Setting up LogAnalyzer syslog server – Analysis & Reporting
I’ve done this on Ubuntu Server 13.x
Install the following repository.
sudo apt-get install build-essential apache2 php5 php5-gd libapache2-mod-php5 mysql-server php5-mysql rsyslog
Edit /etc/rsyslog.conf and uncomment or add the following.
Setting the server to accept inbound syslog messages on UDP port 514.
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Next, since the log analyzer runs on php, we need to tell apache how to handle php pages. Edit /etc/apache2/apache2.conf and add in the following item underneath “DefaultType None”
DefaultType text/plain
Addtype application/x-httpd-php .php
Note: If this step is not done properly, you will get a message when loading the syslog web page prompting you to save the file instead of Apache displaying the file.
Download the latest LogAnalyzer from the adiscon web site – http://loganalyzer.adiscon.com/downloads
cd /opt
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz
Unzip and extract the file.
gunzip loganalyzer-3.6.6.tar.gz
tar -xvf loganalyzer-3.6.6.tar
Copy the LogAnalyzer /src/ folder to the Apache www root or subfolder, copy the install script, make executable, and run the install scripts. It’s important to run the configure script from the same directory that will hold the syslog php files.
mkdir /var/www/syslog
cp -r /opt/loganalyzer-3.6.6/src/* /var/www/syslog
cp -r /opt/loganalyzer-3.6.6/contrib/*.sh /var/www/syslog
chmod +x /var/www/syslog/*.sh
cd /var/www/syslog/
./configure.sh
Grant Apache access to syslog.
usermod -G adm www-data
Use a web browser to hit the new web service at http://SERVERNAME/syslog/install.php. The page will show a message stating the service is not configured. Follow the steps to setup your syslog front end.
Comments