Because of this, I will show you how to configure rsyslog to write events in MySQL DB and a web interface for queries with filters to facilitate viewing of the logs without have to access the console for such task.
The focus of this post is on CentOS / Red Hat, but it can be used in other distributions with a few modifications in the process.
Prerequisites
It may be interesting for you to use a web-based repository for Yum for this follow the instructions in this postInstalling the necessary packages
Making sure that the services will start at boot
# chkconfig --levels 35 httpd on# chkconfig --levels 35 mysqld onSetting rSyslog
Note rSyslog uses the same syntax as syslog.conf. So, if you have a customized configuration you can copy syslog.conf over rsyslog.conf, just remember to rename the original rsyslog.conf to rsyslog.conf.orig just in case something goes wrong then you can rollback to the original one.
Before everything, it’s needed to start MySQL service
As root, lets create the access for the user from rSyslog to connect do database
Now, create the database that will be used by rSyslog
As root, run
Back to the file, /etc/rsyslog.conf add this line before the rsyslog directives
This is the syntax:
Where
- ommysql: is the plugin name
- database-server: MySQL db server address (tipicaly localhost)
- database-name: database
- database-userid: the user allowed to connect to MySQL
- database-password: user password
*.* :ommysql:localhost,Syslog,rsyslog,P45sword*.info;mail.none;authpriv.none;cron.none /var/log/messagesauthpriv.* /var/log/securemail.* -/var/log/maillogcron.* /var/log/cron*.emerg *uucp,news.crit /var/log/spoolerlocal7.* /var/log/boot.logAllowing remote connections to rSyslogIt’s possible to start rsyslog right now, so you can see if everything gonna ok
Watch the log /var/log/messages, if everything is ok, a message from rsyslog starting may look like this one, without error
Sep 22 18:42:23 master kernel: rklogd 2.0.6, log source = /proc/kmsg started.Installing the Web UI client for rSyslogDownload the frontend phpLogCon to your server
Extract to /usr/src
# tar zxvf phplogcon-2.6.4.tar.gz -C /usr/srcGo to directory where you extracted it, in this case /usr/src/phplogcon-2.6.4 and copy the directory src to /var/www/html
# cd /var/www/html/syslog# touch config.php# chown apache config.phpAccess your web browser pointing to server address http://172.20.32.205/syslog, replace the address with your server.
Note the error, it’s normal and awaited. Click in “here” to start configuring phpLogCon.
The installer will check the OS for the prerequisites to start the program. Click “Next”.
The test was done on the phpLogCon has write access to config.php file that we created and defined the permission. Click “Next” to continue.
On Basic Configuration, let the default options selected. Click “Next”.
This is the most important part, it’s here that will be configured the data sources from Syslog.
Change the field “Source Type” to “MySQL” and fill the fields on block “Database Type Options”, like the figure above.
Click Next.
Ready! All okie dokie now!
Click “Finish!” and you will be redirected to the main screen for the phpLogCon.
Setting clients to log on Syslog server
On Linux clientes that you wanna log on a Syslog server, you must configure /etc/sysconfig.conf and add the following line:
Where, “syslog_server” is the hostname or IP Address from syslog server.
With this done, you need to restart Syslog service on host client
Those procedures are for Red Hat / CentOS servers clients. You should adapt to you distribution.
Please, leave a comment showing the procedure for your client! It will be very helpful.
No comments:
Post a Comment