1./ Install Prerequisites
– In order for LogAnalyzer to function correctly, on the rsyslog server, you need to install a LAMP Stack.
– we need also to install the rsyslog-mysql package, use the below comand to install it:
[root@loganalyzer ~]# apt-get install rsyslog-mysql
– Just click no, because we are going to create the Syslog databse manually
2./ Configure Rsyslog Database
– Create the Syslog database:
[root@loganalyzer ~]# mysql -u root -p mysql> CREATE DATABASE Syslog;
– Create a user to access the Syslog database:
mysql> GRANT ALL ON Syslog.* TO 'rsyslog'@'localhost' IDENTIFIED BY 'Password'; mysql> FLUSH PRIVILEGES; mysql> exit
– Import the default database schema offered by Rsyslog using the below command:
[root@loganalyzer ~]# mysql -u rsyslog -D Syslog -p < /usr/share/dbconfig-common/data/rsyslog-mysql/install/mysql
3./ Configure Loganalyzer Users Database
– Create the Loganalyzer Users database:
[root@loganalyzer ~]# mysql -u root -p MariaDB [(none)]> CREATE DATABASE loganalyzer;
– Create a user to access the Loganalyzer Users database:
mysql> GRANT ALL ON loganalyzer.* TO 'loganalyzer'@'localhost' IDENTIFIED BY 'Password'; mysql> FLUSH PRIVILEGES; mysql> exit
4./ Configure Rsyslog Server
– Take a backup of the rsyslog.conf before editing it
[root@loganalyzer ~]# cp /etc/rsyslog.conf /etc/rsyslog.conf.org [root@loganalyzer ~]# vi /etc/rsyslog.conf
– Find and uncomment the following lines to make your server to listen on the udp and tcp ports.
[...] # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") [...] # provides TCP syslog reception module(load="imtcp") input(type="imtcp" port="514") [...]
– To configure Rsyslog to output logs to database, edit the mysql.conf file as below:
[root@loganalyzer ~]# vi /etc/rsyslog.d/mysql.conf [..] # Load the MySQL Module $ModLoad ommysql #*.* :ommysql:Host,DB,DBUser,DBPassword *.* :ommysql:127.0.0.1,Syslog,rsyslog,Password
– Make the following changes if the server version is Ubuntu 18.04 Lts
### Configuration file for rsyslog-mysql ### Changes are preserved module (load="ommysql") *.* action(type="ommysql" server="localhost" db="Syslog" uid="rsyslog" pwd="Password")
– Save and restart the rsyslog service
[root@loganalyzer ~]# systemctl restart rsyslog
5./ Install LogAnalyzer
– Download LogAnalyzer package from the official website
[root@loganalyzer ~]# cd /tmp [root@loganalyzer ~]# wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.6.tar.gz [root@loganalyzer ~]# tar -xzvf loganalyzer-4.1.6.tar.gz
– Create the LogAnalyzer Directory under the apache web directory:
[root@loganalyzer ~]# mkdir /var/www/html/loganalyzer
– Copy the installation files into loganalyzer directory using the following commands:
[root@loganalyzer ~]# cp -r /tmp/loganalyzer-4.1.6/src/* /var/www/html/loganalyzer
– Create a blank configuration file named config.php in loganalyzer directory and setup write permission to www-data user using the following commands:
[root@loganalyzer ~]# cd /var/www/html/loganalyzer [root@loganalyzer ~]# touch config.php [root@loganalyzer ~]# chown www-data:www-data config.php [root@loganalyzer ~]# chmod 666 config.php
– Finally, change all files owner to www-data
[root@loganalyzer ~]# chown www-data:www-data -R /var/www/html/loganalyzer/
4./ start LogAnalyzer web installer
After completing above steps open following url in your favorite web browser to start LogAnalyzer web installer.
http://rsyslog_server_ip/loganalyzer
– Just click Next
Make sure config.php is writable and click Next
– Fill the database details for loganalyzer, with the loganlyzer database name, user and password created in third step and click Next.
– Just click Next
– Just click Next
– Create an Administrator account and click Next.
– Fill the Rsyslog database details created in second step and click Next
– click Finish
– Login to LogAnalyzer using the user created in the step number 6
