HOW TO INSTALL RSYSLOG V8 AND LOGANALYZER V4 ON CENTOS 7

As a System Administrator, logging everything that happens on your systems is an important task for analysis of any unknown issues that occur on your machines. Diagnosis of any system problem starts with checking the system log files. System activity is recorded inside these files which indicate the source of problems that occur.

What is RSYSLOG

RSYSLOG is a super fast system to process logs and events. One of its main features is accepting inputs from various sources, transforming those inputs and outputting the results to different destinations. According to the official website (www.rsyslog.com), it can process up to 1 million messages per second.

RSYSLOG offers the below features:

  • Multi-threading
  • TCP, SSL, TLS, RELP
  • MySQL, PostgreSQL, Oracle and more
  • Filter any part of syslog message
  • Fully configurable output format
  • Suitable for enterprise-class relay chains

1- Install RSYSLOG v8 and Configure Database

CentOS 7 uses an old version of RSYSLOG. In order to install the latest version (v8), we need to install it from the repository offered by the RSYSLOG official website.

In order for the RSYSLOG service to start in case we reboot the system, issue the below command:

Instead of letting RSYSLOG output the messages to static files, we will create a database for RSYSLOG using its built in database located in  /usr/share/doc/rsyslog-mysql-8.18.0/createDB.sql

Install MySQL

But to use MySQL, we need to install the required packages to run a MySQL server:
 After install MySQL, we need to start the mysqld service:
To make this service start when the server reboots:
For security reasons, it is advised to change the MySQL Admin password:
To test if MySQL is installed correctly, log into the database:
You should get the below output:

Configure RSYSLOG Database

To create the RSYSLOG using the default database scheme offered by RSYSLOG, issue the below command:

Access the database you created with the password you assigned earlier:

For security reasons, it is advised to add a dedicated admin database user called rsyslogdbadm to access this database only with a password of your choice.

Now let us test login with the user we created to the Syslog database. If it works, means our database is ready:

To configure RSYSLOG to output the messages to its database, we need to edit its configuration using rsyslog.conf located in /etc/rsyslog.conf .

Things to modify in the configuration file:
  • Add the MySQL Module:
  • Uncomment the below lines:
  • Add a new forwarding rule:
You can also check the #RULES# section to modify any logs you do not want to see in the RSYSLOG database.
Once you are satisfied with the changes, restart the RSYSLOG service:
To check if the RSYSLOG messages are being forwarded to MySQL database:

2- Install LogAnalyzer v4.1.2 Web Application

Adiscon LogAnalyzer is a web inter-face to syslog and other network event data. It provides easy browsing, analysis of realtime network events and reporting services.

Install Prerequisites

In order for LogAnalyzer to function correctly, there are a number of prerequisite packages that need to be installed on our system.
  • Apache
Install Apache:
Start the Service:
Make service automatically starts when the server reboots:
To make sure we have installed Apache correctly, browse to http://your-server-ip/ and you should get the below page:
Install PHP
After installing PHP, let’s create a phpinfo page:
Type the following and save the test.php
Restart the Apache Service
Browse to http://your-server-ip/test.php and you should get the following:

Install LogAnalyzer

Download LogAnalyzer v4.1.3 :
Extract the downloaded tar file:
In order to access LogAnalyzer using the web interface, copy the install files into Apache:
We need to allow execute permissions to the configure.sh and secure.sh files:
Run the ./configure.sh. This will create a blank config.php file with write access:

Now we have to finalise the LogAnalyzer installation using the web interface. Browse to http://your-server-ip/loganalyzer and follow the instructions on the screen similar to the below:

Post a Comment

 
NETWORKSTIP Networking CCNA,Centos,Ubuntu,Sql, © 2013. All Rights Reserved. Shared by NetworksTip Muhammad Nafees
Top