Setting up Rsyslog V8 & LogAnalyzer V4

Created - 12/03/2016

Last Tested - 12/04/2016

OS: Centos

NOTE: I have copied someone else's setup guide and updated it.


BASE: CentOS 7 Minimal install.

Prerequisite: wget, nano

Install Rsyslog V8
mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
yum install rsyslog* --skip-broken
chkconfig rsyslog on

Install MySQL

rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum update
yum install mysql-server
sudo systemctl start mysqld
mysqladmin -u root password 'PasswordHere'
mysql -u root -p

Setup rsyslog database

NOTE: at the time 8.23.0 was the latest version this might change. To see the current version cd and ls that dir.

mysql -u root -p < /usr/share/doc/rsyslog-mysql-8.23.0/createDB.sql
mysql -u root -p Syslog
mysql> GRANT ALL ON Syslog.* TO [email protected] IDENTIFIED BY 'PasswordHere';
mysql> exit

Test Connection

mysql -u rsyslogdbadmin -p Syslog
mysql> exit

Edit Rsyslog

Configure RSYSLOG to output the messages to its database.

nano /etc/rsyslog.conf

Things to modify in the configuration file:

Add the MySQL Module

# Load the MySQL Module

Uncomment the below lines

# Provides UDP syslog reception
# for parameters see
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

Add a new forwarding rule

*.* :ommysql:,Syslog,rsyslogdbadmin,PasswordHere

Once finished restart rsyslog service

service rsyslog restart

Testing RSYSLOG messages are being forwarded to MySQL

mysql -u rsyslogdbadmin -p Syslog
mysql> select count(*) from SystemEvents;
| count(*) |
|        2 |

Installing LogAnalyzer V4

Install httpd

yum install httpd
service httpd start
chkconfig httpd on

Go to your server in a web browser you should see testing 123…

Install PHP

yum install php php-mysql php-gd
nano /var/www/html/test.php
service httpd restart

Install LogAnalyzer

Download LogAnalyzer v4.1.3

tar zxvf loganalyzer-4.1.5.tar.gz
mkdir /var/www/html/loganalyzer
cd loganalyzer-4.1.5/src/
cp -r * /var/www/html/loganalyzer
cd loganalyzer-4.1.5/contrib/
cp -r * /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer/
chmod +x

Open your web browser and head to http://IPHERE/loganalyzer go to setp 2 and if you see NOT WRITABLE then do the below setps.

If you have and only if NOT WRITABLE error.

Have to set SElinux permissive

nano /etc/selinux/config

change - SELINUX=enforcing to SELINUX=permissive

save the file and reboot that should fix the not writable error.