In this post I will cover.
1) Setting up a syslog server to log messages from local and remote sources.
2) Setup a GUI front end showing syslog items.
I’ve done this on both Ubuntu Server 10.04 and 12.04.
First we need to get some items loaded. We will load these right from the repository.
apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog
Edit /etc/rsyslog.conf and uncomment or add the following. This will set the server to accept inbound syslog messages on UDP port 514.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None”
DefaultType text/plain Addtype application/x-httpd-php .php
Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.
Now on to the LogAnalyzer.
Download the latest log analyzer from the adiscon web site at http://loganalyzer.adiscon.com/downloads
cd /opt wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.2.tar.gz
Unzip and extract the file.
gunzip loganalyzer-3.5.6.tar.gz tar -xvf loganalyzer-3.5.6.tar
Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.
mkdir /var/www/html/syslog cp -r /opt/loganalyzer-3.5.6/src/* /var/www/syslog cp -r /opt/loganalyzer-3.5.6/contrib/*.sh /var/www/syslog chmod +x /var/www/html/syslog/*.sh cd /var/www/html/syslog/ ./configure.sh
Grant Apache access to syslog.
usermod -G adm www-data
apt-get install rsyslog-mysql
Use a web browser to hit the new web service at http://SERVERNAME/syslog/index.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.
在浏览器输入网址,进入安装向导
1.提示没有配置文件,点击here利用向导生成
2.NEXT
3.按照如图输入配置,点击NEXT:
注:点击NEXT时若报错,后台执行如下命令后继续
# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock
4.开始写入数据库,NEXT
5.提示写入成功,NEXT
6.设置管理员账户,配置完毕NEXT
7.设置监控日志保存到mysql数据库中,按照如图配置后NEXT
8.完成配置,FINISH
9.进入登陆界面:
10.进入主界面:
查看loganalyzer是否获取192.168.7.201和192.168.7.74系统日志
利用navicat查看rsyslog服务端和客户端系统日志是否都写入数据库Syslog-SystemEvents表