Step 1
Install apache server for web authentication
yum install httpd
start the service
systemctl start httpd
systemctl enable httpd
step 2
Install mysql and mysql-server
yum install mysql mysql-server
then start the services
systemctl start mysqld
systemctl enable mysqld
login mysql with root so you can provide password for root in mysql
mysql -u root password 'yourpassword'
test your login
mysql -u root -p
Step 3
Install php with php mysql
yum install php php-mysql
Create a simple test page to test the installation, by using your editor of choice:
vi /var/www/html/test.php
insert the following content
<?php
phpinfo ();
?>
save and close
restart the web server
systemctl restart httpd
check whether php is working or not with below url
http://localhost/test.php
Step 4
Install rsyslog
yum install rsyslog * -y
you have to stop syslog service then only it will work
systemctl stop syslogd
systemctl disable syslogd
then start the rsyslog service
systemctl start rsyslog
systemctl enable rsyslog
Step 5
Now we need to create db for rsyslog so make sql file with following content
CREATE DATABASE rsyslog;
USE rsyslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
Install apache server for web authentication
yum install httpd
start the service
systemctl start httpd
systemctl enable httpd
step 2
Install mysql and mysql-server
yum install mysql mysql-server
then start the services
systemctl start mysqld
systemctl enable mysqld
login mysql with root so you can provide password for root in mysql
mysql -u root password 'yourpassword'
test your login
mysql -u root -p
Step 3
Install php with php mysql
yum install php php-mysql
Create a simple test page to test the installation, by using your editor of choice:
vi /var/www/html/test.php
insert the following content
<?php
phpinfo ();
?>
save and close
restart the web server
systemctl restart httpd
check whether php is working or not with below url
http://localhost/test.php
Step 4
Install rsyslog
yum install rsyslog * -y
you have to stop syslog service then only it will work
systemctl stop syslogd
systemctl disable syslogd
then start the rsyslog service
systemctl start rsyslog
systemctl enable rsyslog
Step 5
Now we need to create db for rsyslog so make sql file with following content
CREATE DATABASE rsyslog;
USE rsyslog;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
MaxAvailable int NULL,
CurrUsage int NULL,
MinUsage int NULL,
MaxUsage int NULL,
InfoUnitID int NULL ,
SysLogTag varchar(60),
EventLogType varchar(60),
GenericFileName VarChar(60),
SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
ID int unsigned not null auto_increment primary key,
SystemEventID int NULL ,
ParamName varchar(255) NULL ,
ParamValue text NULL
);
now we need to create db with following command
mysql -u root -p < /usr/share/doc/rsyslog-7.4.7/createDB.sql
then login to mysql with root
and give one dedicated user for this DB
mysql -u root -p rsyslog
GRAND ALL ON rsyslog.* TO DB_User@localhost IDENTIFIED BY 'DBUser_Password';
FLUSH PRIVILEGES;
exit
test if you can login with the db user that you have created.
mysql -u db_user -p rsyslog
Step 6
Configure the rsyslog configuration we need some modification on that.
first take a backup of original rsyslog.conf file
cd /etc/
mv rsyslog.conf rsyslog.conf_bk
vi rsyslog.conf
just paste the following content and make modification of your DB and password
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress *
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad ommysql
*.* :ommysql:localhost,rsyslog,DB_User,password
# database template that separates the process ID from the syslog tag
$template dbFormat,"insert into SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, processid) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag:R,ERE,1,FIELD:(.+)(\[[0-9]{1,5}\]).*--end%', '%syslogtag:R,ERE,1,BLANK:\[([0-9]{1,5})\]--end%')",sql
# Switch back to default ruleset
$RuleSet RSYSLOG_DefaultRuleset
# Switch to remote ruleset
$RuleSet remote
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
then save and close
then restart the rsyslog
stystemctl restart rsyslog
Step 7
Check the rsyslog DB working or not
login mysql
mysql -u root -p
SHOW DATABASES;
USE rsyslog
SHOW TABLES;
select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
| 57 |
+----------+
1 row in set (0.00 sec)
If it's shows 0 count then it's not working. but don't worry this already cleared it's clear documentation for all issue.
Step 8
install Loganalyzer
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
tar -xvzf loganalyzer-3.6.5.tar.gz
mkdir /var/www/html/loganalyzer
cp -r loganalyzer-3.6.5/src/* /var/www/html/loganalyzer/
cp -r loganalyzer-3.6.5/contrib/* /var/www/html/loganalyzer/
then goto loganalyzer path
cd /var/www/html/loganalyzer
change permission for configure.sh and secure.sh
chmod +x configure.sh secure.sh
then configure the loganalyzer with following command
./configure.sh
then create config.php
touch config.php
change the owner and permission for that
chown apache:apache config.php
chmod 666 config.php
now your ready to install loganalyzer
Step 9
Goto browser and provide the url like
http://ip or hostname/loganalyzer
now you can see the page like below
just click next on that
Make sure config.php is writable and click Next.
Provide all the credentials like image
In this step installer will create tables. If it's already exists then you will get warning message.
just click next
In this image show the result of the table creations. click next
In this you are asking to create admin user and password with your own credentials.
after provide the details click next.
In this page it will ask the rsyslog db details provide and click next.
finish the installation click next
Login screen will be shown like this. Some times it shows Wrong Username or Password!
in that case you have to do the following steps.
login to mysql
mysql -u root -p
use rsyslog
show tables;
+------------------------+
| Tables_in_logview |
+------------------------+
| SystemEvents |
| SystemEventsProperties |
| logcon_charts |
| logcon_config |
| logcon_dbmappings |
| logcon_fields |
| logcon_groupmembers |
| logcon_groups |
| logcon_savedreports |
| logcon_searches |
| logcon_sources |
| logcon_users |
| logcon_views |
+------------------------+
select count(*) from logcon_users;
+----------+
| count(*) |
+----------+
| 0 |
+----------+
1 row in set (0.00 sec)
cause of this that error will shows
Just you need to add the user with following command
INSERT INTO logcon_users VALUES (1, 'admin', 'admin', 1, 0, 0) ;
now check
select count(*) from logcon_users;
+----------+
| count(*) |
+----------+
| 1 |
+----------+
1 row in set (0.00 sec
select * from logcon_users;
+----+----------+----------+----------+-------------+------------+
| ID | username | password | is_admin | is_readonly | last_login |
+----+----------+----------+----------+-------------+------------+
| 1 | admin | admin | 1 | 0 | 0 |
+----+----------+----------+----------+-------------+------------+
1 row in set (0.00 sec)
but still it won't login so we need to give the following command to reset the password.
update logcon_users set password=MD5('admin123') where username='admin';
flush privileges;
exit
now check the login
Client configuration
Install rsyslog in client
yum install rsyslog* -y
then need to add simple content to the end of the conf file
vi /etc/rsysylog.conf
add the below content in EOD
Client configuration
Install rsyslog in client
yum install rsyslog* -y
then need to add simple content to the end of the conf file
vi /etc/rsysylog.conf
add the below content in EOD
*.info;mail.none;authpriv.none;cron.none @rsyslog server ip
then start the rsyslog service
systemctl start rsyslog.service
Congratulations You have complete the loganalyzer.....
No comments:
Post a Comment