Posts Tagged: ‘Central Log Server’

Central log Server using rsyslog mysql and phplogcon

March 24, 2010 Posted by admin

yum install rsyslog rsyslog-mysql php php-mysql php-gd

I opted to use a newer version of rsyslog for some features that are not included in the version the ships with centos 5.4

rsyslog4-mysql-4.4.2-4.ius.el5.x86_64.rpm rsyslog4-4.4.2-4.ius.el5.x86_64.rpm

This rsyslog config logs to a mysql database and also local filesystem in /var/log

edit /etc/rsyslog.conf

$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so     # provides –MARK– message capability

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so 
$InputTCPServerRun 514

# Provides MYSQL logging
$ModLoad MySQL

*.* >localhost,Syslog,rsyslog,rsyslog

#####################################################
# Log everything to a per host daily logfile        #
#####################################################
$template DailyPerHostLogs,"/var/log/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages.log"
*.* -?DailyPerHostLogs

Next log on to MySQL and create a user and database

 service mysqld start

# mysql
mysql> GRANT SELECT, UPDATE, INSERT ON Syslog.* TO rsyslog@localhost IDENTIFIED BY 'password';
mysql> \q

 

Next we will use phplogcon installer to create the mysql tables

You can grab the latest version of phplogcon from

 http://www.phplogcon.org/downloads

tar -zxvf phplogcon-2.8.1.tar.gz -C /var/www/html

cd /var/www/html/phplogcon-2.8.1
mv src /var/www/html/syslog

next create empty config.php file

touch /var/www/html/syslog/config.php
chown apache:apache /var/www/html/syslog/config.php
chmod 777 /var/www/html/syslog/config.php

Next point your browser to  http://<ip address>/syslog and follow the steps