{"id":7292,"date":"2013-07-16T07:05:00","date_gmt":"2013-07-16T05:05:00","guid":{"rendered":"http:\/\/nolabnoparty.com\/?p=7292"},"modified":"2014-12-15T08:30:28","modified_gmt":"2014-12-15T07:30:28","slug":"install-rsyslog-loganalyzer","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/install-rsyslog-loganalyzer\/","title":{"rendered":"Install Rsyslog and LogAnalyzer on Centos 6"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 10px auto 5px; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border: 0px;\" title=\"syslog01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog01.jpg\" alt=\"syslog01\" width=\"602\" height=\"202\" border=\"0\" \/><\/p>\n<p>Rsyslog and LogAnalyzerare tools that help administrators to collect the <strong>systems log in a centralized place<\/strong> and facilitates the data analysis.<\/p>\n<p>In large networks the number of devices installed provides tons of logs that make impossible to have a <strong>good overview\u00a0<\/strong>of the overall network status without having a centralized log collector system.<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Prerequisites<\/h2>\n<ul>\n<li>Centos 6.x minimal<\/li>\n<li>A working <a href=\"http:\/\/en.wikipedia.org\/wiki\/LAMP_(software_bundle)\" target=\"_blank\" rel=\"noopener\">LAMP<\/a> environment<\/li>\n<li><a href=\"http:\/\/www.rsyslog.com\/\" target=\"_blank\" rel=\"noopener\">Rsyslog<\/a> and <a href=\"http:\/\/loganalyzer.adiscon.com\/\" target=\"_blank\" rel=\"noopener\">LogAnalyzer<\/a> packages<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Install Rsyslog<\/h2>\n<p>First install LAMP environment and Rsyslog <strong>packages<\/strong> using the <em>yum<\/em> command.<\/p>\n<p><span style=\"color: #0000a0;\"># yum install httpd php mysql php-mysql mysql-server rsyslog rsyslog-mysql wget <\/span><\/p>\n<p>Prior importing the db schema into MySQL you can <strong>customize the database name<\/strong> (Syslog by default) by editing the <strong>createDB.sql<\/strong> file.<\/p>\n<p><span style=\"color: #0000a0;\"># vi \/usr\/share\/doc\/rsyslog-mysql-5.8.10\/createDB.sql<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog02.jpg\" alt=\"syslog02\" width=\"600\" height=\"50\" border=\"0\" \/><\/p>\n<p>Once editing has been completed, <strong>import the db schema<\/strong> into MySQL. In the example, the procedure creates a new database called <strong>rsyslogdb<\/strong>.<\/p>\n<p><span style=\"color: #0000a0;\"># mysql -u root -p &lt; \/usr\/share\/doc\/rsyslog-mysql-5.8.10\/createDB.sql<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog03.jpg\" alt=\"syslog03\" width=\"600\" height=\"68\" border=\"0\" \/><\/p>\n<p>Grant the <strong>privileges<\/strong> to the account rsyslog.<\/p>\n<p><span style=\"color: #0000a0;\"># mysql -u root -p<\/span><\/p>\n<pre class=\"lang:default decode:true brush: shell; gutter: true\">mysql&gt; GRANT ALL PRIVILEGES ON rsyslogdb.* TO rsyslog@localhost IDENTIFIED BY 'passwd00';\r\nmysql&gt; flush privileges;\r\nmysql&gt; exit<\/pre>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog04.jpg\" alt=\"syslog04\" width=\"600\" height=\"168\" border=\"0\" \/><br \/>\nEdit the configuration file <em>\/etc\/rsyslog.conf<\/em> and <strong>enable the listed parameters<\/strong>.<\/p>\n<p><span style=\"font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;\">$ModLoad imuxsock<\/span><\/p>\n<pre class=\"lang:default decode:true brush: shell; gutter: true\">$ModLoad imklog\r\n#$ModLoad immark\r\n$ModLoad imudp\r\n$UDPServerRun 514\r\n$ModLoad imtcp\r\n$InputTCPServerRun 514\r\n$ModLoad ommysql<\/pre>\n<p><span style=\"color: #000080;\"># vi \/etc\/rsyslog.conf<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog05.jpg\" alt=\"syslog05\" width=\"600\" height=\"287\" border=\"0\" \/><\/p>\n<p>Add also the following lines:<\/p>\n<pre class=\"lang:default decode:true brush: bash; gutter: true\">$AllowedSender UDP, 127.0.0.1, 192.168.10.0\/24\r\n$AllowedSender TCP, 127.0.0.1, 192.168.10.0\/24\r\n*.* : ommysql:127.0.0.1,rsyslogdb,rsyslog,passwd00<\/pre>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog06.jpg\" alt=\"syslog06\" width=\"600\" height=\"225\" border=\"0\" \/><\/p>\n<p>Enable the service to <strong>start at system boot<\/strong> and start the service.<\/p>\n<p><span style=\"color: #0000a0;\"># chkconfig rsyslog on<br \/>\n# service rsyslog restart<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog07.jpg\" alt=\"syslog07\" width=\"600\" height=\"81\" border=\"0\" \/><\/p>\n<p>If you have a firewall, you need to open <strong>ports TCP 514 and UDP 514<\/strong> to work with Rsyslog.<\/p>\n<p>&nbsp;<\/p>\n<h4>Test Rsyslog<\/h4>\n<p>To test if everything is working, check if <strong>messages are arriving<\/strong> at the syslog server.<\/p>\n<p><span style=\"color: #0000a0;\"># tail -f \/var\/log\/messages<\/span><\/p>\n<p>In addition you can check if <strong>messages are being stored<\/strong> in MySQL database.<\/p>\n<p><span style=\"color: #0000a0;\"># mysql -u root -p<\/span><\/p>\n<pre class=\"lang:default decode:true brush: shell; gutter: true\">mysql&gt; use rsyslogdb;\r\nmysql&gt; select * from SystemEvents;<\/pre>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog08.jpg\" alt=\"syslog08\" width=\"600\" height=\"142\" border=\"0\" \/><\/p>\n<p>If you see an <strong>empty set<\/strong> means it\u2019s working.<\/p>\n<p>&nbsp;<\/p>\n<h2>Install LogAnalyzer<\/h2>\n<p>Using the command <em>wget<\/em> download the <strong>LogAnalyzer package<\/strong>.<\/p>\n<p><span style=\"color: #0000a0;\"># wget http:\/\/download.adiscon.com\/loganalyzer\/loganalyzer-3.6.3.tar.gz<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog09.jpg\" alt=\"syslog09\" width=\"600\" height=\"249\" border=\"0\" \/><\/p>\n<p>Unpack the downloaded file and move the content to the Apache <strong>document root<\/strong>.<\/p>\n<p><span style=\"color: #0000a0;\"># tar -vxzf loganalyzer-3.6.3.tar.gz<br \/>\n<\/span><span style=\"color: #000080;\"># mv loganalyzer-3.6.3\/src\/ \/var\/www\/html\/loganalyzer<\/span><br \/>\n<span style=\"color: #000080;\"># mv loganalyzer-3.6.3\/contrib\/* \/var\/www\/html\/loganalyzer<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog10.jpg\" alt=\"syslog10\" width=\"600\" height=\"93\" border=\"0\" \/><\/p>\n<p>Enter the created directory and assign the <strong>correct permissions<\/strong> to execute the scripts.<\/p>\n<p><span style=\"color: #0000a0;\"># cd \/var\/www\/html\/loganalyzer\/<br \/>\n<\/span><span style=\"color: #000080;\"># chmod 744 configure.sh secure.sh<\/span><br \/>\n<span style=\"color: #000080;\"># .\/configure.sh<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog11.jpg\" alt=\"syslog11\" width=\"600\" height=\"67\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h4>Configure LogAnalyzer<\/h4>\n<p>Access the <strong>web interface<\/strong> typing from your browser the following address:<\/p>\n<blockquote><p>http:\/\/IP_address\/loganalyzer<\/p><\/blockquote>\n<p>At first access you receive an error message because the application hasn\u2019t been configured yet. Click on word\u00a0<strong>here<\/strong> to go ahead with the configuration.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog13\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog13.jpg\" alt=\"syslog13\" width=\"600\" height=\"133\" border=\"0\" \/><\/p>\n<p>Click <strong>Next<\/strong> to start the installation.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog14\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog14.jpg\" alt=\"syslog14\" width=\"600\" height=\"278\" border=\"0\" \/><\/p>\n<p>Click <strong>Next<\/strong> to continue.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog15\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog15.jpg\" alt=\"syslog15\" width=\"600\" height=\"296\" border=\"0\" \/><\/p>\n<p>Enable <strong>Enable User Database<\/strong> option and <strong>enter the parameters<\/strong> set during the database creation.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog16\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog16.jpg\" alt=\"syslog16\" width=\"600\" height=\"522\" border=\"0\" \/><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog17\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog17.jpg\" alt=\"syslog17\" width=\"600\" height=\"304\" border=\"0\" \/><\/p>\n<p>If no errors are shown click <strong>Next<\/strong> to continue.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog18\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog18.jpg\" alt=\"syslog18\" width=\"600\" height=\"299\" border=\"0\" \/><\/p>\n<p>Create the <strong>Admin user<\/strong> typing the username and password then click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog19\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog19.jpg\" alt=\"syslog19\" width=\"600\" height=\"322\" border=\"0\" \/><\/p>\n<p>Choose as <strong>Source Type<\/strong> the <span style=\"color: #ff0000;\"><strong>MYSQL Native<\/strong><\/span> value and enter the parameter of the database previously created. Click <strong>Next<\/strong>. Pay attention to the field <strong>Database Tablename<\/strong> where the value must be:<\/p>\n<blockquote><p>\u00a0<span style=\"color: #993300;\">SystemEvents<\/span><\/p><\/blockquote>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog20\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog20.jpg\" alt=\"syslog20\" width=\"600\" height=\"480\" border=\"0\" \/><\/p>\n<p>Click <strong>Finish<\/strong> to complete the installation.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog21\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog21.jpg\" alt=\"syslog21\" width=\"600\" height=\"272\" border=\"0\" \/><\/p>\n<p>To login to LogAnalyzer you need to <strong>enter your credential<\/strong> then click <strong>Login<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog22\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog22.jpg\" alt=\"syslog22\" width=\"600\" height=\"247\" border=\"0\" \/><\/p>\n<p>The Rsyslog server shows the so far <strong>collected data<\/strong>. You need to set the network devices to send <strong>syslog messages<\/strong> to the Rsyslog server just configured to populate the Events.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog25\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog25.jpg\" alt=\"syslog25\" width=\"600\" height=\"333\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Troubleshooting<\/h2>\n<p>After login you may receive the error message:<\/p>\n<blockquote><p>could not find the configured table, maybe misspelled or the table names are case sensitive<\/p><\/blockquote>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog23\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog23.jpg\" alt=\"syslog23\" width=\"600\" height=\"87\" border=\"0\" \/><\/p>\n<p>This error is often due to <strong>wrong syntax<\/strong> in the DBTableName field. To fix it you need to edit the \/var\/www\/html\/loganalyzer\/config.php file and check if the <strong>DBTableName<\/strong> value is written with the correct capital letters.<\/p>\n<blockquote><p>SystemEvents<\/p><\/blockquote>\n<p><span style=\"color: #0000a0;\"># vi \/var\/www\/html\/loganalyzer\/config.php<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" style=\"margin: 0px auto; padding-left: 0px; padding-right: 0px; float: none; padding-top: 0px; border-width: 0px;\" title=\"syslog24\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/07\/syslog24.jpg\" alt=\"syslog24\" width=\"600\" height=\"232\" border=\"0\" \/><\/p>\n<p><strong>Amended<\/strong> the DBTableName value, the system should work properly.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"\" title=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rsyslog and LogAnalyzerare tools that help administrators to collect the systems log in a centralized place and facilitates the data analysis. In large networks the number of devices installed provides tons of logs that make impossible to have a good overview\u00a0of the overall network status without having a centralized log collector system.<\/p>\n","protected":false},"author":3,"featured_media":7268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[899,898],"tags":[634,645],"class_list":["post-7292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-analysis-en","category-monitoring-en","tag-monitoring-en","tag-syslog-en","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/7292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=7292"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/7292\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/7268"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=7292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=7292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=7292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}