In this post I will cover.
1) Setting up a syslog server to log messages from local and remote sources.
2) Setup a GUI front end showing syslog items.
I’ve done this on both Ubuntu Server 10.04 and 12.04.
First we need to get some items loaded. We will load these right from the repository.
apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog
Edit /etc/rsyslog.conf and uncomment or add the following. This will set the server to accept inbound syslog messages on UDP port 514.
# provides UDP syslog reception $ModLoad imudp $UDPServerRun 514
Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None”
DefaultType text/plain Addtype application/x-httpd-php .php
Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.
Now on to the LogAnalyzer.
Download the latest log analyzer from the adiscon web site at http://loganalyzer.adiscon.com/downloads
cd /opt wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.2.tar.gz
Unzip and extract the file.
gunzip loganalyzer-3.5.6.tar.gz tar -xvf loganalyzer-3.5.6.tar
Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.
mkdir /var/www/syslog cp -r /opt/loganalyzer-3.5.6/src/* /var/www/syslog cp -r /opt/loganalyzer-3.5.6/contrib/*.sh /var/www/syslog chmod +x /var/www/syslog/*.sh cd /var/www/syslog/ ./configure.sh
Grant Apache access to syslog.
usermod -G adm www-data
Use a web browser to hit the new web service at http://SERVERNAME/syslog/index.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.
I have run through your tutorial Setup Syslog with LogAnalyzer on Ubuntu Server. Once I have got to the end I have tried to go on to http://localhost/syslog/index.php with both chrome and firefox but instead of opening the page it downloads the file. Have you encountered this before and how do you rectify it?
Thanks,
Shaun
Sounds like you don’t have the application handler for php setup correctly. Make sure you added this section as explained above:
DefaultType text/plain
Addtype application/x-httpd-php .php
You also want to be sure you have all the prereqs installed, including all the php items.
hey i have encountered the same problem, and what u need to do is
just restart the web server after u made configuration change.
like “/etc/init.d/apache2 restart”.
your tutorial is so nice. and i there any change to configure client side in another system ?? by using “log analyzer” is an main server
Hello Mike,
I have installed the syslog and LogAnalyzer successfully. But now I am not able to find any option to add more device in the loganalyzer. So that I get analyze my other host like Firewall, Router, switch etc logs. Do you have any idea how to setup other devices?
The syslog merely collects data. You need to configure each device (firewall, router, etc) to send syslog data to this server you just setup. Each device is different, but most will have the option to send syslog data to a remote server.
Hello Mike,
I know I have to configure my device to send syslog date to syslog server. But I would like to know do I have to configure device related configuration on my syslog server or not. if yes then what are the steps to do that.
With this tutorial, there is no ‘device specific’ config on the server. The syslog daemon will accept any messages sent to it and add them to the log.
Hello Mike,
So with this tutorial the syslog server can get it’s log only.
How can we get syslog from other equipments in system?
thanks!
Tu
The tutorial is very good! thanks Mike!
I think have wrong typing here. just change index.php -> install.php
sure it works
http://SERVERNAME/syslog/index.php.
Thank you for this tutorial: 5 minutes and the server was up and running…
Thank you Again!
Dear Mike,
in this method i am unable to create the user database in the step 3 lf loganalyzer setup. is there a simple way to add the user in the mysql privilege list.
You can add mysql users in the MYSQL shell. As an example:
GRANT ALL PRIVILEGES ON my_database.* TO ‘my_user’@’localhost’ IDENTIFIED BY ‘my_password’ WITH GRANT OPTION;
Hi Mike!
Great tutorial, I was up and running in 10 minutes, all my servers and ASAs are now logged on this server. I am now just trying to work out how to show more than 2 days of data in the logs. They always end at 06:44:00 the day before. If you could just point me to a configuration file or DB table or something.
Thank you
Vita
I am trying this out on Ubuntu 14.04 with all preqs installed and in my /etc/apache2/apache2.conf the “DefaultType None” does not exist.
thx,
GMF
@GMF
Quick and dirty solution.
Move the /var/www/syslog directory to the /var/www/html directory
“cp -r /var/www/syslog /var/www/html”
With a browser go to /syslog/install.php
Greetz
Marc
Pingback: ubuntu syslog server setup - infoai.net