Install Rsyslog Server and Log Analyzer on CentOS 6.4 5.9 Redhat RHEL

Install Rsyslog Server and Log Analyzer on CentOS 6.4 5.9 Redhat RHEL

Rsyslog Log Analyzer

 Step 1: Install web server, mysql server and required package

[root@localhost ~]# yum install httpd php mysql php-mysql mysql-server wget -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: virror.hanoilug.org
* epel: mirror.smartmedia.net.id
* extras: virror.hanoilug.org
* updates: centos-hcm.viettelidc.com.vn
Setting up Install Process
Package wget-1.12-1.8.el6.x86_64 already installed and latest version
Resolving Dependencies
–> Running transaction check
—> Package httpd.x86_64 0:2.2.15-26.el6.centos will be updated
—> Package httpd.x86_64 0:2.2.15-28.el6.centos will be an update
–> Processing Dependency: httpd-tools = 2.2.15-28.el6.centos for package: httpd-2.2.15-28.el6.centos.x86_64
—> Package mysql.x86_64 0:5.1.69-1.el6_4 will be installed
–> Processing Dependency: mysql-libs = 5.1.69-1.el6_4 for package: mysql-5.1.69-1.el6_4.x86_64
—> Package mysql-server.x86_64 0:5.1.69-1.el6_4 will be installed
–> Processing Dependency: perl-DBI for package: mysql-server-5.1.69-1.el6_4.x86_64
–> Processing Dependency: perl-DBD-MySQL for package: mysql-server-5.1.69-1.el6_4.x86_64
–> Processing Dependency: perl(DBI) for package: mysql-server-5.1.69-1.el6_4.x86_64
—> Package php.x86_64 0:5.3.3-22.el6 will be installed
–> Processing Dependency: php-cli(x86-64) = 5.3.3-22.el6 for package: php-5.3.3-22.el6.x86_64
—> Package php-mysql.x86_64 0:5.3.3-22.el6 will be installed
–> Running transaction check
—> Package httpd-tools.x86_64 0:2.2.15-26.el6.centos will be updated
—> Package httpd-tools.x86_64 0:2.2.15-28.el6.centos will be an update
—> Package mysql-libs.x86_64 0:5.1.66-2.el6_3 will be updated
—> Package mysql-libs.x86_64 0:5.1.69-1.el6_4 will be an update
—> Package perl-DBD-MySQL.x86_64 0:4.013-3.el6 will be installed
—> Package perl-DBI.x86_64 0:1.609-4.el6 will be installed
—> Package php-cli.x86_64 0:5.3.3-22.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved=====================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================
Installing:
mysql x86_64 5.1.69-1.el6_4 updates 907 k
mysql-server x86_64 5.1.69-1.el6_4 updates 8.7 M
php x86_64 5.3.3-22.el6 base 1.1 M
php-mysql x86_64 5.3.3-22.el6 base 81 k
Updating:
httpd x86_64 2.2.15-28.el6.centos updates 821 k
Installing for dependencies:
perl-DBD-MySQL x86_64 4.013-3.el6 base 134 k
perl-DBI x86_64 1.609-4.el6 base 705 k
php-cli x86_64 5.3.3-22.el6 base 2.2 M
Updating for dependencies:
httpd-tools x86_64 2.2.15-28.el6.centos updates 73 k
mysql-libs x86_64 5.1.69-1.el6_4 updates 1.2 MTransaction Summary
=====================================================================================================================================================================================================
Install 7 Package(s)
Upgrade 3 Package(s)Total download size: 16 M
Downloading Packages:
(1/10): httpd-2.2.15-28.el6.centos.x86_64.rpm | 821 kB 00:03
(2/10): httpd-tools-2.2.15-28.el6.centos.x86_64.rpm | 73 kB 00:00
(3/10): mysql-5.1.69-1.el6_4.x86_64.rpm | 907 kB 00:03
(4/10): mysql-libs-5.1.69-1.el6_4.x86_64.rpm | 1.2 MB 00:05
(5/10): mysql-server-5.1.69-1.el6_4.x86_64.rpm | 8.7 MB 00:37
(6/10): perl-DBD-MySQL-4.013-3.el6.x86_64.rpm | 134 kB 00:00
(7/10): perl-DBI-1.609-4.el6.x86_64.rpm | 705 kB 00:02
(8/10): php-5.3.3-22.el6.x86_64.rpm | 1.1 MB 00:04
(9/10): php-cli-5.3.3-22.el6.x86_64.rpm | 2.2 MB 00:11
(10/10): php-mysql-5.3.3-22.el6.x86_64.rpm | 81 kB 00:00
—————————————————————————————————————————————————————————————————–
Total 228 kB/s | 16 MB 01:10
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : mysql-libs-5.1.69-1.el6_4.x86_64 1/13
Installing : perl-DBI-1.609-4.el6.x86_64 2/13
Installing : perl-DBD-MySQL-4.013-3.el6.x86_64 3/13
Installing : mysql-5.1.69-1.el6_4.x86_64 4/13
Updating : httpd-tools-2.2.15-28.el6.centos.x86_64 5/13
Updating : httpd-2.2.15-28.el6.centos.x86_64 6/13
Installing : php-cli-5.3.3-22.el6.x86_64 7/13
Installing : php-5.3.3-22.el6.x86_64 8/13
Installing : mysql-server-5.1.69-1.el6_4.x86_64 9/13
Installing : php-mysql-5.3.3-22.el6.x86_64 10/13
Cleanup : httpd-2.2.15-26.el6.centos.x86_64 11/13
Cleanup : httpd-tools-2.2.15-26.el6.centos.x86_64 12/13
Cleanup : mysql-libs-5.1.66-2.el6_3.x86_64 13/13
Verifying : php-cli-5.3.3-22.el6.x86_64 1/13
Verifying : mysql-libs-5.1.69-1.el6_4.x86_64 2/13
Verifying : perl-DBD-MySQL-4.013-3.el6.x86_64 3/13
Verifying : httpd-tools-2.2.15-28.el6.centos.x86_64 4/13
Verifying : php-5.3.3-22.el6.x86_64 5/13
Verifying : php-mysql-5.3.3-22.el6.x86_64 6/13
Verifying : perl-DBI-1.609-4.el6.x86_64 7/13
Verifying : mysql-server-5.1.69-1.el6_4.x86_64 8/13
Verifying : mysql-5.1.69-1.el6_4.x86_64 9/13
Verifying : httpd-2.2.15-28.el6.centos.x86_64 10/13
Verifying : httpd-2.2.15-26.el6.centos.x86_64 11/13
Verifying : httpd-tools-2.2.15-26.el6.centos.x86_64 12/13
Verifying : mysql-libs-5.1.66-2.el6_3.x86_64 13/13Installed:
mysql.x86_64 0:5.1.69-1.el6_4 mysql-server.x86_64 0:5.1.69-1.el6_4 php.x86_64 0:5.3.3-22.el6 php-mysql.x86_64 0:5.3.3-22.el6Dependency Installed:
perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6 php-cli.x86_64 0:5.3.3-22.el6Updated:
httpd.x86_64 0:2.2.15-28.el6.centosDependency Updated:
httpd-tools.x86_64 0:2.2.15-28.el6.centos mysql-libs.x86_64 0:5.1.69-1.el6_4Complete!
[root@localhost ~]#

Step 2: Install Rsyslog Server on Server

[root@localhost ~]# yum install -y rsyslog*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: virror.hanoilug.org
* epel: mirror.smartmedia.net.id
* extras: virror.hanoilug.org
* updates: centos-hcm.viettelidc.com.vn
Setting up Install Process
Package rsyslog-5.8.10-6.el6.x86_64 already installed and latest version
Resolving Dependencies
–> Running transaction check
—> Package rsyslog-gnutls.x86_64 0:5.8.10-6.el6 will be installed
—> Package rsyslog-gssapi.x86_64 0:5.8.10-6.el6 will be installed
—> Package rsyslog-mysql.x86_64 0:5.8.10-6.el6 will be installed
—> Package rsyslog-pgsql.x86_64 0:5.8.10-6.el6 will be installed
–> Processing Dependency: libpq.so.5()(64bit) for package: rsyslog-pgsql-5.8.10-6.el6.x86_64
—> Package rsyslog-relp.x86_64 0:5.8.10-6.el6 will be installed
–> Processing Dependency: librelp.so.0()(64bit) for package: rsyslog-relp-5.8.10-6.el6.x86_64
—> Package rsyslog-snmp.x86_64 0:5.8.10-6.el6 will be installed
–> Running transaction check
—> Package librelp.x86_64 0:0.1.1-4.1.el6 will be installed
—> Package postgresql-libs.x86_64 0:8.4.13-1.el6_3 will be installed
–> Finished Dependency ResolutionDependencies Resolved=====================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================
Installing:
rsyslog-gnutls x86_64 5.8.10-6.el6 base 27 k
rsyslog-gssapi x86_64 5.8.10-6.el6 base 28 k
rsyslog-mysql x86_64 5.8.10-6.el6 base 20 k
rsyslog-pgsql x86_64 5.8.10-6.el6 base 20 k
rsyslog-relp x86_64 5.8.10-6.el6 base 21 k
rsyslog-snmp x86_64 5.8.10-6.el6 base 21 k
Installing for dependencies:
librelp x86_64 0.1.1-4.1.el6 base 41 k
postgresql-libs x86_64 8.4.13-1.el6_3 base 200 kTransaction Summary
=====================================================================================================================================================================================================
Install 8 Package(s)Total download size: 377 k
Installed size: 852 k
Downloading Packages:
(1/8): librelp-0.1.1-4.1.el6.x86_64.rpm | 41 kB 00:00
(2/8): postgresql-libs-8.4.13-1.el6_3.x86_64.rpm | 200 kB 00:00
(3/8): rsyslog-gnutls-5.8.10-6.el6.x86_64.rpm | 27 kB 00:00
(4/8): rsyslog-gssapi-5.8.10-6.el6.x86_64.rpm | 28 kB 00:00
(5/8): rsyslog-mysql-5.8.10-6.el6.x86_64.rpm | 20 kB 00:00
(6/8): rsyslog-pgsql-5.8.10-6.el6.x86_64.rpm | 20 kB 00:00
(7/8): rsyslog-relp-5.8.10-6.el6.x86_64.rpm | 21 kB 00:00
(8/8): rsyslog-snmp-5.8.10-6.el6.x86_64.rpm | 21 kB 00:00
—————————————————————————————————————————————————————————————————–
Total 137 kB/s | 377 kB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : postgresql-libs-8.4.13-1.el6_3.x86_64 1/8
Installing : librelp-0.1.1-4.1.el6.x86_64 2/8
Installing : rsyslog-relp-5.8.10-6.el6.x86_64 3/8
Installing : rsyslog-pgsql-5.8.10-6.el6.x86_64 4/8
Installing : rsyslog-snmp-5.8.10-6.el6.x86_64 5/8
Installing : rsyslog-gnutls-5.8.10-6.el6.x86_64 6/8
Installing : rsyslog-mysql-5.8.10-6.el6.x86_64 7/8
Installing : rsyslog-gssapi-5.8.10-6.el6.x86_64 8/8
Verifying : rsyslog-gssapi-5.8.10-6.el6.x86_64 1/8
Verifying : rsyslog-pgsql-5.8.10-6.el6.x86_64 2/8
Verifying : rsyslog-mysql-5.8.10-6.el6.x86_64 3/8
Verifying : librelp-0.1.1-4.1.el6.x86_64 4/8
Verifying : postgresql-libs-8.4.13-1.el6_3.x86_64 5/8
Verifying : rsyslog-relp-5.8.10-6.el6.x86_64 6/8
Verifying : rsyslog-gnutls-5.8.10-6.el6.x86_64 7/8
Verifying : rsyslog-snmp-5.8.10-6.el6.x86_64 8/8Installed:
rsyslog-gnutls.x86_64 0:5.8.10-6.el6 rsyslog-gssapi.x86_64 0:5.8.10-6.el6 rsyslog-mysql.x86_64 0:5.8.10-6.el6 rsyslog-pgsql.x86_64 0:5.8.10-6.el6 rsyslog-relp.x86_64 0:5.8.10-6.el6
rsyslog-snmp.x86_64 0:5.8.10-6.el6Dependency Installed:
librelp.x86_64 0:0.1.1-4.1.el6 postgresql-libs.x86_64 0:8.4.13-1.el6_3Complete!
[root@localhost ~]#

Step 3: Start services

[root@localhost ~]# /etc/init.d/rsyslog start
Starting system logger:
[root@localhost ~]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost ~]# /etc/init.d/mysqld start
Initializing MySQL database: Installing MySQL system tables…
OK
Filling help tables…
OKTo start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your systemPLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:/usr/bin/mysqladmin -u root password ‘new-password’
/usr/bin/mysqladmin -u root -h localhost.localdomain password ‘new-password’Alternatively you can run:
/usr/bin/mysql_secure_installationwhich will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.See the manual for more instructions.You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.plPlease report any problems with the /usr/bin/mysqlbug script![ OK ]
Starting mysqld: [ OK ]
[root@localhost ~]#

Step 4: Add these services into boot list and change password for mysql

[root@localhost ~]# chkconfig rsyslog on
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# chkconfig mysqld on
[root@localhost ~]# mysqladmin -u root password ‘ithelpblog’;
[root@localhost ~]#

Step 5: Modify DB command for rsyslog and create DB rsysdb

[root@localhost ~]# vi /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
CREATE DATABASE rsysdb;
USE rsysdb;
CREATE TABLE SystemEvents
(
ID int unsigned not null auto_increment primary key,
CustomerID bigint,
ReceivedAt datetime NULL,
DeviceReportedTime datetime NULL,
Facility smallint NULL,
Priority smallint NULL,
FromHost varchar(60) NULL,
Message text,
NTSeverity int NULL,
Importance int NULL,
EventSource varchar(60),
EventUser varchar(60) NULL,
EventCategory int NULL,
EventID int NULL,
EventBinaryData text NULL,
[root@localhost ~]# mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
Enter password:
[root@localhost ~]#

Step 6: Create rsyslog.conf

[root@localhost /]# mv /etc/rsyslog.conf /etc/rsyslog.conf.bk
[root@localhost /]# vi /etc/rsyslog.conf
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
$template SpiceTmpl,”%TIMESTAMP%.%TIMESTAMP:::date-subseconds% %syslogtag% %syslogseverity-text%:%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n”
:programname, startswith, “spice-vdagent” /var/log/spice-vdagent.log;SpiceTmpl
$ModLoad ommysql
$ModLoad ommysql
*.* :ommysql:127.0.0.1,rsysdb,root,ithelpblog
$AllowedSender UDP, 127.0.0.1, 192.168.0.0/24
$AllowedSender TCP, 127.0.0.1, 192.168.0.0/24
[root@localhost /]#

Step 7: Stop syslog if we have

[root@localhost /]# /etc/init.d/syslog stop
-bash: /etc/init.d/syslog: No such file or directory
[root@localhost /]# chkconfig syslog off
error reading information on service syslog: No such file or directory
[root@localhost /]#

Step 8: Download and install LogAnalyzer

[root@localhost /]#wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.3.tar.gz
[root@localhost /]#tar zxvf loganalyzer-3.6.3.tar.gz
[root@localhost /]#mv loganalyzer-3.6.3/src/ /var/www/html/loganalyser
[root@localhost /]#mv loganalyzer-3.6.3/contrib/ /var/www/html/loganalyser

Step 9: Create config.php by configure.sh

[root@localhost src]# cd /var/www/html/
[root@localhost html]# cd loganalyser/
[root@localhost loganalyser]# ls
admin convert.php include search.php
asktheoracle.php cron index.php secure.sh
BitstreamVeraFonts css install.php statistics.php
chartgenerator.php details.php js templates
classes doc lang themes
config.php export.php login.php userchange.php
configure.sh favicon.ico reportgenerator.php
contrib images reports.php
[root@localhost loganalyser]#
[root@localhost loganalyser]# chmod 755 configure.sh secure.sh
[root@localhost loganalyser]# ./configure.sh

Step 10:  Restart all services

[root@localhost loganalyser]# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
[root@localhost loganalyser]# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@localhost loganalyser]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
[root@localhost loganalyser]#

Step 11:

http://x.x.x.x/loganalyser/ to start setup Log analyzer for your system.

loganalyzer 01

loganalyzer 02

loganalyzer 04

loganalyzer 05 loganalyzer 06

loganalyzer 07 loganalyzer 08 loganalyzer 09 loganalyzer 10

 

Step 12: Install rsyslog client on other servers, we can forward logs to Rsyslog Server

Install Rsyslog client on Ubuntu

http://ithelpblog.com/os/linux/debian/ubuntu-debian/install-and-configure-rsyslog-client-on-ubuntu-13-0412-10-debian/

Install Rsyslog client on Centos Redhat RHEL

http://ithelpblog.com/os/linux/redhat/centos-redhat/install-and-configure-rsyslog-client-on-centos-6-46-35-9-redhat-rhel/

Step 13: Now we can see logs from ubuntu Server on our Syslog Server

loganalyzer 11

That’s all. Thanks for using IThelpblog.com.

 

 

4 comments to Install Rsyslog Server and Log Analyzer on CentOS 6.4 5.9 Redhat RHEL

  • thomas  says:

    Hi

    I’m new to linux.

    I’m trying Install Rsyslog Server and Log Analyzer on CentOS 6.4 5.9 Redhat RHEL, on step 9 “Step 9: Create config.php by configure.sh”
    can you elaborate on this a bit,I’m lost there.

    thanks

    • Kevin  says:

      Hi Thomas,

      ./configure.sh is using to create config.php which it will save all configuration for log analyzer web interface. So you have to run ./configure.sh before you config the web interface setting for Log Analyzer.
      – One thing you need notice , when you go to this folder /var/www/html/loganalyser/ and type “ls”, if you see any configure.sh in there or not, if not you have to copy again from source. Normally it’s in loganalyzer-3.6.3/contrib/ folder.

      Regards,
      Kevin

  • Dragos  says:

    Hello.
    Does Loganalyzer analyze CISCO logs? ASA, router and switch logs.
    Thank you!

    • Kevin  says:

      Yes you can configure syslog on any devices: ASA, Cisco Router, Cisco Switch, Juniper…. and send logs to your Syslog Server.
      Example on Cisco router and Switch:
      Router(config)#logging 10.1.1.100
      10.1.1.100 is your syslog server.

      Regards,
      Kevin

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>