How to install and configure a SysLog Server

Follow

The following document describes how to install and configure a SysLog Server on a CentOS 6.5 Linux Operating System. The steps described below can also be applied to other distributions with very minor corrections. For more information check the corresponding documentation.

The solution is based on three main component:

LAMP stack (Linux, Apache, MySQL, PHP)
Rsyslog server http://www.rsyslog.com/
LogAnalyzer http://loganalyzer.adiscon.com/

This guide assumes that both SELinux and IPTables are disabled and not running. If that kind of security level is necessary, check the proper documentation.

 

Apache

To install Apache Web server open a root command line and type:

[root@localhost ]# yum install httpd


Start the server:

[root@localhost ]# service httpd start


Set automatically start the server at boot time:

[root@localhost ]# chkconfig httpd on


Test the Apache installation:

Open http://localhost or http://your-server-address on your web browser of choice and check if Apache is working. You should see a page like this:

 

MySQL

To install MySQL database, open a root command line and type:

[root@localhost ]# yum install mysql mysql-server


Start the server:

[root@localhost ]# service mysqld start 


Set the server to automatically start on boot:

[root@localhost ]# chkconfig mysql on 


Change the MySQL root user password

[root@localhost ]# mysqladmin -u root password 'changeMe' 


Test the MySQL installation.

Log in to the database:

[root@localhost ]# mysql -u root -p 


You should receive an output like this:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights
reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

mysql>

Type 'exit' to log out:

mysql> exit

 

PHP

To install PHP open a root command line and type:

[root@localhost ]# yum install php php-mysql


Create a simple test page to test the installation, by using your editor of choice:

[root@localhost ]# nano /var/www/html/test.php


Insert the following content:

<?php 
    phpinfo();
?>


Save and close.

Restart the web server:

[root@localhost ]# service httpd restart


Open http://localhost/test.php or http://your-server-address/test.php on your web browser of choice. You should receive a page like this:


Rsyslog

To install Rsyslog server, open a root command line and type:

[root@localhost ]# yum install rsyslog*


Start the server:

[root@localhost ]# service rsyslog start 


Set automatically start the server at boot time:

[root@localhost ]# chkconfig rsyslog on


Rename the Rsyslog database:

[root@localhost ]# nano /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql


From Syslog to rsyslogdb

CREATE DATABASE rsyslogdb; 
USE rsyslogdb;
CREATE TABLE SystemEvents (
[...]


Create the rsyslogdb database:

[root@localhost ]# mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql


Now you should be able to access the database:

[root@localhost ]# mysql -u root -p rsyslogdb


Create a dedicated user to access the Rsyslog database:

mysql> GRANT ALL ON rsyslogdb.* TO rsysloguser@localhost IDENTIFIED BY 'changeMe';

mysql> FLUSH PRIVILEGES;

mysql> exit


Test if you can access the database with the new user typing:

[root@localhost ]# mysql -u rsysloguser -p rsyslogdb


Configure the Rsyslog server in order to use MySQL.

Open the configuration file:

[root@localhost ]# nano /etc/rsyslog.conf


Uncomment the following modules:

$ModLoad imudp 
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


Add the MySQL module:

$ModLoad ommysql


Add the forwarding rule:

*.* :ommysql:127.0.0.1,rsyslogdb,rsysloguser,changeMe


where:

127.0.0.1 - mysql server address
rsyslogdb - mysql rsyslog database name
rsysloguser - mysql rsyslog database user username
changeMe - mysql rsyslog database user password


Save and exit.

Restart the Rsyslog server in order to load the new configuration:

[root@localhost ]# service rsyslog restart


You should be able to see the log entry in the database:

[root@localhost ]# mysql -u rsysloguser -p rsyslogdb

mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
|        2 |
+----------+


You should have a count number greater than ZERO. If not, wait a few seconds in order to let Rsyslog to generate log entries.


Hint:


To send a test message to the log:

[root@localhost ]# echo '<14>ip_address_here tag_here message here' | nc -v -u -w 0 127.0.0.1 514

 

LogAnalyzer

Download the latest version of the software (when this document was written, it was 3.6.5):

[root@localhost ]# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz


Unpack the tarball:

[root@localhost ]# tar zxvf loganalyzer-3.6.5.tar.gz


Copy installation files to the desired folder:

[root@localhost ]# cp -r loganalyzer-3.6.5/src/ /var/www/html/loganalyzer
[root@localhost ]# cp -r loganalyzer-3.6.5/contrib/* /var/www/html/loganalyzer/


Change directory to the installation folder:

[root@localhost ]# cd /var/www/html/loganalyzer/


Add the execution permission to the following files:

[root@localhost ]# chmod +x configure.sh secure.sh


Now run ./configure.sh. This will create a blank config.php, and will also set write access to everyone to it.

[root@localhost ]# ./configure.sh


To complete the installation open http://localhost/loganalyzer or http://your-server-address/loganalyzer on your web browser of choice. You should receive an error page like this:

Click on here link and start the guided installation process:

Step 1

Simply click Next to start the process.

Step 2

Simply click Next to continue the process.

Step 3

Enable the user database to secure the UI access and fill the fields accordingly

Step 4

Simply click Next to continue the process.

Step 5

Simply click Next to continue the process.

Step 6

Create a user in order to access the LogAnalyzer web interface. In the example we create a user admin/admin, fill the fields and click Next to continue the process.


Step 7

Create the first source for Syslog messages. Fill the fields and then click Next to continue the process.

Step 8

Simply click Next to continue the process.


The installation is complete.

Step 9

Log in the web UI with the credentials created in Step 6

Step 10

Congratulations! You have successfully installed and configured your logging solution.

Have more questions? Submit a request

Comments