Tutorial php-syslog-ng, syslog-ng and mysql.

If you are looking for a solution to trace the logs of one or more machines in a web interface you're in the right place

Package used:

eventlog-0.2.7-1.el5.x86_64.rpm -> support library syslog-ng-2.1.3-1.el5.x86_64.rpm -> centralizing newspaper php-syslog-ng-2.9.8f.tgz -> Interface web log recovered

Biensur you need a working mysql server if it is not the case: click here

Installation:

Redhat & CentOS:

You will find these rpms in the repository rpmfind

eventlog-0.2.7-1.el5.x86_64.rpm syslog-ng-2.1.3-1.el5.x86_64.rpm

rpm-Uvh eventlog and syslog-ng
Debian & Ubuntu:

aptitude install syslog-ng that you also install libevtlog.
Installation:

First download php-syslog-ng here: http://code.google.com/p/php-syslog-ng/downloads/list

Unpack php-syslog-ng-2.9.8f.tgz your htdocs (DocumentRoot)

example: / opt / httpd / htdocs / or / var / www / for Debian or Ubuntu

tar xvzf php-syslog-ng-2.9.8f.tgz
Two files to change due to bug:

Replace the contents of: sample_data.sql (the cares of the original is that it is more valuable than tables)

This file is here: / opt / httpd / htdocs / php-syslog-ng / html / install / sql /

mv sample_data.sql sample_data.sql.orig
vi / opt / httpd / htdocs / php-syslog-ng / html / install / sql / sample_data.sql
For this:

INSERT INTO `logs` (host, facility, priority, level, tag, datetime, program, msg, counter) VALUES ( 'www-srv-001', 'daemon', 'warning', 'alert', 'Tag', '2006-06-15
 22:25:32 ',' Test Script ','% AAA-3-IPILLEGALMSG: Fan 1 had a rotation error reported. ', 1), (' t-3550-2 ',' kern ',' info ', 'alert', 'Tag', '2006-06-15 22:25:34 ',' Test
Script ',' Duplicate address 10.10.2.2 on Vlan20 ', 2), (' t-3550-2 ',' mail ',' warning ',' crit ',' Tag ', '2006-06-15 22:25 : 36 ',' Test Script ',' Line protocol on Interface
 FastEthernet0 / 7, changed state to up ', 3);
INSERT INTO `search_cache` VALUES ( 'logs', 'HOST', 'as-3550-2', '2006-06-15 18:25:54'),(' logs ',' HOST ',' www-srv -001 ', '2006-06-15 18:25:54'),(' logs',' FACILITY ',' d
Aemon ', '2006-06-15 18:25:54'),(' logs', 'FACILITY', 'kern', '2006-06-15 18:25:54'),(' logs ',' FACILITY ',' mail ', '2006-06-15 18:25:54');
Watch out for line breaks!

For the second amendment it is the end if you have any problems accessing your php-syslog with your browser:

If below to well after your htdocs example: / opt / httpd / htdocs / php-syslog-ng / html /

File: / opt / httpd / htdocs / php-syslog-ng / html / config / config.php

define ( 'siteurl', '/ php-syslog-ng/html /');
Syslog-ng:

Important!: Using the syslog-ng.conf provided by php-syslog-ng.

here it is: / opt / httpd / htdocs / php-syslog-ng / scripts / syslog-ng.conf

And put it in / etc / syslog-ng /

A small thing to change in:

(destination d_mysql
    program ( "/ opt / mysql / bin / mysql-u syslogadmin - password = password syslog-B> / dev / null"
    template ( "INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
    VALUES ( '$ HOST', '$ FACILITY', '$ PRIORITY', '$ LEVEL', '$ TAG', '$ YEAR-$ MONTH-$ DAY $ HOUR: $ MIN: $ SEC', '$ PROGRAM' , '$ MSG') \ n ")
    template-escape (yes));
    );
Note:

First thing the password appears in clear

# Ps-ef | grep syslog
root 1070 1 0 09:50 pts / 0 00:00:00 / bin / sh-c / opt / mysql / bin / mysql-u syslogadmin - password = password syslog-B> / dev / null
Second thing:

You may encounter this error in php-syslog-ng:

srvtest syslog 09:41:01 syslog-ng syslog-ng [1071]: Error opening file for writing; filename = '/ dev / xconsole', error = 'No such file or directory (2)'
To resolve:

mkfifo / dev / xconsole
chown root: tty / dev / xconsole
chmod 640 / dev / xconsole
Third thing:

Syslog listening on port udp 514

Then you only have to go to the URL you have chosen your preferred browser is Firefox