日志介紹
日志
- 記錄歷史事件:時間,地點八匠,人物惭墓,事件
- 日志級別:事件的關(guān)鍵性程度翼雀,Loglevel
系統(tǒng)日志服務(wù)
syslogd
- CentOS 5 之前的版本
- syslogd: system application記錄應(yīng)用日志
- klogd: linux kernel記錄日志
rsyslog特性
- CentOS 6和CentOS 7
- 多線程
- 支持UDP,TCP,SSL,TLS,RELP
- 支持把日志寫入MySQL,PGSQL,Oracle實現(xiàn)日志存儲
- 擁有強大的過濾器,可實現(xiàn)過濾記錄日志信息中任意部分
- 可自定義輸出格式
ELK: elasticsearch, logstatsh,kibana
- 非關(guān)系型分布式數(shù)據(jù)庫
- 基于apache軟件基金會jakarta醒目組的項目lucene
- Elasticsearch是個開源分布式搜索引擎
- Logstash對日志進行收集炊邦、分析编矾,并將其存儲供以后使用
- Kibana可以提供的日志分析友好的Web界面
rsyslog介紹
相關(guān)術(shù)語
facility
- 設(shè)施,從功能或程序上對日志進行歸類
- 內(nèi)置類型:auth, authpriv, cron, daemon馁害, kern窄俏, lpr, mail, mark, news, security, user, uucp, local0-local7, syslog
- 幫助文檔:man logger
priority
優(yōu)先級別碘菜,從低到高排序:debug, info, notice, warn(warning), err(error), crit(critical), alert, emerg(panic)
幫助文檔: man 3 syslog
rsyslog組件
- 程序包:rsyslog
- 主程序:/usr/sbin/rsyslogd
- CentOS 6:service rsyslog {start|stop|restart|status}
- CentOS 7:systemctl {start|stop|restart|status} rsyslog.service
- 配置文件:/etc/rsyslog.conf凹蜈,/etc/rsyslog.d/*.conf
- 庫文件: /lib64/rsyslog/*.so
rsyslog配置文件格式:由三部分組成
- MODULES:相關(guān)模塊配置
- GLOBAL DIRECTIVES:全局配置
- RULES:日志記錄相關(guān)的規(guī)則配置
RULES配置
- 配置格式:facility.priority; facility.priority… target
facility
- *: 所有的facility
- facility1,facility2,facility3,....: 指定的facility列表
priority
- *: 所有級別
- none: 沒有級別
- priority: 此級別及更高級別的日志信息
- =priority: 此級別
target
- 記錄與指定的日志文件中,通常應(yīng)該在/var/log目錄下忍啸,文件路徑前的“-”表示異步寫入
- 用戶: 將日志通知給指定用戶,*表示所有用戶
- 日志服務(wù)器:@host仰坦,把日志送往至指定的遠程服務(wù)器記錄
- 管道: | COMMAND,轉(zhuǎn)發(fā)給其它命令處理
啟用網(wǎng)絡(luò)日志服務(wù)
通常的日志格式
- 事件產(chǎn)生的日期時間-主機-進程(pid):事件內(nèi)容
- r日志通常存放在:/var/log/messages, /var/log/cron, /var/log/secure等
Sep 16 09:38:38 mariadb systemd: Started System Logging Service.
配置rsyslog成為日志服務(wù)器
- 加載imudp或imtcp模塊
- 開啟TCP或UDP的514端口(也可以同時開啟)
#### MODULES ####
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
其他日志
- /var/log/secure: 系統(tǒng)安裝日志吊骤,文本格式缎岗,應(yīng)周期性分析
- /var/log/btmp: 當(dāng)前系統(tǒng)上,用戶的失敗嘗試登錄相關(guān)日志白粉;二進制格式传泊;使用lastb命令查看
- /var/log/wtmp: 當(dāng)前系統(tǒng)上,用戶正常登錄系統(tǒng)的相關(guān)日志信息; 二進制格式; last命令可以查看
- /var/log/lastlog:每一個用戶最近一次的登錄信息鸭巴,二進制格式眷细,lastlog命令可以查看;如果重沒登錄鹃祖,顯示“Never logged in”
- /var/log/dmesg:系統(tǒng)引導(dǎo)過程中的日志信息溪椎,文本格式;可以使用dmesg命令查看
- /var/log/messages :系統(tǒng)中大部分的信息
- /var/log/anaconda : anaconda的日志
日志管理journalctl (CentOS 7)
- Systemd 統(tǒng)一管理所有 Unit 的啟動日志。帶來的好處就是,可以只用journalctl一個命令校读,查看所有日志(內(nèi)核日志和應(yīng)用日志)
- 日志的配置文件: /etc/systemd/journald.conf
journalctl用法
- journalctl :查看所有日志(默認情況下 沼侣,只保存本次啟動的日志)
- journalctl -k:查看內(nèi)核日志(不顯示應(yīng)用日志)
- journalctl -b :查看系統(tǒng)本次啟動的日志
- journalctl -b -0 :查看系統(tǒng)本次啟動的日志
- journalctl -b -1 :查看上一次啟動的日志(需更改設(shè)置)
- journalctl -n :顯示尾部的最新10行日志
- journalctl -n 20 :顯示尾部指定行數(shù)的日志
- journalctl -f:實時滾動顯示最新日志
- journalctl --since : 查看指定時間的日志
journalctl --since="2017-10-30 18:10:30"
journalctl --since "20 min ago"
journalctl --since yesterday
journalctl --since "2017-01-10" --until "2017-01-11 03:00"
journalctl --since 09:00 --until "1 hour ago"
- journalctl /PATH/TO/SERVER:查看指定服務(wù)的日志
journalctl /usr/lib/systemd/systemd
- journalctl _PID=# 查看指定進程的日志
journalctl _PID=1
- journalctl /PATH/TO/SH :查看某個路徑的腳本的日志
journalctl /usr/bin/bash
- journalctl _UID=#: 查看指定用戶的日志
journalctl _UID=33 --since today
- journalctl -u APP.UNIT :查看某個 Unit 的日志
journalctl -u nginx.service
journalctl -u nginx.service --since today
- journalctl -u APP.UNIT -f :實時滾動顯示某個 Unit 的最新日志
journalctl -u nginx.service -f
- journalctl -u APP1.UNIT -u APP2.UNIT :合并顯示多個 Unit 的日志
journalctl -u nginx.service -u php-fpm.service --since today
journalctl --no-pager: 日志默認分頁輸出,--no-pager 改為正常的標(biāo)準(zhǔn)輸出
UNIT日志以JSON格式輸出
journalctl -b -u UNIT -o json :單行
journalctl -b -u UNIT -o json-pretty :多行
journalctl --disk-usage:顯示日志占據(jù)的硬盤空間
journalctl --vacuum-size=#{M|G}:指定日志文件占據(jù)的最大空間
journalctl --vacuum-time=1years :指定日志文件保存多久
查看指定優(yōu)先級(及其以上級別)的日志
- 語法: journalctl -p PRIORTY -b
- 0: emerg
- 1: alert
- 2: crit
- 3: err
- 4: warning
- 5: notice
- 6: info
- 7: debug
[root@mariadb ~]#journalctl -p err -b
-- Logs begin at Sat 2018-09-01 05:27:12 CST, end at Sun 2018-09-16 10:21:03 CST. --
Sep 01 05:27:13 centos7 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
Aug 31 21:27:17 centos7 kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
Sep 11 10:15:34 mariadb.guangxi.com sshd[23117]: error: Received disconnect from 192.168.32.9 port 65
lines 1-4/4 (END)
實驗:配置日志服務(wù)器
配置日志服務(wù)器歉秫,收集將其他主機的日志
| hostname | ip |
|---|---|
| logsrv | 192.168.32.71 |
| logclient | 192.168.32.72 |
1. logsrv設(shè)置日志服務(wù)器
- 修改/etc/rsyslog.conf
- 開啟tcp或udp監(jiān)聽蛾洛,或兩個都開啟;同時加載模塊
- sed -i 's@#
ModLoad imudp@' /etc/rsyslog.conf
- sed -i 's@#
ModLoad imtcp@' /etc/rsyslog.conf
- sed -i 's@#
UDPServerRun 514@' /etc/rsyslog.conf
- sed -i 's@#
InputTCPServerRun 514@' /etc/rsyslog.conf
[root@logsrv ~]#sed -i 's@#$ModLoad imudp@$ModLoad imudp@' /etc/rsyslog.conf
[root@logsrv ~]#sed -i 's@#$ModLoad imtcp@$ModLoad imtcp@' /etc/rsyslog.conf
[root@logsrv ~]#sed -i 's@#$UDPServerRun 514@$UDPServerRun 514@' /etc/rsyslog.conf
[root@logsrv ~]#sed -i 's@#$InputTCPServerRun 514@$InputTCPServerRun 514@' /etg.conf
[root@logsrv ~]#sed -n '14,21p' /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
- 重啟rsyslog服務(wù)雁芙,查看監(jiān)聽
- systemctl restart rsyslog
- ss -ntlu |grep 514
[root@logsrv ~]#systemctl restart rsyslog
[root@logsrv ~]#ss -ntlu |grep 514
udp UNCONN 0 0 *:514 *:*
udp UNCONN 0 0 :::514 :::*
tcp LISTEN 0 25 *:514 *:*
tcp LISTEN 0 25 :::514 :::*
[root@logsrv ~]#
2. logclinet設(shè)置
- 修改rsyslog.conf,讓日志指向logsrv
- 只需要把相關(guān)日志的target修改即可
*.info;mail.none;authpriv.none;cron.none @192.168.32.71
- 重啟rsyslog服務(wù)
[root@logclient ~]#systemctl restart rsyslog
- 安裝一個包做測試轧膘,然后查看日志信息
- logclient沒有日志信息
[root@logclient ~]#yum -y -q install lrzsz
[root@logclient ~]#tail /var/log/messages
Sep 16 10:49:18 7node02 systemd-logind: New session 20 of user root.
Sep 16 10:49:18 7node02 systemd: Starting Session 20 of user root.
Sep 16 10:49:59 7node02 systemd-logind: Removed session 20.
Sep 16 10:50:00 7node02 systemd: Started Session 21 of user root.
Sep 16 10:50:00 7node02 systemd-logind: New session 21 of user root.
Sep 16 10:50:00 7node02 systemd: Starting Session 21 of user root.
Sep 16 10:51:19 7node02 chronyd[666]: Selected source 120.25.115.19
Sep 16 10:51:19 7node02 chronyd[666]: System clock wrong by 2.820143 seconds, adjustment started
Sep 16 11:01:01 7node02 systemd: Started Session 22 of user root.
Sep 16 11:01:01 7node02 systemd: Starting Session 22 of user root.
3. 在服務(wù)器端查看日志情況
- 服務(wù)器端收到日志信息
[root@logsrv ~]#tail /var/log/messages
Sep 16 11:06:03 logsrv systemd: Started Session 14 of user root.
Sep 16 11:06:03 logsrv systemd-logind: New session 14 of user root.
Sep 16 11:06:03 logsrv systemd: Starting Session 14 of user root.
Sep 16 11:06:03 logsrv systemd-logind: Removed session 14.
Sep 16 11:07:29 logclient systemd: Stopping System Logging Service...
Sep 16 11:07:29 logclient rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="992" x-info="http://www.rsyslog.com"] exiting on signal 15.
Sep 16 11:07:29 logclient systemd: Starting System Logging Service...
Sep 16 11:07:29 logclient rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="24944" x-info="http://www.rsyslog.com"] start
Sep 16 11:07:29 logclient systemd: Started System Logging Service.
Sep 16 11:08:06 logclient yum[24948]: Installed: lrzsz-0.12.20-36.el7.x86_64
實驗:rsyslog日志記錄存放于MySQL中
- 把日志數(shù)據(jù)存放在MySQL中
依賴包rsyslog-mysql- 配置web日志管理工具loganalyzer
需要http服務(wù)
| hostname | ip |
|---|---|
| logsrv | 192.168.32.71 |
| logclient | 192.168.32.72 |
| mariadb | 192.168.32.73 |
1. logsrv日志服務(wù)器配置
1.1 若要收集其他主機的日志,則開啟監(jiān)聽端口
[root@logsrv ~]#sed -n '14,21p' /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
1.2 安裝rsyslog-mysql和mysql客戶端
[root@logsrv ~]#yum -y install rsyslog-mysql mysql
[root@logsrv ~]#rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
1.3 查看rsyslog-mysql自帶的sql
- 數(shù)據(jù)庫名Syslog
- 表:SystemEvents兔甘,SystemEventsProperties
[root@logsrv ~]#tail -n 40 /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
[root@logsrv ~]#
2. 準(zhǔn)備數(shù)據(jù)庫服務(wù)器
2.1 安裝mariadb
- centos6: mysql-server
- centos7: mariadb-server
[root@mariadb ~]#yum -y install mariadb-server
[root@mariadb ~]#systemctl start mariadb
[root@mariadb ~]#ss -ntl |grep :3306
LISTEN 0 50 *:3306 *:*
2.2 修改配置文件
- vi /etc/my.cnf
- innodb_file_per_table=yes
- skip_name_resolve=yes
[root@mariadb ~]#vi /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
innodb_file_per_table=yes
skip_name_resolve=yes
[root@mariadb ~]#systemctl restart mariadb
2.3 修改數(shù)據(jù)庫root密碼
- 默認空秘密
- 賬號:root,密碼:123456
[root@mariadb ~]#mysqladmin -uroot -p -h127.0.0.1 password 123456
Enter password:
[root@mariadb ~]#mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
2.4 提前給日志數(shù)據(jù)庫Syslog賦權(quán)谎碍,并設(shè)置相關(guān)用戶
- GRANT ALL ON Syslog.* TO 'syslog'@'192.168.32.%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL ON Syslog.* TO 'syslog'@'192.168.32.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
- 測試syslog用戶登錄數(shù)據(jù)庫
[root@mariadb ~]#mysql -usyslog -p123456 -h192.168.32.73
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
3. 日志服務(wù)器連接數(shù)據(jù)庫
3.1 導(dǎo)入sql
[root@logsrv ~]#rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
/usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
[root@logsrv ~]#mysql -usyslog -h192.168.32.73 -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql
Enter password:
[root@logsrv ~]#
3.2 確認創(chuàng)建相應(yīng)數(shù)據(jù)庫和表
- SHOW DATABASES;
- SHOW TABLES;
- SELECT COUNT(*) FROM SystemEvents;
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| Syslog |
| test |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> use Syslog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [Syslog]> SHOW TABLES;
+------------------------+
| Tables_in_Syslog |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
+------------------------+
2 rows in set (0.00 sec)
MariaDB [Syslog]> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
| 0 |
+----------+
1 row in set (0.00 sec)
MariaDB [Syslog]>
3.3 修改/etc/rsyslog.conf
- rsyslog-mysql使用到的庫文件ommysql
[root@logsrv ~]#rpm -ql rsyslog-mysql
/usr/lib64/rsyslog/ommysql.so
- 根據(jù)需求將需要存放在數(shù)據(jù)庫的日志指向mysql服務(wù)器
- $ModLoad ommysql
- facility.priority :ommysql:DBHOST,DBNAME,DBUSER, PASSWORD
#### MODULES ####
$ModLoad ommysql
#### RULES ####
*.info;mail.none;authpriv.none;cron.none :ommysql:192.168.32.73,Syslog,syslog,123456
3.4 重啟服務(wù)后測試配置情況
- 數(shù)據(jù)庫的數(shù)據(jù)增加了
- systemctl restart rsyslog
- mysql -usyslog -p123456 -h192.168.32.73
- SELECT COUNT(*) FROM SystemEvents;
[root@logsrv ~]#systemctl restart rsyslog
[root@logsrv ~]#yum -y install samba
[root@logsrv ~]#mysql -usyslog -p123456 -h192.168.32.73
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use Syslog
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [Syslog]> SELECT COUNT(*) FROM SystemEvents;
+----------+
| COUNT(*) |
+----------+
| 21 |
+----------+
1 row in set (0.00 sec)
MariaDB [Syslog]>
4. 配置loganalyzer使用web展示日志
4.1 日志服務(wù)器配置httpd服務(wù)
- loganalyzer是基于php開發(fā)的
- php-mysql用于連接數(shù)據(jù)庫
- php-gd用于顯示web頁面的統(tǒng)計圖,否則無法顯示統(tǒng)計柱狀圖
[root@logsrv ~]#yum -y install httpd php php-mysql php-gd
[root@logsrv ~]#systemctl start httpd
[root@logsrv ~]#ss -ntl |grep :80
LISTEN 0 128 :::80 :::*
4.2 安裝LogAnalyzer
- 解包
[root@logsrv data]#tar xf loganalyzer-4.1.6.tar.gz
- 把loganalyzer站點拷貝到http的中心主機路徑下
- 創(chuàng)建配置文件洞焙,并賦權(quán)
- 重啟httpd服務(wù)
[root@logsrv data]#cp -ar loganalyzer-4.1.6/src /var/www/html/loganalyzer
[root@logsrv data]#cd /var/www/html/loganalyzer/
[root@logsrv loganalyzer]#touch config.php
[root@logsrv loganalyzer]#chmod 666 config.php
[root@logsrv loganalyzer]#systemctl restart httpd
- 配置loganalyzer(直接在web瀏覽器配置)
- 字符界面只是便于保存過程
- 第一步蟆淀,選Next
[root@logsrv loganalyzer]#links 192.168.32.71/loganalyzer
LogAnalyzer :: Installer Step 1
Show Events
Installing LogAnalyzer Version 4.1.6 - Step 1
Step 1 - Prerequisites
Before you start installing LogAnalyzer, the Installer setup has to check a
few things first.
You may have to correct some file permissions first.
Click on [ Next ] to start the Test!
Install Progress: Installer Step 1 [ Next ]
Made by Adiscon GmbH Adiscon LogAnalyzer Partners: Rsyslog |
(2008-2016) Version 4.1.6 WinSyslog
- 第二步,選next
LogAnalyzer :: Installer Step 2
Show Events
Installing LogAnalyzer Version 4.1.6 - Step 2
Step 2 - Verify File Permissions
The following file permissions have been checked. Verify the results below!
You may use the configure.sh script from the contrib folder to set the
permissions for you.
file './config.php' Writeable
Install Progress: Installer Step 2 [ Next ]
Made by Adiscon GmbH Adiscon LogAnalyzer Partners: Rsyslog |
(2008-2016) Version 4.1.6 WinSyslog
- 第三步闽晦,修改想要的參數(shù)扳碍,然后next
Step 3 - Basic Configuration
In this step, you configure the basic configurations for LogAnalyzer.
Frontend Options
Number of syslog messages per 50_______________________________________
page
Message character limit for 80_______________________________________
the main view
Character display limit for 30_______________________________________
all string type fields
Show message details popup [X] Yes [ ] No
Automatically resolved IP [X] Yes [ ] No
Addresses (inline)
User Database Options
Enable User Database [ ] Yes [X] No
A MYSQL database Server is required for this feature. Other database
engines are not supported for the User Database System. However for
logsources, there is support for other database systems.
Database Host localhost________________________________
Database Port 3306_____________________________________
Database Name loganalyzer______________________________
Table prefix logcon___________________________________
Database User user_____________________________________
Database Password _________________________________________
Require user to be [ ] Yes [X] No
logged in
Authentication method [Internal authentication]
LDAP Authentication Options
LDAP Server Hostname/IP localhost________________________________
LDAP Port, default 389 (636 389______________________________________
for SSL)
Base DN for LDAP Search CN=Users,DC=domain,DC=local______________
Basic Search filter (objectClass=user)_______________________
LDAP Username attribute sAMAccountName___________________________
Privilegied user used to LDAP N=Searchuser,CN=Users,DC=domain,DC=local_
queries
Password of the privilegied ********_________________________________
user
Default administrative LDAP Administrator____________________________
Username
Install Progress: Installer Step 3 [ Next ]
Made by Adiscon GmbH Adiscon LogAnalyzer Partners: Rsyslog |
(2008-2016) Version 4.1.6 WinSyslog
- 第四步,配置數(shù)據(jù)源仙蛉,填入數(shù)據(jù)庫的信息和用戶密碼笋敞。下一個頁面點擊finish就完成了配置
- 配置完成后使用web登錄即可links 192.168.32.71/loganalyzer
Step 7 - Create the first source for syslog messages
First Syslog Source
Name of the Source My Syslog Source_________________________
Source Type [MYSQL Native__]
Select View [Syslog Fields___]
Disk Type Options
Logline type [Syslog / RSyslog___________]
Syslog file /var/log/syslog______________________________________________
Database Type Options
Database Storage Engine [Mysql Server_______________]
Table type [MonitorWare]
Database Host 192.168.32.73____________________________
Database Name Syslog___________________________________
Database Tablename SystemEvents_____________________________
Database User syslog___________________________________
Database Password ******___________________________________
Enable Row Counting [X] Yes [ ] No
analyzer.png
analyzer2.png
