未来往事一、EventLog Analyzer是什么?
1、EventLog Analyzer是一款集日志存储、管理、审计、分析功能与一身的系统软件,可以收集分析路由器、交换机、防火墙和IDS/IPS、服务器、企业运行的应用程序,如数据库和网络服务器等。
2、EventLog Analyzer支持5个日志源免费,版本信息如下图:
二、EventLog Analyzer下载
三、EventLog Analyzer软件安装
1、Linux安装,Centos、Redhat都可以,我这里使用7.X版本最小安装,安装过程就不赘述了,系统资源最低为2C/4G/40G。
2、将下载的bin文件通过SFTP上传到linux操作系统中。
3、关闭SELinux安全
setenforce 0 #临时关闭SElinux sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config #永久关闭SElinux 或者手动修改配置文件: vim /etc/selinux/config SELINUX=enforcing #将enforcing替换为disabled SELINUX=disabled
4、关闭firewall防火墙
systemctl stop firewalld systemctl disable firewalld
5、执行命令进行安装
[root@EventLog ~]# chmod +x ManageEngine_EventLogAnalyzer_64bit.bin #给安装添加执行权限
[root@EventLog ~]# ll
总用量 190056
-rw-------. 1 root root 1565 12月 2 11:33 anaconda-ks.cfg
-rwxr-xr-x. 1 root root 194612022 5月 4 18:30 ManageEngine_EventLogAnalyzer_64bit.bin
[root@EventLog ~]# ./ManageEngine_EventLogAnalyzer_64bit.bin #执行安装程序
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
./ManageEngine_EventLogAnalyzer_64bit.bin: line 2852: unzip: command not found
Invalid unzip command found
Launching installer...
Graphical installers are not supported by the VM. The console mode will be used instead...
===============================================================================
ManageEngine EventlogAnalyzer (created with InstallAnywhere)
-------------------------------------------------------------------------------
Preparing CONSOLE Mode Installation...
===============================================================================
===============================================================================
Introduction
------------
InstallAnywhere will guide you through the installation of ManageEngine
EventlogAnalyzer.
It is strongly recommended that you quit all programs before continuing with
this installation.
Respond to each prompt to proceed to the next step in the installation. If
you want to change something on a previous step, type 'back'.
You may cancel this installation at any time by typing 'quit'.
PRESS <ENTER> TO CONTINUE: ^H #按ENTER键阅读协议
===============================================================================
License Agreement
-----------------
DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT? (Y/N):
DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT? (Y/N): y #按Y同意协议
===============================================================================
Do you want to register for technical support?(Y/N) (Default: Y): n #按N不选择支持服务,这样就不会让你输入支持信息
===============================================================================
Choose Install Folder
---------------------
Where would you like to install?
Default Installation Folder: /opt/ManageEngine/EventLog
ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT #按ENTER保持默认路径
:
===============================================================================
===============================================================================
Server Port Configuration
-------------------------
Server Port Configuration
Enter the EventLog Analyzer Web Server Port (Default: 8400): #按回车保持默认端口号
===============================================================================
Install As Service
------------------
Enter requested information
1- Install EventLog Analyzer as Service
->2- Do not install EventLog Analyzer as a service
ENTER A COMMA-SEPARATED LIST OF NUMBERS REPRESENTING THE DESIRED CHOICES, OR
PRESS <ENTER> TO ACCEPT THE DEFAULT: 1 #这个地方一定要按1选择安装服务。
===============================================================================
Pre-Installation Summary
------------------------
Please Review the Following Before Continuing:
Product Name:
ManageEngine EventlogAnalyzer
Install Folder:
/opt/ManageEngine/EventLog
Disk Space Information (for Installation Target):
Required: 476.33 MegaBytes
Available: 77,166.52 MegaBytes
PRESS <ENTER> TO CONTINUE: #按ENTER确认安装信息
===============================================================================
Ready To Install
----------------
InstallAnywhere is now ready to install ManageEngine EventlogAnalyzer onto
your system at the following location:
/opt/ManageEngine/EventLog
PRESS <ENTER> TO INSTALL: #按ENTER确认安装路径
===============================================================================
Installing...
-------------
[==================|==================|==================|==================]
[------------------|------------------|------------------|------------------]
===============================================================================
Installation Complete
---------------------
Congratulations. ManageEngine EventlogAnalyzer has been successfully installed
to:
/opt/ManageEngine/EventLog
PRESS <ENTER> TO EXIT THE INSTALLER: #到此安装就结束了;
[root@EventLog ~]#/etc/init.d/eventloganalyzer start #安装完成启动试试,如果不报错就可以
6、设置开机启动启动
chmod +x /etc/rc.d/rc.local #给启动脚本添加执行权限; vim /etc/rc.local /etc/init.d/eventloganalyzer start #在最后一行增加本行,设置开机自动启动
四、登录WEB页面
1、打开浏览器输入:http://IP:8400即可打开页面;
2、默认用户名密码都为admin
你好,我发现我的版本还有一个月到期要怎么处理呢?
可以联系购买,或者将授权数量降为5,我这里不提供破解key
安装完成启动报错,求指教
-bash: /etc/init.d/eventloganalyzer: No such file or directory
检查安装目录
怎么日志同步啊,发现日志数量还是0
抓包检查日志发送
我添加了几台网络设备都可以,就是安全设备不行,有两台天融信和一台网神3600,抓包都没问题就是抓不到日志,不知道是不是不兼容呀,有大佬知道怎么弄么
检查一下日志格式