Install Rsyslog and LogAnalyzer on Centos 6

Rsyslog and LogAnalyzerare tools that help administrators to collect the systems
log in a centralized place and facilitates the data analysis.

In large networks the number of devices installed provides tons of logs that make impossible to have a good
overview of the overall network status without having a centralized log collector system.

Prerequisites

Centos 6.x minimal

A working LAMP environment

Rsyslog and LogAnalyzer packages

Install Rsyslog

First install LAMP environment and Rsyslog packages using the yum command.

# yum install httpd php mysql php-mysql
mysql-server rsyslog rsyslog-mysql wget

Prior importing the db schema into MySQL you can customize the database name (Syslog
by default) by editing the createDB.sql file.

# vi /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql



Once editing has been completed, import the db schema into MySQL. In the
example, the procedure creates a new database called rsyslogdb.

# mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql



Grant the privileges to the account rsyslog.

# mysql -u root -p

123	mysql> GRANT ALL PRIVILEGES ON rsyslogdb.* TO rsyslog@localhost IDENTIFIED BY 'passwd00';mysql> flush privileges;mysql> exit

Edit the configuration file /etc/rsyslog.conf and enable the listed parameters.$ModLoad imuxsock

1 2 3 4 5 6 7

$ModLoad imklog #$ModLoad immark $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514 $ModLoad ommysql

# vi /etc/rsyslog.conf



Add also the following lines:

123	$AllowedSender UDP, 127.0.0.1, 192.168.10.0/24$AllowedSender TCP, 127.0.0.1, 192.168.10.0/24*.* : ommysql:127.0.0.1,rsyslogdb,rsyslog,passwd00

Enable the service to start at system boot and start the service.# chkconfig rsyslog on
# service rsyslog restart

If you have a firewall, you need to open ports TCP 514 and UDP 514 to work with Rsyslog.

Test Rsyslog

To test if everything is working, check if messages are arriving at the syslog server.# tail -f /var/log/messagesIn addition you can check if messages are being stored in MySQL database.# mysql -u root -p

1 2	mysql> use rsyslogdb; mysql> select * from SystemEvents;

If you see an empty set means it’s working.

Install LogAnalyzer

Using the command wget download the LogAnalyzer
package.

# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz


Unpack the downloaded file and move the content to the Apache document root.

# tar -vxzf loganalyzer-3.6.3.tar.gz

# mv loganalyzer-3.6.3/src/ /var/www/html/loganalyzer

# mv loganalyzer-3.6.3/contrib/* /var/www/html/loganalyzer



Enter the created directory and assign the correct permissions to execute
the scripts.

# cd /var/www/html/loganalyzer/

# chmod 744 configure.sh secure.sh

# ./configure.sh

Configure LogAnalyzer

Access the web interface typing from your browser the following address:
http://IP_address/loganalyzer
At first access you receive an error message because the application hasn’t been configured yet. Click on word here to
go ahead with the configuration.



Click Next to start the installation.



Click Next to continue.



Enable Enable User Database option and enter
the parameters set during the database creation.



Click Next.



If no errors are shown click Next to continue.



Create the Admin user typing the username and password then click Next.



Choose as Source Type the MYSQL
Native value and enter the parameter of the database previously created. Click Next.
Pay attention to the field Database Tablename where the value must be:

SystemEvents



Click Finish to complete the installation.



To login to LogAnalyzer you need to enter your credential then click Login.



The Rsyslog server shows the so far collected data. You need to set the
network devices to send syslog messages to the Rsyslog server just configured
to populate the Events.

Troubleshooting

After login you may receive the error message:

could not find the configured table, maybe misspelled or the table names are case sensitive



This error is often due to wrong syntax in the DBTableName field. To fix
it you need to edit the /var/www/html/loganalyzer/config.php file and check if the DBTableName value
is written with the correct capital letters.

SystemEvents

# vi /var/www/html/loganalyzer/config.php



Amended the DBTableName value, the system should work properly.



来源：http://nolabnoparty.com/en/install-rsyslog-loganalyzer/