Setting up LogAnalyzer syslog server – Analysis & Reporting

I’ve done this on Ubuntu Server 13.x

Install the following repository.

sudo apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog

Edit /etc/rsyslog.conf and uncomment or add the following.

Setting the server to accept inbound syslog messages on UDP port 514.

# provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None

DefaultType text/plain

Addtype application/x-httpd-php .php

Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.

Download the latest LogAnalyzer from the adiscon web site – http://loganalyzer.adiscon.com/downloads

cd /opt

wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz

Unzip and extract the file.

gunzip loganalyzer-3.6.6.tar.gz

tar -xvf loganalyzer-3.6.6.tar

Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.

mkdir /var/www/syslog

cp -r /opt/loganalyzer-3.6.6/src/* /var/www/syslog

cp -r /opt/loganalyzer-3.6.6/contrib/*.sh /var/www/syslog

chmod +x /var/www/syslog/*.sh

cd /var/www/syslog/

./configure.sh

Grant Apache access to syslog.

usermod -G adm www-data

Use a web browser to hit the new web service at http://SERVERNAME/syslog/install.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.