Tutorial php-syslog-ng, syslog-ng and mysql.
If you are looking for a solution to trace the logs of one or more machines in a web interface you're in the right place
Package used:
eventlog-0.2.7-1.el5.x86_64.rpm -> support library syslog-ng-2.1.3-1.el5.x86_64.rpm -> centralizing newspaper php-syslog-ng-2.9.8f.tgz -> Interface web log recovered
Biensur you need a working mysql server if it is not the case: click here
Installation:
Redhat & CentOS:
You will find these rpms in the repository rpmfind
eventlog-0.2.7-1.el5.x86_64.rpm syslog-ng-2.1.3-1.el5.x86_64.rpm
rpm-Uvh eventlog and syslog-ng
Debian & Ubuntu:
aptitude install syslog-ng that you also install libevtlog.
Installation:
First download php-syslog-ng here: http://code.google.com/p/php-syslog-ng/downloads/list
Unpack php-syslog-ng-2.9.8f.tgz your htdocs (DocumentRoot)
example: / opt / httpd / htdocs / or / var / www / for Debian or Ubuntu
tar xvzf php-syslog-ng-2.9.8f.tgz
Two files to change due to bug:
Replace the contents of: sample_data.sql (the cares of the original is that it is more valuable than tables)
This file is here: / opt / httpd / htdocs / php-syslog-ng / html / install / sql /
mv sample_data.sql sample_data.sql.orig
vi / opt / httpd / htdocs / php-syslog-ng / html / install / sql / sample_data.sql
For this:
INSERT INTO `logs` (host, facility, priority, level, tag, datetime, program, msg, counter) VALUES ( 'www-srv-001', 'daemon', 'warning', 'alert', 'Tag', '2006-06-15
22:25:32 ',' Test Script ','% AAA-3-IPILLEGALMSG: Fan 1 had a rotation error reported. ', 1), (' t-3550-2 ',' kern ',' info ', 'alert', 'Tag', '2006-06-15 22:25:34 ',' Test
Script ',' Duplicate address 10.10.2.2 on Vlan20 ', 2), (' t-3550-2 ',' mail ',' warning ',' crit ',' Tag ', '2006-06-15 22:25 : 36 ',' Test Script ',' Line protocol on Interface
FastEthernet0 / 7, changed state to up ', 3);
INSERT INTO `search_cache` VALUES ( 'logs', 'HOST', 'as-3550-2', '2006-06-15 18:25:54'),(' logs ',' HOST ',' www-srv -001 ', '2006-06-15 18:25:54'),(' logs',' FACILITY ',' d
Aemon ', '2006-06-15 18:25:54'),(' logs', 'FACILITY', 'kern', '2006-06-15 18:25:54'),(' logs ',' FACILITY ',' mail ', '2006-06-15 18:25:54');
Watch out for line breaks!
For the second amendment it is the end if you have any problems accessing your php-syslog with your browser:
If below to well after your htdocs example: / opt / httpd / htdocs / php-syslog-ng / html /
File: / opt / httpd / htdocs / php-syslog-ng / html / config / config.php
define ( 'siteurl', '/ php-syslog-ng/html /');
Syslog-ng:
Important!: Using the syslog-ng.conf provided by php-syslog-ng.
here it is: / opt / httpd / htdocs / php-syslog-ng / scripts / syslog-ng.conf
And put it in / etc / syslog-ng /
A small thing to change in:
(destination d_mysql
program ( "/ opt / mysql / bin / mysql-u syslogadmin - password = password syslog-B> / dev / null"
template ( "INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$ HOST', '$ FACILITY', '$ PRIORITY', '$ LEVEL', '$ TAG', '$ YEAR-$ MONTH-$ DAY $ HOUR: $ MIN: $ SEC', '$ PROGRAM' , '$ MSG') \ n ")
template-escape (yes));
);
Note:
First thing the password appears in clear
# Ps-ef | grep syslog
root 1070 1 0 09:50 pts / 0 00:00:00 / bin / sh-c / opt / mysql / bin / mysql-u syslogadmin - password = password syslog-B> / dev / null
Second thing:
You may encounter this error in php-syslog-ng:
srvtest syslog 09:41:01 syslog-ng syslog-ng [1071]: Error opening file for writing; filename = '/ dev / xconsole', error = 'No such file or directory (2)'
To resolve:
mkfifo / dev / xconsole
chown root: tty / dev / xconsole
chmod 640 / dev / xconsole
Third thing:
Syslog listening on port udp 514
Then you only have to go to the URL you have chosen your preferred browser is Firefox