日志服务器上生成日志 [root@CentOS8 ~]# logger "this is a test log" [root@CentOS8 ~]# logger "this is a test log"  #10.0.0.13 mysql> SELECT COUNT(*) FROM SystemEvents; +----------+ | COUNT(*) | +----------+ |        9 | +----------+ 1 row in set (0.13 sec)  mysql> SELECT COUNT(*) FROM SystemEvents; +----------+ | COUNT(*) | +----------+ |       10 | +----------+ 1 row in set (0.00 sec)  mysql> show tables; +------------------------+ | Tables_in_Syslog       | +------------------------+ | SystemEvents           | | SystemEventsProperties | +------------------------+ 2 rows in set (0.12 sec)