Installing Rsyslog + Loganalyzer + MySQL

Posted byVyacheslav Leave a comment on Installing Rsyslog + Loganalyzer + MySQL

I will give an example of installing and configuring Rsyslog + Loganalyzer + MySQL.

The rsyslog installation command in Ubuntu/Debian:

apt-get install rsyslog rsyslog-mysql

Command to install rsyslog on CentOS:

yum install -y rsyslog-mysql rsyslog
chkconfig rsyslog on 
service rsyslog start

Copy the link to the latest version of Loganalyzer and download https://loganalyzer.adiscon.com/downloads/:

wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz
tar -xvzf loganalyzer-4.1.10.tar.gz
mv loganalyzer-4.1.10 /var/www/loganalyzer
chown www-data:www-data -R /var/www/loganalyzer/src/

Open Loganalyzer in the browser and follow the instructions to complete the installation.

After installation is complete:

cd /var/www/loganalyzer/src/
chmod 644 config.php
rm install.php

In any text editor, open the rsyslog configuration file:

nano /etc/rsyslog.conf

We connect the module of work according to the udp protocol:

$ModLoad imudp.so
$UDPServerRun 514

We set the network with which it is allowed to accept logs:

$AllowedSender UDP, 192.168.0.0/16, 10.0.0.0/16

In the /etc/rsyslog.d/mysql.conf file, specify what data to enter into the database, for example:

local0.* :ommysql:localhost,Syslog,rsyslog,PASSWORD
local1.notify :ommysql:localhost,Syslog,rsyslog,PASSWORD
daemon.warn :ommysql:localhost,Syslog,rsyslog,PASSWORD

An example of rules for iptables (where 10.0.0.0/16 the network of which is allowed to send logs):

iptables -A INPUT -p udp -m udp --dport 514 -s 10.0.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 514 -s 10.0.0.0/16 -j ACCEPT

To receive from other stations, we write the line at the stations (where 192.168.1.5 is the rsyslog server):

*.* @192.168.1.5:514

Restart rsyslog to apply the changes:

systemctl restart rsyslog

Here is a list of logging levels:
emergency Severity level 0
alert Severity level 1
critical Severity level 2
error Severity level 3
warning Severity level 4
notice Severity level 5
informational Severity level 6
debug Severity level 7

Other languages for Loganalyzer can be downloaded here: loganalyzer.adiscon.com/translations

See also my articles:
Clearing Loganalyzer History
How to write CRON logs to a separate file
How to configure IPTables

Leave a comment

Leave a Reply