I will give an example of installing and configuring Rsyslog + Loganalyzer + MySQL.
The rsyslog installation command in Ubuntu/Debian:
apt-get install rsyslog rsyslog-mysql
Command to install rsyslog on CentOS:
yum install -y rsyslog-mysql rsyslog
chkconfig rsyslog on
service rsyslog start
Copy the link to the latest version of Loganalyzer and download https://loganalyzer.adiscon.com/downloads/:
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz
tar -xvzf loganalyzer-4.1.10.tar.gz
mv loganalyzer-4.1.10 /var/www/loganalyzer
chown www-data:www-data -R /var/www/loganalyzer/src/
Open Loganalyzer in the browser and follow the instructions to complete the installation.
After installation is complete:
cd /var/www/loganalyzer/src/
chmod 644 config.php
rm install.php
In any text editor, open the rsyslog configuration file:
nano /etc/rsyslog.conf
We connect the module of work according to the udp protocol:
$ModLoad imudp.so
$UDPServerRun 514
We set the network with which it is allowed to accept logs:
$AllowedSender UDP, 192.168.0.0/16, 10.0.0.0/16
In the /etc/rsyslog.d/mysql.conf file, specify what data to enter into the database, for example:
local0.* :ommysql:localhost,Syslog,rsyslog,PASSWORD
local1.notify :ommysql:localhost,Syslog,rsyslog,PASSWORD
daemon.warn :ommysql:localhost,Syslog,rsyslog,PASSWORD
An example of rules for iptables (where 10.0.0.0/16 the network of which is allowed to send logs):
iptables -A INPUT -p udp -m udp --dport 514 -s 10.0.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 514 -s 10.0.0.0/16 -j ACCEPT
To receive from other stations, we write the line at the stations (where 192.168.1.5 is the rsyslog server):
*.* @192.168.1.5:514
Restart rsyslog to apply the changes:
systemctl restart rsyslog
Here is a list of logging levels:
emergency Severity level 0
alert Severity level 1
critical Severity level 2
error Severity level 3
warning Severity level 4
notice Severity level 5
informational Severity level 6
debug Severity level 7
Other languages for Loganalyzer can be downloaded here: loganalyzer.adiscon.com/translations
See also my articles:
Clearing Loganalyzer History
How to write CRON logs to a separate file
How to configure IPTables