Setup Syslog with LogAnalyzer on Ubuntu Server

最新推荐文章于 2023-09-21 10:43:17 发布

天天向上_好好学习

最新推荐文章于 2023-09-21 10:43:17 发布

阅读量2.3k

点赞数

分类专栏：安全开发

开发同时被 2 个专栏收录

168 篇文章 0 订阅

订阅专栏

安全

63 篇文章 1 订阅

订阅专栏

In this post I will cover.
1) Setting up a syslog server to log messages from local and remote sources.
2) Setup a GUI front end showing syslog items.

I’ve done this on both Ubuntu Server 10.04 and 12.04.

First we need to get some items loaded. We will load these right from the repository.

apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog

Edit /etc/rsyslog.conf and uncomment or add the following. This will set the server to accept inbound syslog messages on UDP port 514.

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None”

DefaultType text/plain
Addtype application/x-httpd-php .php

Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.

Now on to the LogAnalyzer.
Download the latest log analyzer from the adiscon web site at http://loganalyzer.adiscon.com/downloads

cd /opt
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.2.tar.gz

Unzip and extract the file.

gunzip loganalyzer-3.5.6.tar.gz 
tar -xvf loganalyzer-3.5.6.tar

Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.

mkdir /var/www/html/syslog
cp -r /opt/loganalyzer-3.5.6/src/* /var/www/syslog
cp -r /opt/loganalyzer-3.5.6/contrib/*.sh /var/www/syslog
chmod +x /var/www/html/syslog/*.sh
cd /var/www/html/syslog/
./configure.sh

Grant Apache access to syslog.

usermod -G adm www-data

apt-get install rsyslog-mysql

Use a web browser to hit the new web service at http://SERVERNAME/syslog/index.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.

在浏览器输入网址，进入安装向导

　　1.提示没有配置文件，点击here利用向导生成

　　2.NEXT

　　3.按照如图输入配置，点击NEXT：

　　注：点击NEXT时若报错，后台执行如下命令后继续

　　# ln -s /var/lib/mysql/mysql.sock /tmp/mysql.sock

　　4.开始写入数据库，NEXT

　　5.提示写入成功，NEXT

　　6.设置管理员账户，配置完毕NEXT

　　7.设置监控日志保存到mysql数据库中，按照如图配置后NEXT

　　8.完成配置,FINISH

　　9.进入登陆界面：

　　10.进入主界面：

　　查看loganalyzer是否获取192.168.7.201和192.168.7.74系统日志

　　利用navicat查看rsyslog服务端和客户端系统日志是否都写入数据库Syslog-SystemEvents表

天天向上_好好学习

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Setup Syslog with LogAnalyzer on Ubuntu Server

In this post I will cover.1) Setting up a syslog server to log messages from local and remote sources.2) Setup a GUI front end showing syslog items. I’ve done this on both Ubuntu Server 10.04 an
复制链接

扫一扫

专栏目录