Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

#yum install rsyslog rsyslog-mysql mysql-server php php-mysql php-gd httpd mod_ssl

download From here to accept tls support on rsyslog http://www.rsyslog.com/download/
If i am not wrong rsyslog lower version doesnot support TLS encryption.

#chkconfig –levels 345 rsyslog on
#chkconfig –levels 345 httpd on
#chkconfig –levels 345 mysqld on
#service syslog stop
#chkconfig –del syslog

Note
rSyslog uses the same syntax as syslog.conf.
copy syslog.conf over rsyslog.conf


To rSyslog have access to MySQL it’s necessary to load the ommysql plugin, add this line at the begin of the /etc/rsyslog.conf file.
$ModLoad ommysql.so

please find below all client and server configuration

Creating a MySQL database for rSyslog
Before everything, it’s needed to start MySQL service
service mysqld start

As root, lets create the access for the user from rSyslog to connect do database
mysql
mysql> CREATE USER ‘rsyslog’@’localhost’ IDENTIFIED BY ‘password’;
mysql> GRANT ALL PRIVILEGES ON rsyslog.* TO ‘rsyslog’@’localhost’ WITH GRANT OPTION;

Now, create the database that will be used by rSyslog

As root, run
mysql < /usr/share/doc/rsyslog-mysql-2.0.6/createDB.sql Note: Version of rsyslog-mysql-may be different. Back to the file, /etc/rsyslog.conf add this line before the rsyslog directives
*.* :ommysql:localhost,Syslog,rsyslog,P45sword

At the end of this process, the file /etc/rsyslog.conf will look like
$ModLoad ommysql.so

*.* :ommysql:localhost,Syslog,rsyslog,P45sword

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

Allowing remote connections to rSyslog

Edit the /etc/sysconfig/rsyslog file and add the parameter -r at line 6
SYSLOGD_OPTIONS=”-r -m 0″

It’s possible to start rsyslog right now, so you can see if everything gonna ok
service rsyslog start

Installing the Web UI client for rSyslog

With the rsyslog service ok, comes the part where we configure the web interface to make de filters, queries etc.

Download the frontend Log Analyzerto your server
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.2.1.tar.gz
(Check for the latest Version @ http://loganalyzer.adiscon.com/downloads )

Extract to /usr/src

Go to directory where you extracted it, in this case /usr/src/loganalyzer-3.2.1 and copy the directory src to /var/www/html
cp -R src /var/www/html/syslog
cd /var/www/html/syslog
touch config.php
chown apache config.php

If you haven’t started apache yet, you can do it now
service httpd start

http://ip.of.mach.ine/syslog

Note the error, it’s normal and awaited. Click in “here” to start configuring LogAnalayzer

The installer will check the OS for the prerequisites to start the program. Click “Next”.

The test was done on the phpLogCon has write access to config.php file that we created and defined the permission. Click “Next” to continue.

On Basic Configuration, let the default options selected. Click “Next”.

This is the most important part, it’s here that will be configured the data sources from Syslog.

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Change the field “Source Type” to “MySQL” and fill the fields on block “Database Type Options”, like the figure above.

Click Next.

Ready!

Click “Finish!” and you will be redirected to the main screen for the phpLogCon.

Setting clients to log on Syslog server

On Linux clientes that you wanna log on a Syslog server, you must configure /etc/syslog.conf and add the following line:

*.* @here goes server ip or hostname

With this done, you need to restart Syslog service on host client
service syslog restart

Making rsyslog of server usageble by PHP, APACHE or any other application,

How to parse local files into mysql database.
Inside virtualhost, please sue this instead of own customLog or ErrorLog

ErrorLog “|/usr/bin/logger -p local2.info”
CustomLog “|/usr/bin/logger -p local1.info” combined

Getting TLS (passing Encrypted traffic from client machine to remote server.)

encrypt with TLS – Security.

Central Log Server : vi /etc/rsyslog.conf

$EscapeControlCharactersOnReceive off
$ModLoad ommysql.so
$modload imtcp
$ModLoad imuxsock
$ModLoad imklog
$modload imudp
#$UDPServerRUn 514

*.* :ommysql:localhost,Syslog,root,zero9841In6778

$DefaultNetstreamDriver gtls

$DefaultNetstreamDriverCAFile /usr/src/rsyslog-5.8.4/contrib/gnutls/ca.pem
$DefaultNetstreamDriverCertFile /usr/src/rsyslog-5.8.4/contrib/gnutls/cert.pem
$DefaultNetstreamDriverKeyFile /usr/src/rsyslog-5.8.4/contrib/gnutls/key.pem

$InputTCPServerStreamDriverMode 1
$InputTCPServerStreamDriverAuthMode anon
$InputTCPServerRun 10514
$AllowedSender TCP, 127.0.0.1, 69.53.222.4
$CreateDirs on
$DirCreateMode 0755

Central Log Server vi /etc/sysconfig/rsyslog

# Options to syslogd
# -m 0 disables ‘MARK’ messages.
# -rPortNumber Enables logging from remote machines. The listener will listen to the specified port.
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS=”-r -m 0″
RSYSLOGD_OPTIONS=”-t10514 -m 0″
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with ‘ksymoops’
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS=”-x”

Client vi /etc/rsyslog.conf

$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
$ModLoad imtcp
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$DefaultNetstreamDriverCAFile /usr/src/rsyslog-5.8.4/contrib/gnutls/ca.pem
$DefaultNetstreamDriver gtls
$ActionSendstreamDriverMode 1
$ActionSendStreamDriverAuthMode anon

$CreateDirs on
$DirCreateMode 0755
*.* @@216.224.227.171:10514

Client vi /etc/syslog/rsyslog.conf

SYSLOGD_OPTIONS=”-r -m 0″

if any problem with /etc/init.d or if missing start|stop|restart

#!/bin/bash
#
# rsyslog        Starts rsyslogd/rklogd.
#
#
# chkconfig: 2345 12 88
# description: Syslog is the facility by which many daemons use to log 
# messages to various system log files.  It is a good idea to always 
# run rsyslog.
### BEGIN INIT INFO
# Provides: $syslog
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start:  2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Enhanced system logging and kernel message trapping daemons
# Description: Rsyslog is an enhanced multi-threaded syslogd supporting,
#              among others, MySQL, syslog/tcp, RFC 3195, permitted
#              sender lists, filtering on any message part, and fine
#              grain output format control.
### END INIT INFO

# Source function library.
. /etc/init.d/functions

RETVAL=0
PIDFILE=/var/run/syslogd.pid

prog=rsyslogd
exec=/usr/local/sbin/rsyslogd
lockfile=/var/lock/subsys/$prog

start() {
        [ -x $exec ] || exit 5

        # Source config
        if [ -f /etc/sysconfig/rsyslog ] ; then
                . /etc/sysconfig/rsyslog
        fi
        umask 077

        echo -n $"Starting system logger: "
        daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch $lockfile
        return $RETVAL
}
stop() {
        echo -n $"Shutting down system logger: "
        killproc $prog
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f $lockfile
        return $RETVAL
}
reload()  {
    RETVAL=1
    syslog=$(cat "${PIDFILE}" 2>/dev/null)
    echo -n "Reloading system logger..."
    if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
        kill -HUP "$syslog";
        RETVAL=$?
    fi
    if [ $RETVAL -ne 0 ]; then
        failure
    else
        success
    fi
    echo
    return $RETVAL
}
rhstatus() {
        status -p "${PIDFILE}" $prog
}
restart() {
        stop
        start
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        restart
        ;;
  reload|force-reload)
        reload
        ;;
  status)
        rhstatus
        ;;
  condrestart|try-restart)
        rhstatus >/dev/null 2>&1 || exit 0
        restart
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart|condrestart|try-restart|reload|force-reload|status}"
        exit 2
esac

exit $?