Difference between revisions of "LogAnalyzer Setup"
(→Server rsyslog Setup) |
m |
||
(12 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | PARENT PAGE LINK: [[LogAnalyzer]] | ||
+ | |||
+ | |||
Note: this document has been used with the following loganalyzer versions: 3.0.2 (and a few before 3.0.2), 4.1.5 | Note: this document has been used with the following loganalyzer versions: 3.0.2 (and a few before 3.0.2), 4.1.5 | ||
Line 7: | Line 10: | ||
PHP - most versions, but please use something recent, or the version included with a distro that is still receiving updates | PHP - most versions, but please use something recent, or the version included with a distro that is still receiving updates | ||
− | === | + | === Software Setup === |
1. Install rsyslog and PHP mySQL modules | 1. Install rsyslog and PHP mySQL modules | ||
# yum install rsyslog-mysql php-mysql | # yum install rsyslog-mysql php-mysql | ||
− | 2. | + | 2. Get the latest loganalyzer package (http://loganalyzer.adiscon.com/) and copy to /tmp |
− | + | ||
− | + | ||
− | 3. | + | 3. Uncompress and move to standard RedHat/CentOS compatible 3rd party software location (/usr/share)<br> |
+ | NOTE: 4.1.5 is probably not the version being installed, please use the version number being installed in place of 4.1.5 | ||
+ | # mkdir /tmp/work-syslog ; cd /tmp/work-syslog/ | ||
+ | # tar xzvf /tmp/loganalyzer-4.1.5.tar.gz | ||
+ | # mkdir /usr/share/loganalyzer-4.1.5 /usr/share/doc/loganalyzer-4.1.5 | ||
+ | # mv loganalyzer-4.1.5/* /usr/share/doc/loganalyzer-4.1.5/ | ||
+ | # mv /usr/share/doc/loganalyzer-4.1.5/src/* /usr/share/loganalyzer-4.1.5/ | ||
+ | # mv /usr/share/doc/loganalyzer-4.1.5/doc/* /usr/share/doc/loganalyzer-4.1.5/ | ||
+ | # rm -rf /usr/share/doc/loganalyzer-4.1.5/doc /usr/share/doc/loganalyzer-4.1.5/src /usr/share/loganalyzer-4.1.5/doc | ||
+ | # ln -s /usr/share/loganalyzer-4.1.5 /usr/share/loganalyzer | ||
+ | # touch /usr/share/loganalyzer-4.1.5/config.php | ||
+ | # chown apache.apache /usr/share/loganalyzer-4.1.5/config.php | ||
+ | |||
+ | === Rsyslog Server Setup === | ||
+ | 1. set up user and grant proper perms; | ||
# mysql -p mysql | # mysql -p mysql | ||
mysql> grant insert on Syslog.* to 'syslog-insert'@'localhost' identified by 'somepwA'; | mysql> grant insert on Syslog.* to 'syslog-insert'@'localhost' identified by 'somepwA'; | ||
mysql> flush privileges; | mysql> flush privileges; | ||
− | + | 2. Update /etc/rsyslog.conf, make sure the following lines are added<br> | |
− | + | Add the following to the end of the ModLoad/MODULES section | |
− | + | ||
− | + | ||
− | 2. Update /etc/rsyslog.conf | + | |
− | + | ||
− | Add the following | + | |
# enable mySql plugin/module | # enable mySql plugin/module | ||
$ModLoad ommysql | $ModLoad ommysql | ||
− | Add the following | + | Add the following to the beginning of the logging/RULES section (before #kern.* line) |
# log all to mySql | # log all to mySql | ||
*.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA | *.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA | ||
− | 3. Restart rsyslog service | + | 3. Create database/tables |
+ | # mysql -p </usr/share/doc/rsyslog-mysql-*/createDB.sql | ||
+ | |||
+ | 4. Restart rsyslog service | ||
# service rsyslog restart | # service rsyslog restart | ||
− | === | + | === Apache Setup === |
− | + | NOTE: this assumes this is on the company image, which creates most of the needed dirs/files/configs)<br> | |
− | + | 1. setup doc root<br> | |
− | + | ||
− | NOTE: | + | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
NOTE: syslog1 is the short hostname (hostname -s) of the system you are installing on | NOTE: syslog1 is the short hostname (hostname -s) of the system you are installing on | ||
# cd /home/httpd/syslog1/ | # cd /home/httpd/syslog1/ | ||
# rm -rf public_html | # rm -rf public_html | ||
# ln -s /usr/share/loganalyzer-3.0.2 public_html | # ln -s /usr/share/loganalyzer-3.0.2 public_html | ||
− | + | 2. setup vhost file<br> | |
− | add the following to /etc/httpd/conf/vhost-ssl.d/0-syslog1 (hostname -s) after ServerAdmin and before proxy section | + | add the following to /etc/httpd/conf/vhost-ssl.d/0-syslog1 (hostname -s) after ServerAdmin and before proxy section<br> |
− | <Directory /home/httpd/syslog1 | + | Note: enabling the use of a symlink is done for the dir in which the symlink resides |
+ | <Directory /home/httpd/syslog1> | ||
Options FollowSymLinks | Options FollowSymLinks | ||
</Directory> | </Directory> | ||
− | + | 3. enable php | |
# cp -p /etc/httpd/conf.d/php.conf /etc/httpd/conf.d-run/ | # cp -p /etc/httpd/conf.d/php.conf /etc/httpd/conf.d-run/ | ||
− | + | 4. start up or restart apache (and make sure it starts on boot) | |
+ | ENT 7 | ||
+ | # systemctl start httpd | ||
+ | # systemctl enable httpd | ||
+ | BEFORE Ent 7 | ||
# service httpd restart | # service httpd restart | ||
# chkconfig httpd on | # chkconfig httpd on | ||
− | === Web Interface | + | === Web Interface Setup === |
− | 1. setup user | + | 1. setup user and permissions |
# mysql -p | # mysql -p | ||
− | > grant select, update, insert, create, drop, alter on Syslog.* to 'syslog-read'@'localhost' identified by 'somepwB'; | + | mysql> grant select, update, insert, create, drop, alter on Syslog.* to 'syslog-read'@'localhost' identified by 'somepwB'; |
− | > flush privileges; | + | mysql> flush privileges; |
2. web interface configuration<br> | 2. web interface configuration<br> | ||
Line 96: | Line 100: | ||
=== Web Interface Fix === | === Web Interface Fix === | ||
− | There was an issue (in older vers), that appeared more than once (possibly due to apache or php settings), where a config was populated but was not usable due to missing values. The following needed to be set in this situation to configure these for | + | There was an issue (in older vers), that appeared more than once (possibly due to apache or php settings), where a config was populated but was not usable due to missing values. The following needed to be set in this situation to configure these settings for their default values<br> |
1. fix config.php<br> | 1. fix config.php<br> | ||
1a. edit config.php | 1a. edit config.php | ||
Line 111: | Line 115: | ||
$CFG['EnableIPAddressResolve'] = 1; | $CFG['EnableIPAddressResolve'] = 1; | ||
− | === | + | === Client Rsyslog Setup === |
− | + | configure clients to connect to this central syslog server [[Rsyslog Client]] | |
− | + | ||
− | + | ||
=== Recreating mySQL database === | === Recreating mySQL database === | ||
− | If you have to recreate mySQL data from scratch<br> | + | If you have to recreate mySQL data from scratch (due to corruption, or other issues)<br> |
1. make sure mysql is down | 1. make sure mysql is down | ||
+ | ENT 7 | ||
+ | # systemctl stop mariadb | ||
+ | BEFORE Ent 7 | ||
# service mysqld stop | # service mysqld stop | ||
− | 2. wipe out all the data (make sure this is what you want to do, otherwise google how to repair innodb | + | 2. wipe out all the data (make sure this is what you want to do, otherwise if you are wiping it out due to running out of diskspace or database corruption, google how to repair mysql/mariadb innodb databases) |
# rm -rf /var/lib/mysql/* /var/lib/mysql/.my* | # rm -rf /var/lib/mysql/* /var/lib/mysql/.my* | ||
− | 3. rebuild mysql & loganalyzer tables<br> | + | 3. restart mysql |
+ | ENT 7 | ||
+ | # systemctl start mariadb | ||
+ | BEFORE Ent 7 | ||
+ | # service mysqld start | ||
+ | |||
+ | 4. purge unneeded users (link) | ||
+ | |||
+ | 5. rebuild mysql & loganalyzer tables<br> | ||
Rerun the following steps from above | Rerun the following steps from above | ||
+ | Rsyslog Server Setup; step 1 | ||
Server mySQL Setup; steps 2-4 | Server mySQL Setup; steps 2-4 | ||
− | Web Interface | + | Web Interface Setup; step 1 |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + |
Latest revision as of 12:44, 12 June 2017
PARENT PAGE LINK: LogAnalyzer
Note: this document has been used with the following loganalyzer versions: 3.0.2 (and a few before 3.0.2), 4.1.5
Contents
Prerequisites
Rsyslog - any version that supports/includes the mySQL module or has the rsyslog-mysql rpm available MySQL/MariaDB - See MySQL/MariaDB Setup to make sure you have MySQL or MariaDB set up/running Apache - any version, but please use something recent, or the version included with a distro that is still receiving updates PHP - most versions, but please use something recent, or the version included with a distro that is still receiving updates
Software Setup
1. Install rsyslog and PHP mySQL modules
# yum install rsyslog-mysql php-mysql
2. Get the latest loganalyzer package (http://loganalyzer.adiscon.com/) and copy to /tmp
3. Uncompress and move to standard RedHat/CentOS compatible 3rd party software location (/usr/share)
NOTE: 4.1.5 is probably not the version being installed, please use the version number being installed in place of 4.1.5
# mkdir /tmp/work-syslog ; cd /tmp/work-syslog/ # tar xzvf /tmp/loganalyzer-4.1.5.tar.gz # mkdir /usr/share/loganalyzer-4.1.5 /usr/share/doc/loganalyzer-4.1.5 # mv loganalyzer-4.1.5/* /usr/share/doc/loganalyzer-4.1.5/ # mv /usr/share/doc/loganalyzer-4.1.5/src/* /usr/share/loganalyzer-4.1.5/ # mv /usr/share/doc/loganalyzer-4.1.5/doc/* /usr/share/doc/loganalyzer-4.1.5/ # rm -rf /usr/share/doc/loganalyzer-4.1.5/doc /usr/share/doc/loganalyzer-4.1.5/src /usr/share/loganalyzer-4.1.5/doc # ln -s /usr/share/loganalyzer-4.1.5 /usr/share/loganalyzer # touch /usr/share/loganalyzer-4.1.5/config.php # chown apache.apache /usr/share/loganalyzer-4.1.5/config.php
Rsyslog Server Setup
1. set up user and grant proper perms;
# mysql -p mysql mysql> grant insert on Syslog.* to 'syslog-insert'@'localhost' identified by 'somepwA'; mysql> flush privileges;
2. Update /etc/rsyslog.conf, make sure the following lines are added
Add the following to the end of the ModLoad/MODULES section
# enable mySql plugin/module $ModLoad ommysql
Add the following to the beginning of the logging/RULES section (before #kern.* line)
# log all to mySql *.* :ommysql:127.0.0.1,Syslog,syslog-insert,somepwA
3. Create database/tables
# mysql -p </usr/share/doc/rsyslog-mysql-*/createDB.sql
4. Restart rsyslog service
# service rsyslog restart
Apache Setup
NOTE: this assumes this is on the company image, which creates most of the needed dirs/files/configs)
1. setup doc root
NOTE: syslog1 is the short hostname (hostname -s) of the system you are installing on
# cd /home/httpd/syslog1/ # rm -rf public_html # ln -s /usr/share/loganalyzer-3.0.2 public_html
2. setup vhost file
add the following to /etc/httpd/conf/vhost-ssl.d/0-syslog1 (hostname -s) after ServerAdmin and before proxy section
Note: enabling the use of a symlink is done for the dir in which the symlink resides
<Directory /home/httpd/syslog1> Options FollowSymLinks </Directory>
3. enable php
# cp -p /etc/httpd/conf.d/php.conf /etc/httpd/conf.d-run/
4. start up or restart apache (and make sure it starts on boot)
ENT 7 # systemctl start httpd # systemctl enable httpd BEFORE Ent 7 # service httpd restart # chkconfig httpd on
Web Interface Setup
1. setup user and permissions
# mysql -p mysql> grant select, update, insert, create, drop, alter on Syslog.* to 'syslog-read'@'localhost' identified by 'somepwB'; mysql> flush privileges;
2. web interface configuration
2a. go to the new URL (configured in; Web Interface setup, step 3a) in a browser, you will get the following message;
Error, main configuration file is missing!
2b. click 'here' on the following message;
Click here to Install Adiscon LogAnalyzer!
2c. click 'next' on the following page;
Step 1 - Prerequisites
2d. click 'next' on the following page;
Step 2 - Verify File Permissions
2e. click 'next' on the following page;
Step 3 - Basic Configuration
2f. Fill in the following and click 'next';
Source Type: MYSQL Native Database Name: Syslog Database Tablename: SystemEvents Database User: syslog-read Database Password: somepwB
2g. Click 'here' on the following message;
Step 8 - Done Click here to go to your installation.
Web Interface Fix
There was an issue (in older vers), that appeared more than once (possibly due to apache or php settings), where a config was populated but was not usable due to missing values. The following needed to be set in this situation to configure these settings for their default values
1. fix config.php
1a. edit config.php
# vi /usr/share/loganalyzer-3.0.2/config.php
1b. set ViewMessageCharacterLimit
$CFG['ViewMessageCharacterLimit'] = 80;
1c. set ViewStringCharacterLimit
$CFG['ViewStringCharacterLimit'] = 30;
1d. set ViewEntriesPerPage
$CFG['ViewEntriesPerPage'] = 50;
1e. set ViewEnableDetailPopups
$CFG['ViewEnableDetailPopups'] = 1;
1f. set EnableIPAddressResolve
$CFG['EnableIPAddressResolve'] = 1;
Client Rsyslog Setup
configure clients to connect to this central syslog server Rsyslog Client
Recreating mySQL database
If you have to recreate mySQL data from scratch (due to corruption, or other issues)
1. make sure mysql is down
ENT 7 # systemctl stop mariadb BEFORE Ent 7 # service mysqld stop
2. wipe out all the data (make sure this is what you want to do, otherwise if you are wiping it out due to running out of diskspace or database corruption, google how to repair mysql/mariadb innodb databases)
# rm -rf /var/lib/mysql/* /var/lib/mysql/.my*
3. restart mysql
ENT 7 # systemctl start mariadb BEFORE Ent 7 # service mysqld start
4. purge unneeded users (link)
5. rebuild mysql & loganalyzer tables
Rerun the following steps from above
Rsyslog Server Setup; step 1 Server mySQL Setup; steps 2-4 Web Interface Setup; step 1