Setup Centralized Log Server Using Rsyslog And LogAnalyzer On CentOS, RHEL, Scientific Linux 6.5/6.4
Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features such as using TCP for transport.
It will be very helpful for Linux administrators to view and troubleshoot errors if something went wrong. In this tutorial let us see how to install and configure Rsyslog and graphical front-end for rsyslog called LogAnalyser and also how to forward logs from the client systems to the Rsyslog server.
For setting up this, I use CentOS as Rsyslog server and Ubuntu 13.04 desktop as client.
My Rsyslog server details are:
Operating system: CentOS 6.5 Minimal server IP Address: 192.168.1.101/24 Hostname: server.unixmen.local
Rsyslog Client details:
Operating system: Ubuntu 13.04 IP Address: 192.168.1.100/24 Hostname: sk
Before installing Rsyslog and LogAnalyzer, we need a working LAMP stack. To install LAMP server, refer the following link.
Now install rsyslog
# yum install rsyslog*
Start rsyslog daemon and make it to start automatically on every reboot.
# service rsyslog status # chkconfig rsyslog on
Import rsyslog database and tables to mysql
Edit file ‘/usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql’ file,
# vi /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
Set the database name as shown below. Here i am using ‘rsyslogdb’ as my database name.
CREATE DATABASE rsyslogdb; USE rsyslogdb; CREATE TABLE SystemEvents ( [...]
Now import the database tables into MySQL using command:
# mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
Now let us check the ‘rsyslogdb’ database is properly imported into mysql and Set ‘rsysloguser’ user privileges over database:
# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 237 Server version: 5.5.34-MariaDB MariaDB Server Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | ownclouddb | | performance_schema | | rsyslogdb | +--------------------+ 5 rows in set (0.15 sec) MariaDB [(none)]> GRANT ALL ON rsyslogdb.* TO rsysloguser@localhost IDENTIFIED BY 'centos'; Query OK, 0 rows affected (0.09 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.12 sec) MariaDB [(none)]> exit Bye
Now edit the rsyslog config file,
# vi /etc/rsyslog.conf
and make the changes as shown below.
#### MODULES #### $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception ## uncomment ## $ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception ## Uncomment ## $ModLoad imtcp $InputTCPServerRun 514 ## Add the following lines ## $ModLoad ommysql $ModLoad ommysql *.* :ommysql:127.0.0.1,rsyslogdb,rsysloguser,centos $AllowedSender UDP, 127.0.0.1, 192.168.1.0/24 $AllowedSender TCP, 127.0.0.1, 192.168.1.0/24
rsyslogdb - Database name
rsysloguser – Database user
centos – rsyslog user password
$AllowedSender – rsyslog accepts logs from clients on both UDP and TCP ports.
Disable all existing syslog services if any.
# service syslog stop # chkconfig syslog off
We’re done with rsyslog. Now we have to install rsyslog graphical front-end called LogAnalyzer on our client systems.
LogAnalyzer is a GUI interface to rsyslog and other network event data. It provides easy browsing, analysis of realtime network events and reporting services.
Let us download and install the latest version:
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.g
Extract it using command:
# tar zxvf loganalyzer-3.6.5.tar.gz
Move the extracted package to your Apache document root folder.
# mv loganalyzer-3.6.5/src/ /var/www/html/loganalyzer # mv loganalyzer-3.6.5/contrib/* /var/www/html/loganalyzer/
Set the file permissions to the following files and run the configure.sh script.
# cd /var/www/html/loganalyzer/ # chmod +x configure.sh secure.sh # ./configure.sh
The ‘configure.sh’ command will create a blank php file.
Adjust IPTABLES and SELINUX settings
Now let us allow syslog port 514 through iptables/router:
# vi /etc/sysconfig/iptables
Add the following line:
[...] -A INPUT -m state --state NEW -m tcp -p tcp --dport 514 -j ACCEPT [...]
Restart iptables service:
# service iptables restart
Edit file /etc/sysconfig/selinux file,
# vi /etc/sysconfig/selinux
Change SELINUX=enforcing to SELINUX=disabled:
Save and close the file. Reboot your server once to take effect all the changes.
Point your web browser to http://ip-address/loganalyser or http://domain-name/loganalyzer and begin LogAnalyzer installation.
You’ll be shown with an Error message that says: Critical Error occurred.
Click on link that says: ‘here’.
Click “Yes” on “Enable User Database”. Enter the database user name, password and database name and click Next. Click “Yes” on “Require user to be logged in” option.
Warning: Double check the database name, Table names. Because they are case sensitive. Refer the screenshots. If you use “systemevents” in the tablename section instead of “SystemEvents”, you won’t be able to install loganalyzer. Also make sure the database name, database username and password are correct as exactly in the /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql file.
Enter the admin user account details which we created earlier.
If it shows any message like “no syslog data”, restart all services once again.
# service rsyslog restart # service httpd restart # service mysql restart
Refresh the page again, you’ll see the log details of your server as shown in the below screenshot.
Configuring client is very easy. All you need to do is just install rsyslog package and add the ryslog server ip address in the configuration file.
Install rsyslog package in your client systems.
For RHEl/CentOS Clients:
# yum install rsyslog -y
For Debian/Ubuntu Clients:
$ sudo apt-get install rsyslog
Open the rsyslog config file and the rsyslog server details.
# vi /etc/rsyslog.conf
Add Rsyslog server details:
and start rsyslog services.
# service rsyslog start # chkconfig rsyslog on
Now goto rsyslog server and check for client logs.
That’s it. Happy logging!
Advance New year wishes! Convey my regards to your family and friends!
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX : Wow! Early last week it was all over the internet, if you haven't heard it yet then this is the t...2 comments |
- Grive: An Unofficial, Open Source Linux Client For Google Drive : A couple of months before, we have featured a Linux client for Google Drive named Syncdrive, which w...3 comments |
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- Install Sublime Text 3 In Fedora Easily With Fedy : Sublime Text is a sophisticated text editor for code, markup and prose. In this tutorial we are goi...0 comments |
- How To "Fix E: Could not open file /var/lib/dpkg/status" : QUESTION: I get the following error when I use sudo apt-get update: E: Could not open file /var/...0 comments |
- Install nSnake Game In Terminal : From github repo nsnake is a clone of the classic snake game that we all used to play on our cellp...0 comments |
- News from Kaspersky Lab: Tor is protecting criminals
- Install Satis On Ubuntu Sever 13.10/13.04
- How To Access A LVM Drive / Partition in Ubuntu
- How To Disable Remember Open Files in Sublime Text 3
- Install Sublime Text 3 In Fedora Easily With Fedy
- Grive: An Unofficial, Open Source Linux Client For Google Drive
- Install nSnake Game In Terminal
- How To “Fix E: Could not open file /var/lib/dpkg/status”
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX
- Fedora 21 Scheduled For Release In October
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .