Thursday, February 6, 2014

Setup SYSLOG with LogAnalyzer on Ubuntu Server

In this post I will cover.
1) Setting up a syslog server to log messages from local and remote sources.
2) Setup a GUI front end showing syslog items.
I’ve done this on Ubuntu Server 12.04.
First we need to get some items loaded. We will load these right from the repository.
agp-get update
apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog
Edit /etc/rsyslog.conf and uncomment or add the following. This will set the server to accept inbound syslog messages on UDP port 514.
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None”
DefaultType text/plain
Addtype application/x-httpd-php .php
Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.
Now on to the LogAnalyzer.
Download the latest log analyzer from the adiscon web site at http://loganalyzer.adiscon.com/downloads
cd /opt
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
Unzip and extract the file.
gunzip loganalyzer-3.6.5.tar.gz 
tar -xvf loganalyzer-3.6.5.tar 
Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.
mkdir /var/www/syslog
cp -r /opt/loganalyzer-3.6.5/src/* /var/www/syslog
cp -r /opt/loganalyzer-3.6.5/contrib/*.sh /var/www/syslog
chmod +x /var/www/syslog/*.sh
cd /var/www/syslog/
./configure.sh
Grant Apache access to syslog.
usermod -G adm www-data
Use a web browser to hit the new web service at http://syslogserverip/syslog/index.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.

No comments: