Setting up Rsyslog V8 & LogAnalyzer V4

Created - 12/03/2016

Last Tested - 12/04/2016

OS: Centos


NOTE: I have copied someone else's setup guide and updated it.

LINK & CREDIT: http://www.systeen.com/2016/05/08/install-rsyslog-v8-loganalyzer-v4-centos-7/


BASE: CentOS 7 Minimal install.

Prerequisite: wget, nano


Install Rsyslog V8
wget http://rpms.adiscon.com/v8-stable/rsyslog.repo
mv rsyslog.repo /etc/yum.repos.d/rsyslog.repo
yum install rsyslog* --skip-broken
chkconfig rsyslog on

Install MySQL

wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
yum update
yum install mysql-server
sudo systemctl start mysqld
mysqladmin -u root password 'PasswordHere'
mysql -u root -p
exit

Setup rsyslog database

NOTE: at the time 8.23.0 was the latest version this might change. To see the current version cd and ls that dir.

mysql -u root -p < /usr/share/doc/rsyslog-mysql-8.23.0/createDB.sql
mysql -u root -p Syslog
mysql> GRANT ALL ON Syslog.* TO [email protected] IDENTIFIED BY 'PasswordHere';
mysql> FLUSH PRIVILEGES;
mysql> exit

Test Connection

mysql -u rsyslogdbadmin -p Syslog
mysql> exit

Edit Rsyslog

Configure RSYSLOG to output the messages to its database.

nano /etc/rsyslog.conf

Things to modify in the configuration file:

Add the MySQL Module

# Load the MySQL Module
module(load="ommysql")

Uncomment the below lines

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

Add a new forwarding rule

*.* :ommysql:127.0.0.1,Syslog,rsyslogdbadmin,PasswordHere

Once finished restart rsyslog service

service rsyslog restart

Testing RSYSLOG messages are being forwarded to MySQL

mysql -u rsyslogdbadmin -p Syslog
mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
|        2 |
+----------+

Installing LogAnalyzer V4

Install httpd

yum install httpd
service httpd start
chkconfig httpd on

Go to your server in a web browser you should see testing 123…


Install PHP

yum install php php-mysql php-gd
nano /var/www/html/test.php
<?php
phpinfo();
?>
service httpd restart

Install LogAnalyzer

Download LogAnalyzer v4.1.3

wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
tar zxvf loganalyzer-4.1.5.tar.gz
mkdir /var/www/html/loganalyzer
cd loganalyzer-4.1.5/src/
cp -r * /var/www/html/loganalyzer
cd
cd loganalyzer-4.1.5/contrib/
cp -r * /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer/
chmod +x configure.sh secure.sh
./configure.sh

Open your web browser and head to http://IPHERE/loganalyzer go to setp 2 and if you see NOT WRITABLE then do the below setps.


If you have and only if NOT WRITABLE error.

Have to set SElinux permissive

nano /etc/selinux/config

change - SELINUX=enforcing to SELINUX=permissive

save the file and reboot that should fix the not writable error.