Osiris
Contributor
- Joined
- Aug 15, 2013
- Messages
- 148
Hi all,
I've seen some rather outdated guides on this topic, so I'm posting my install trajectory again.
As before, I'm posting a total newbguide (as far as noobs use syslog servers) since I'm no expert myself.
I don't have rights to post this in the proper forum section (I suppose one cannot, and that guides are moved there after verification by Jock & colleagues).
I'm handling every aspect of this as the root user of the jail. If you want to use another user, you're on your own to add this 'security'. Obviously you should disable ssh-root access & other stuff, after doing the install.
My current Freenas version is FreeNAS-9.3-STABLE-201503270027
Please test this out & report any issues. I'll doublecheck and update.
This setup is working perfectly for me.
UPDATE 2015-05-27 : You might want to check out kjnicoletti's post first (5 replies down) with a more elaborated approach on the guide. If you need no 'gd' installed in php and LogAnalyzer will be the only readout, I recommend following his guide.
Goal:
a remote syslog server able to receive syslogs from other devices, like my openwrt router, other nasses, etc...
Software used:
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php
http://wiki.rsyslog.com/index.php/HOWTO_:_Rsyslog_+_MySQL_on_FreeBSD
http://www.rsyslog.com/receiving-messages-from-a-remote-system/
http://www.rsyslog.com/doc/ommysql.html
http://tecadmin.net/setup-loganalyzer-with-rsyslog-and-mysql/
How-to Guide
1. The jail
In the Syslog database, the logs will take up approximately 260 bytes per entry.
When logging everything from all servers (so not just the criticals & warnings), this will generate a serious datastream. Keep an eye out. I'm at 100 MB atm and am not noticing any delays so far.
I've seen some rather outdated guides on this topic, so I'm posting my install trajectory again.
As before, I'm posting a total newbguide (as far as noobs use syslog servers) since I'm no expert myself.
I don't have rights to post this in the proper forum section (I suppose one cannot, and that guides are moved there after verification by Jock & colleagues).
I'm handling every aspect of this as the root user of the jail. If you want to use another user, you're on your own to add this 'security'. Obviously you should disable ssh-root access & other stuff, after doing the install.
My current Freenas version is FreeNAS-9.3-STABLE-201503270027
Please test this out & report any issues. I'll doublecheck and update.
This setup is working perfectly for me.
UPDATE 2015-05-27 : You might want to check out kjnicoletti's post first (5 replies down) with a more elaborated approach on the guide. If you need no 'gd' installed in php and LogAnalyzer will be the only readout, I recommend following his guide.
Goal:
a remote syslog server able to receive syslogs from other devices, like my openwrt router, other nasses, etc...
Software used:
- Rsyslog
- Apache 2.4
- Php 5.6
- Mysql 5.6
- phpMyAdmin
- Adiscon LogAnalyzer
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php
http://wiki.rsyslog.com/index.php/HOWTO_:_Rsyslog_+_MySQL_on_FreeBSD
http://www.rsyslog.com/receiving-messages-from-a-remote-system/
http://www.rsyslog.com/doc/ommysql.html
http://tecadmin.net/setup-loganalyzer-with-rsyslog-and-mysql/
How-to Guide
1. The jail
- Create a standard jail. Mine is called syslog.
- Open a shell via the FreeNas gui (or jls command line).
- edit the startup config
Code:vi /etc/rc.conf
- Change or add the following lines
Code:sshd_enable="YES" hostname="syslog" syslogd_enable="NO" rsyslogd_enable="YES" mysql_enable="YES" rsyslogd_pidfile="/var/run/syslog.pid" apache24_enable="YES"
- Edit sshd_config and set permit root login to yes
Code:vi /etc/ssh/sshd_config
Code:PermitRootLogin yes
- Change the root password from the autogenerated one.
Code:passwd root
- Start the ssh daemon
Code:service sshd start
- Update the ports tree & package mgr
Code:portsnap fetch extract cd /usr/ports/ports-mgmt/pkg && make deinstall clean cd /usr/ports/ports-mgmt/pkg && make install clean BATCH=yes pkg update pkg upgrade cd /usr/ports/lang/perl5.20/ && make install clean BATCH=yes cd /usr/ports/misc/help2man && make install clean
U might have to deinstall the previous perl version first. Do this after the pkg upgrade.
Optional:
Code:cd /usr/ports/ftp/wget && make install clean BATCH=yes
- install the webserver
Code:cd /usr/ports/www/apache24 && make install clean BATCH=yes cd /usr/ports/lang/php56/ && make install clean BATCH=yes cd /usr/ports/www/php56-session/ && make install clean BATCH=yes cd /usr/ports/graphics/php56-gd && make install clean BATCH=yes cd /usr/ports/www/mod_php56 && make install clean BATCH=yes cd /usr/ports/converters/php56-mbstring && make install clean BATCH=yes cd /usr/ports/devel/php56-json && make install clean BATCH=yes
- install the database & phpmyadmin
Code:cd /usr/ports/databases/php56-mysql && make install clean BATCH=yes cd /usr/ports/databases/mysql56-server/ && make install clean BATCH=yes cd /usr/ports/databases/phpmyadmin && make install clean BATCH=yes ln -s /usr/local/www/phpMyAdmin /usr/local/www/apache24/data/phpMyAdmin
for phpMyAdmin, I didn't do BATCH=yes rightaway, I added the pdf integration using 'make config' first. This will also pull openjdk into the install and take up aeons of time and a massive amount of memory.
- Set a root pass
Code:service mysql-server status vi ~/mysql-init.txt
The textfile should have the following content. Adapt the password accordingly.
Code:SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');
Code:service mysql-server stop mysqld_safe --init-file=/root/mysql-init.txt service mysql-server start
- Adapt httpd.conf (most of this needs to be added)
Code:vi /usr/local/etc/apache24/httpd.conf
Code:ServerName syslogserver.local <IfModule dir_module> DirectoryIndex index.php index.html </IfModule> <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> LoadModule php5_module libexec/apache24/libphp5.so AddType application/x-httpd-php-source .phps AddType application/x-httpd-php .php .htm .html Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/" <Directory "/usr/local/www/phpMyAdmin/"> Options None AllowOverride Limit Require local Require host .syslog </Directory>
- Adapt php.ini
Code:vi /usr/local/etc/php.ini
Code:extension=php_mbstring.dll extension=php_mysqli.dll
- Install the port
Code:cd /usr/ports/sysutils/rsyslog8 && make install clean BATCH=yes
- Inject a database & tables (via phpmyadmin OR mysql -u root -p)
Code:create database loganalyzer;
Code:create database Syslog;
Code:USE Syslog;
Code:CREATE TABLE SystemEvents ( ID int unsigned not null auto_increment primary key, CustomerID bigint, ReceivedAt datetime NULL, DeviceReportedTime datetime NULL, Facility smallint NULL, Priority smallint NULL, FromHost varchar(60) NULL, Message text, NTSeverity int NULL, Importance int NULL, EventSource varchar(60), EventUser varchar(60) NULL, EventCategory int NULL, EventID int NULL, EventBinaryData text NULL, MaxAvailable int NULL, CurrUsage int NULL, MinUsage int NULL, MaxUsage int NULL, InfoUnitID int NULL , SysLogTag varchar(60), EventLogType varchar(60), GenericFileName VarChar(60), SystemID int NULL );
Code:CREATE TABLE SystemEventsProperties ( ID int unsigned not null auto_increment primary key, SystemEventID int NULL , ParamName varchar(255) NULL , ParamValue text NULL );
- Allow root to connect (grant all privileges on Syslog.* to 'sysloguser'@'%' identified by 'syslogpass' with grant option)
Code:grant all privileges on Syslog.* to 'root'@'%' identified by 'yourpassword' with grant option
- enable the use of service rsyslog
Code:ln -s /usr/local/etc/rc.d/rsyslogd /etc/rc.d/rsyslog
- Configure rsyslog
Code:vi /usr/local/etc/rsyslog.conf
Code:$ModLoad immark # provides --MARK-- message capability $ModLoad imuxsock # provides support for local system logging $ModLoad ommysql # load MySQL functionality $AllowedSender UDP, 10.10.0.0/16 # depends on your lan/subnet obviously # for TCP use: module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") # for UDP use: module(load="imudp") # needs to be done just once input(type="imudp" port="514") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $RepeatedMsgReduction on $WorkDirectory /var/spool/rsyslog $FileOwner root $FileGroup wheel $FileCreateMode 0777 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser root $PrivDropToGroup wheel $IncludeConfig /etc/rsyslog.d/*.conf *.* :ommysql:127.0.0.1,Syslog,root,yourpassword
- Code:
cd /usr/ports/sysutils/loganalyzer && make install clean DEFAULT_VERSIONS=php=56 ln -s /usr/local/www/loganalyzer /usr/local/www/apache24/data/loganalyzer touch /usr/local/www/loganalyzer/config.php chmod 777 /usr/local/www/loganalyzer/config.php
- Now browse to http://your.syslog.server.jail/loganalyzer and follow the install instructions.
Issues:
1. I had to enable userless login and add the user to the database manually after.
Create a user using phpMyAdmin or use 'mysql -u root -p'
Code:USE Syslog; INSERT INTO `loganalyzer`.`logcon_users` (`ID`, `username`, `password`, `is_admin`, `is_readonly`, `last_login`) VALUES (NULL, 'loganalyzer', MD5('yourloganalyzerpass'), '1', '0', '1');
Change the config manually
Code:vi /usr/local/www/apache24/data/loganalyzer/config.php
Code:$CFG['UserDBLoginRequired'] = true; $CFG['UserDBAuthMode'] = 0; // USERDB_AUTH_INTERNAL means LogAnalyzer Internal Auth
2. Special symbols in database account password (so for me the root password) screw up the loganalyzer install.
I added another db user and did the install. Afterwards I changed the generated config.php file with vi so it uses the root user with that special password.
- restart rsyslog
Code:service rsyslog restart
- Either use code, or use the phpMyAdmin gui
Code:CREATE EVENT `cleanup_SystemEvents` ON SCHEDULE EVERY 1 DAY STARTS '2015-04-22 04:40:00.000000' ON COMPLETION PRESERVE ENABLE DO DELETE FROM SystemEvents WHERE ReceivedAt < DATE_SUB(NOW(), INTERVAL 3 MONTH) CREATE EVENT `optimize_SystemEvents` ON SCHEDULE EVERY 1 DAY STARTS '2015-04-22 04:55:00.000000' ON COMPLETION PRESERVE ENABLE DO OPTIMIZE TABLE SystemEvents;
- Enable the mysql event scheduler. I used the phpMyAdmin gui. I Don't have the command for that.
- You might check if these lines work outside of the event schedule
In the Syslog database, the logs will take up approximately 260 bytes per entry.
When logging everything from all servers (so not just the criticals & warnings), this will generate a serious datastream. Keep an eye out. I'm at 100 MB atm and am not noticing any delays so far.
Last edited: