First we need to install some required RPM’s. Since I am running LogAnalyzer, Rsyslog, and MySQL all on the same server I will install these required packages:
# yum install httpd php mysql php-mysql mysql-server wget rsyslog rsyslog-mysqlNow we’ll make sure MySQL and Apache are configured to start automatically and start them up:
# chkconfig mysqld on
# chkconfig httpd on
# service mysqld start
# service httpd startBy default the MySQL root database user is blank so for security we should set it now:
# mysqladmin -u root password NewPasswordNow let’s import the database schema for the rsyslog database into MySQL. You may need to adjust the path to your “createDB.sql” file below if the rsyslog version has been updated.
# mysql -u root -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sqlIt is best practice to limit database access for applications, so now we’ll set up a user specifically for LogAnalyzer and rsyslog that we’ll use to access the newly created rsyslog database. For even greater security you may want to set up separate accounts for both rsyslog and LogAnalyzer, since LogAnalyzer is only viewing the rsyslog database fewer privileges like select should be needed. For my environment using the same user is adequate. Notice with MySQL you can make access very granular and specify to only allow the rsyslog user database access from the localhost. Also we’ll execute the “flush privileges” MySQL command to activate our permissions changes immediately.
# mysql -u root -p mysql
mysql> GRANT ALL ON Syslog.* TO rsyslog@localhost IDENTIFIED BY 'Password';
mysql> flush privileges;
mysql> exitNow it is time to edit the”/etc/rsyslog.conf” file. We’ll include information that will allow us to log syslog messages from rsyslog into the MySQL database. The first line loads the MySQL driver. The second line allows us to specify to log messages from the “authpriv” facility with all severities, which includes most log in/out messages and switch user events. If I wanted to log all messages to MySQL I would specify *.*. I have identified the MySQL database server to log to as 127.0.0.1, Syslog is the name of the MySQL database, and finally I have specified my MySQL rsyslog username and password. To specify additional syslog facility/severity combinations add them to the front of the second line and separate each combination with a semicolon (mail.*;authpriv.* :ommysql…). Remember that when you specify a severity that is the minimum level which will be logged, anything with a higher severity will also be logged. Add the code to the top of the file:
$ModLoad ommysql
authpriv.* :ommysql:127.0.0.1,Syslog,rsyslog,PasswordNow it’s time to shut down and disable the existing syslog daemon and enable and start up rsyslog:
# chkconfig syslog off
# service syslog stop
# chkconfig rsyslog on
# service rsyslog startIt is now time to go out to the web and download LogAnalyzer. To find information on the latest release go to http://loganalyzer.adiscon.com/downloads.
Or to download directly to your Linux server the version I am using enter this (wget is required):
# cd ~
# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.0.tar.gzUnzip and untar the LogAnalyzer files:
# tar zxvf loganalyzer-3.0.0.tar.gzNow it is time to move various files and subdirectories to your Apache web document root. In this example I am assuming that this is still the Apache default of “/var/www/html”.
# mv loganalyzer-3.0.0/src /var/www/html/loganalyzer
# mv loganalyzer-3.0.0/contrib/* /var/www/html/loganalyzer/Change to new LogAnalyzer web subdirectory, modify the file permissions on two scripts, and run the configure.sh script. This will create a blank config.php file which will be have information added during the web portion of the configuration.
# cd /var/www/html/loganalyzer
# chmod u+x configure.sh secure.sh
# ./configure.sh
No comments:
Post a Comment