Inicio > Hosting > Centralized Syslog Server Using syslog-NG with web Interface using php-syslog-ng

Centralized Syslog Server Using syslog-NG with web Interface using php-syslog-ng


Central Log Management System is a simple web based logging system which allows logging all syslog messages from various Network Devices, Unix, Linux, Solaris and Windows Servers. This allows the visibility of logs from all these devices in one single interface.

What is Syslog-NG ?

syslog-ng© is the world’s most flexible and scalable audit trail processing tool for organizations of any size. It provides a centralised, securely stored log of all devices on your network, whatever platform they run on. And syslog-ng also incorporates a host of powerful features, including filtering based on message content, as well as customisable data mining and analysis capabilities.

Downloads and Documentation

http://www.balabit.com/products/syslog_ng/Syslog-Ng FAQ

http://www.campin.net/syslog-ng/faq.html

Syslog-NG Server Configuration

Install Syslog-NG in debian

#apt-get install syslog-ng
Reading Package Lists… Done
Building Dependency Tree… Done
The following packages will be REMOVED:
klogd sysklogd
The following NEW packages will be installed:
syslog-ng
0 upgraded, 1 newly installed, 2 to remove and 8 not upgraded.
Need to get 215kB of archives.
After unpacking 233kB of additional disk space will be used.
Do you want to continue? [Y/n]y

This will complete the installation process.

Installation Error with solution

Building Dependency Tree… Done
The following packages will be REMOVED:
klogd sysklogd
The following NEW packages will be installed:
syslog-ng
0 upgraded, 1 newly installed, 2 to remove and 8 not upgraded.
Need to get 215kB of archives.
After unpacking 233kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirror.ox.ac.uk stable/main syslog-ng 1.6.5-2.2 [215kB]
Fetched 215kB in 0s (683kB/s)
(Reading database … 16396 files and directories currently installed.)
Removing klogd …
Stopping kernel log daemon: klogd.
Removing sysklogd …
Stopping system log daemon: syslogd.
Selecting previously deselected package syslog-ng.
(Reading database … 16374 files and directories currently installed.)
Unpacking syslog-ng (from …/syslog-ng_1.6.5-2.2_i386.deb) …
Setting up syslog-ng (1.6.5-2.2) …
CONSOLE_LOG_LEVEL is of unaccepted value.
KERNEL_RINGBUF_SIZE is of unaccepted value.
Starting system logging: syslog-ng.

The above error is know problem with syslog-ng 1.6.5-2.2 debian package for this you need to modify the syslog-ng startup script file /etc/init.d/syslog-ng

Change the following

1) Edit the file /etc/default/syslog-ng uncomment the following lines and save the file

CONSOLE_LOG_LEVEL
KERNEL_RINGBUF_SIZE

OR

2)case “x$CONSOLE_LOG_LEVEL” in
x[0-7])
dmesg -n $CONSOLE_LOG_LEVEL
;;
*)
echo “CONSOLE_LOG_LEVEL is of unaccepted value.”
;;
esac

to

case “x$CONSOLE_LOG_LEVEL” in
x[0-7])
dmesg -n $CONSOLE_LOG_LEVEL
;;
x)
;;
*)
echo “CONSOLE_LOG_LEVEL is of unaccepted value.”
;;
esac

2)case “x$KERNEL_RINGBUF_SIZE” in
x[0-9]*)
dmesg -s $KERNEL_RINGBUF_SIZE
;;
*)
echo “KERNEL_RINGBUF_SIZE is of unaccepted value.”
;;
esac

to

case “x$KERNEL_RINGBUF_SIZE” in
x[0-9]*)
dmesg -s $KERNEL_RINGBUF_SIZE
;;
x)
;;
*)
echo “KERNEL_RINGBUF_SIZE is of unaccepted value.”
;;
esac

After changing above two changes you need to restart syslog-ng using the following command

#/etc/init.d/syslog-ng start

Syslog-NG Configuration

Default Configuration file located at /etc/syslog-ng/syslog-ng.conf file

Default syslog-ng.conf file click here

Now you need to concentrate on configuration of this file how to fit your need.I am giving example of configuring UDP as source to get the messages remotely for this you need to change the following line under Sources and options

1)# (this is equivalent to the “-r” syslogd flag)
# udp();

to

# (this is equivalent to the “-r” syslogd flag)
udp();

2)# enable or disable DNS usage
# syslog-ng blocks on DNS queries, so enabling DNS may lead to
# a Denial of Service attack
# (default is yes)
use_dns(no);

to

# enable or disable DNS usage
# syslog-ng blocks on DNS queries, so enabling DNS may lead to
# a Denial of Service attack
# (default is yes)
use_dns(yes);
dns_cache(yes);

If you want to know more sources,options,logs,filters,destination click here

Syslog-NG My-SQL Integartion with PHP-syslog-NG Web interface

Make sure the you have installed mysql server and phpmyadmin in your machine. If you want to install run the following command

#apt-get install mysql-server

#apt-get install phpmyadmin

You need to install apache Webserver click here for apache with php support installation steps.

What is PHP-syslog-NG ?

php-syslog-ng is a log monitor designed to let the user quickly and easily manage logs from many hosts.

PHP-Syslog-ng is a front-end for viewing syslog-ng messages logged to MySQL in real-time. It features customized searches based on device, time, priori ty, message, and date.

HOW IT WORKS

Syslog-ng by default collects all the messages from the various sources and pipes them to the MySQL Database. PHP-Syslog-ng which is the front end interface t hen looks and reads from the MySQL Database when searched from the web interface.

Download PHP-syslog-NG

http://www.phpwizardry.com/php-syslog-ng/phpsyslogng-2.8.tar.gz

Installing PHP-syslog-NG with Mysql support for syslog-ng

Download the PHP-syslog-NG in your web server root directory and extract this file phpsyslogng-2.8.tar.gz.Now

#cd phpsyslogng-2.8

Now you are in phpsyslogng-2.8 directory

Configure MySQL

The quickest way to do this is to use the dbsetup.sql file in the scripts directory. Just edit the file and set some passwords for the three users that are created (replace PW_HERE). The script will create a table for logs and a table for user authentication and give the three users some sensible priviliges. If you make other changes like changing the name of the database or the name of the tables then make sure you edit config.php to reflect that. After editing the dbsetup.sql file then just run it like this:

shell> mysql -uroot -p < dbsetup.sql

Configure syslog-ng

Now you need to configure syslog-ng to send the desired log messages to a pipe that can be read to send the entries to MySQL. You will need to add two entries to the syslog-ng configuration file. The configuration file is usually in /etc/syslog-ng/syslog-ng.conf.

You first need to add a new ‘destination’ entry. Add something like this:

destination d_mysql {
pipe(“/var/log/mysql.pipe”
template(“INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( ‘$HOST’, ‘$FACILITY’, ‘$PRIORITY’, ‘$LEVEL’, ‘$TAG’, ‘$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC’,
‘$PROGRAM’, ‘$MSG’ );\n”) template-escape(yes));
};

That will take your log entries and format them into a SQL query that can be run to add it to the database.

You also need to add an entry that determines what log entries to forward to the FIFO pipe. You will usually want to forward everything to MySQL and there should already be a ‘source’ entry for that in your syslog-ng.conf file (usually called src or s_all). To tie that source to the destination you just created you will add something like this:

log {
source(s_all);
destination(d_mysql);
};

Setup syslog-ng to MySQL pipe

An example for a script that feeds log entries from the FIFO pipe to MySQL is included in the scripts directory. The script is called syslog2mysql.sh.
#!/bin/bash

if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u syslogfeeder –password=PASS_HERE syslog < /var/log/mysql.pipe >/dev/null
done

If you decide to use this script then you have to replace PASS_HERE with the password for the syslogfeeder user. You will also probably want to have this script started automatically whenever you start the server. So add an entry in the inittab or start it through init.d (or whatever is appropriate on your system). But make sure you call it after MySQL has been started.

Now start the syslog2mysql.sh script:

shell> ./syslog2mysql.sh &

or if you created an init.d script:

shell> /etc/init.d/syslog2mysql start

Note:- This syslog2mysql.sh need to run always in background because using this script all the messges are pipe to mysql database

It’s finally time to restart the syslog-ng daemon and start sending your logs to the database:

shell> /etc/init.d/syslog-ng restart

Edit config.php

If you are using the default database setup from the dbsetup.sql file then all you need to do is to enter the passwords for the sysloguser and syslogadmin users, set the right host and port for the database server if it is not on the same server as the web server and set the correct URL. Otherwise read through the config.php file and configure things to suit your needs. All the different options are explained in the file.

Log rotation

Log rotation should be part of most installations where you use php-syslog-ng. It is better to use log rotation than deleting rows in the main table because deleting rows can lead to performance problems. Rotating old logs out of the main table will also usually result in better performance because the tables with old logs are static and can be optimized. There is a logrotate.php script in the scripts directory. You may have to edit it to enter the correct path to your php-syslog-ng installation but after that it should be ready for use. If you enable merge tables in the config.php file then a merge table of all log tables will be created at the end of the script. The merge table will allow you to search across all tables instead of having to do searches against one table at a time. The merge table does equate to a slight performance hit on the search form because the fields are populated based on all tables instead of one particular table.

You can also specify enable the LOGRETENTION setting in config.php. If you enable this then logs older than this setting will be dropped whenever the logrotate.php is run.

If you decide to use the logrotate.php script then just add it to your crontab and have it run however frequent you want (max is currently one time per day).

Logrotate Error

When you run logrotate.php if you are getting the following error

Starting logrotate
2006-05-01 21:50:08
No DB link

then check the file /etc/php4/cli/php.ini for an entry:

;extension=mysql.so

and uncomment this entry (take away the semi-colon):

extension=mysql.so (Thanks to Richard Lucassen for this Solution)

Now you can check your installation http://ipaddress/phpsyslogng/ and login user admin and test as password.

Syslog Client Configuration

If you want to send the all the server syslog messages to syslog server you need to edit the file /etc/syslog.conf and you need to enter the following

*.* <Tab><Tab> @syslog server ipaddress

now you need to restart the syslog in client machine

#/etc/init.d/sysklogd restart – for debian

#/etc/init.d/syslog restart – for Other Linux Distributions

Categorías:Hosting
  1. septiembre 26, 2012 a las 3:10 pm

    At this time it seems like BlogEngine is the preferred blogging platform out there right
    now. (from what I’ve read) Is that what you’re using on your blog?

  2. octubre 14, 2012 a las 6:31 pm

    You could certainly see your enthusiasm in the work you write.
    The world hopes for more passionate writers like you who
    are not afraid to say how they believe. Always go after your heart.

  3. diciembre 7, 2012 a las 7:52 am

    Everyone loves it when individuals get together and share ideas.
    Great site, stick with it!

  4. diciembre 19, 2012 a las 12:12 am

    If some one desires expert view concerning running a blog then i propose him/her to go to see this blog,
    Keep up the good work.

  5. diciembre 21, 2012 a las 4:52 am

    Have you ever thought about adding a little bit more than just your articles?
    I mean, what you say is fundamental and all. However think about if you
    added some great pictures or video clips to give your posts more, “pop”!
    Your content is excellent but with images and video clips, this site could
    definitely be one of the most beneficial in its niche.
    Great blog!

  6. diciembre 24, 2012 a las 1:56 am

    Woah! I’m really enjoying the template/theme of this site. It’s simple, yet effective.
    A lot of times it’s tough to get that “perfect balance” between usability and visual appeal. I must say that you’ve done a great job with this.
    In addition, the blog loads extremely fast for me on Chrome.
    Exceptional Blog!

  7. diciembre 30, 2012 a las 7:10 am

    I leave a response when I like a article on
    a site or if I have something to add to the conversation.
    It’s triggered by the sincerness communicated in the article I looked at. And after this post Centralized Syslog Server Using syslog-NG with web Interface using php-syslog-ng Linux. I was excited enough to leave a thought😉 I actually do have a couple of questions for you if it’s allright.

    Is it only me or does it give the impression like some of these comments come across like written by brain dead
    individuals?😛 And, if you are posting at other online social sites, I would like to follow anything new you have to post.
    Could you list all of your community sites like your twitter feed, Facebook page or linkedin profile?

  8. diciembre 30, 2012 a las 2:51 pm

    Wonderful goods from you, man. I have consider your stuff previous to and you’re simply extremely great. I actually like what you have acquired here, really like what you’re stating and the way in which you are saying it.

    You’re making it enjoyable and you continue to take care of to keep it smart. I cant wait to learn far more from you. That is actually a wonderful web site.

  9. enero 16, 2013 a las 1:18 pm

    If you would like to get a great deal from this paragraph then
    you have to apply such strategies to your won website.

  10. enero 28, 2013 a las 2:05 pm

    Thank you for the good writeup. It if truth be
    told was a amusement account it. Look complicated to more
    brought agreeable from you! By the way, how could we communicate?

  11. enero 28, 2013 a las 11:49 pm

    I simply could not go away your website before suggesting that I extremely loved the usual information a person supply for your guests?
    Is going to be again often in order to check out new posts

  12. febrero 1, 2013 a las 6:02 am

    Hi there, after reading this amazing post i am also happy to share my familiarity here with colleagues.

  13. febrero 2, 2013 a las 5:01 am

    Hi there to every body, it’s my first pay a quick visit of this website; this weblog consists of awesome and genuinely fine stuff for readers.

  14. febrero 14, 2013 a las 8:32 pm

    We absolutely love your blog and find most of your post’s to be just what I’m looking for.
    can you offer guest writers to write content in your case?

    I wouldn’t mind composing a post or elaborating on most of the subjects you write regarding here. Again, awesome site!

  15. febrero 20, 2013 a las 7:05 pm

    Greetings! I was interested to know if setting up a blog such your own: http://marnigroedu.
    wordpress.com/2010/07/27/syslog-ng-centralizacion-de-log/ is challenging to do
    for inexperienced people? I have been wanting to develop my own blog for a while now but have been turned off because I’ve always assumed it required tons of work. What do you think? Bless you

  16. marzo 1, 2013 a las 10:23 pm

    Hey! I’m at work surfing around your blog from my new iphone! Just wanted to say I love reading your blog and look forward to all your posts! Carry on the fantastic work!

  17. marzo 2, 2013 a las 9:02 pm

    Hi there, You’ve done a fantastic job. I’ll definitely digg it and personally recommend to my friends. I’m sure they’ll be benefited from this website.

  18. marzo 10, 2013 a las 12:59 pm

    Good – I should certainly pronounce, impressed with
    your website. I had no trouble navigating through all the tabs and related information ended up being truly easy to do
    to access. I recently found what I hoped for before you know it
    in the least. Reasonably unusual. Is likely to appreciate it for those
    who add forums or something, site theme . a tones way for your client to communicate.
    Nice task..

  19. marzo 20, 2013 a las 12:22 pm

    It’s actually a cool and helpful piece of info. I’m happy that you just shared this
    helpful info with us. Please keep us informed like this. Thanks for sharing.

  20. abril 10, 2013 a las 3:40 am

    Hi there to all, how is the whole thing, I think every one is getting
    more from this web site, and your views are good
    in support of new viewers.

  21. abril 13, 2013 a las 1:05 am

    Hey there! This post couldn’t be written any better! Reading this post reminds me of my previous room mate! He always kept chatting about this. I will forward this write-up to him. Pretty sure he will have a good read. Many thanks for sharing!

  22. abril 17, 2013 a las 6:08 pm

    I have learn several good stuff here. Certainly
    worth bookmarking for revisiting. I surprise how a lot effort
    you put to make any such wonderful informative site.

  23. abril 19, 2013 a las 7:18 pm

    Oh my goodness! Impressive article dude! Thank you so much,
    However I am experiencing problems with your RSS.

    I don’t know the reason why I can’t join it.
    Is there anybody getting identical RSS problems?

    Anybody who knows the answer can you kindly respond? Thanks!

    !

  24. abril 24, 2013 a las 2:16 pm

    You could certainly see your skills in the work you write.
    The world hopes for even more passionate writers like you who
    aren’t afraid to say how they believe. All the time go after your heart.

  25. abril 27, 2013 a las 11:17 am

    I loved as much as you will receive carried out right here.
    The sketch is attractive, your authored subject matter stylish.
    nonetheless, you command get got an nervousness over that
    you wish be delivering the following. unwell unquestionably come further formerly again since exactly the same nearly a
    lot often inside case you shield this increase.

  26. abril 27, 2013 a las 8:09 pm

    Therefore, make sure you set the system up correctly.
    If you teach your children about the various
    requirements for iguana care, then they may find it quite
    fascinating to help you in your task. They’re also far too small even for a juvenile iguana.

  27. mayo 5, 2013 a las 6:40 pm

    I was wondering if you ever thought of changing the
    structure of your website? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people
    could connect with it better. Youve got an awful
    lot of text for only having 1 or two images.
    Maybe you could space it out better?

  28. mayo 6, 2013 a las 10:05 am

    Believing that you are actually starving, it releases chemicals that actually make it harder to lose weight in an effort to conserve energy.
    Vitamin B3 or also called as Niacin is important
    in weight loss because it is responsible for the regulation of thyroid hormones and also in sugar levels in the body.
    Expect to lose all that extra flabbiness as you melt off all your unwanted fat.

  29. mayo 6, 2013 a las 9:35 pm

    One of the other types of console where you can play this game is the fighting online video game.
    With some game clients are growing, web games will
    ensure players enjoy the same quality, and eventually catch up with the client game in the image.
    Many people think that because the entertainment is not charged it is of poor quality.

  30. mayo 6, 2013 a las 9:57 pm

    Hi there to every one, it’s really a fastidious for me to pay a visit this web site, it includes important Information.

  31. mayo 7, 2013 a las 10:56 am

    Can I just say what a comfort to find a person that actually understands what they are talking about over the internet.
    You definitely realize how to bring a problem to light and make it
    important. A lot more people have to check this out and understand this side of the story.
    It’s surprising you are not more popular because you certainly possess the gift.

  32. mayo 7, 2013 a las 4:54 pm

    Good post. I be taught one thing more difficult on different
    blogs everyday. It can always be stimulating to learn content material from different

    writers and practice a bit of

    one thing from their store. I’d favor to use some with the

    content material on my blog whether you don’t mind. Natually I’ll offer you a hyperlink on your web blog.
    Thanks for sharing.

  33. mayo 7, 2013 a las 5:06 pm

    Excellent beat ! I wish to apprentice even as you amend your web site,
    how can i subscribe for a blog site? The account aided me a applicable deal.
    I had been a little bit familiar of this your broadcast provided shiny transparent concept

  34. Ina
    mayo 8, 2013 a las 8:12 am

    Instead of saying buy my product, ask for feedback.
    A hashtag is a word or series of words (no spaces or punctuation) preceeded by a
    pound sign and referring to the topic or category of a Tweet.
    If someone gets busted for having a fake account it is usually big news
    for five minutes then fades away.

  35. mayo 13, 2013 a las 4:20 pm

    Hey There. I found your blog using msn. This is an extremely well written article.
    I’ll be sure to bookmark it and come back to read more of your useful info. Thanks for the post. I will certainly comeback.

  36. mayo 15, 2013 a las 10:03 pm

    It’s wonderful that you are getting ideas from this paragraph as well as from our argument made at this place.

  37. mayo 17, 2013 a las 8:49 am

    I visit each day some sites and blogs to read articles, however this website gives quality based content.

  38. mayo 27, 2013 a las 10:08 pm

    You should take part in a contest for one of the highest quality sites on the internet.
    I most certainly will highly recommend this blog!

  39. junio 1, 2013 a las 7:36 am

    Way cool! Some very valid points! I appreciate you writing this article and the rest of the website is extremely good.

  40. junio 3, 2013 a las 4:18 am

    Today, I went to the beach with my kids. I found a sea shell and gave it to my 4 year old daughter
    and said “You can hear the ocean if you put this to your ear.” She placed the shell to her ear and screamed.
    There was a hermit crab inside and it pinched her ear.
    She never wants to go back! LoL I know this is totally off topic
    but I had to tell someone!

  41. junio 4, 2013 a las 11:40 am

    Greate post. Keep writing such kind of information on your
    blog. Im really impressed by your site.
    Hello there, You have done a great job. I will certainly
    digg it and individually suggest to my friends. I am sure
    they’ll be benefited from this web site.

  1. No trackbacks yet.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s

A %d blogueros les gusta esto: