[How to] install a syslog server jail

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
Hi all,
I've seen some rather outdated guides on this topic, so I'm posting my install trajectory again.
As before, I'm posting a total newbguide (as far as noobs use syslog servers) since I'm no expert myself.
I don't have rights to post this in the proper forum section (I suppose one cannot, and that guides are moved there after verification by Jock & colleagues).

I'm handling every aspect of this as the root user of the jail. If you want to use another user, you're on your own to add this 'security'. Obviously you should disable ssh-root access & other stuff, after doing the install.
My current Freenas version is FreeNAS-9.3-STABLE-201503270027
Please test this out & report any issues. I'll doublecheck and update.
This setup is working perfectly for me.

UPDATE 2015-05-27 : You might want to check out kjnicoletti's post first (5 replies down) with a more elaborated approach on the guide. If you need no 'gd' installed in php and LogAnalyzer will be the only readout, I recommend following his guide.

Goal:
a remote syslog server able to receive syslogs from other devices, like my openwrt router, other nasses, etc...

Software used:
  • Rsyslog
  • Apache 2.4
  • Php 5.6
  • Mysql 5.6
  • phpMyAdmin
  • Adiscon LogAnalyzer
Main Sources:
http://www.freebsdmadeeasy.com/tutorials/web-server/install-php-5-for-web-hosting.php
http://wiki.rsyslog.com/index.php/HOWTO_:_Rsyslog_+_MySQL_on_FreeBSD
http://www.rsyslog.com/receiving-messages-from-a-remote-system/
http://www.rsyslog.com/doc/ommysql.html
http://tecadmin.net/setup-loganalyzer-with-rsyslog-and-mysql/

How-to Guide

1. The jail
  • Create a standard jail. Mine is called syslog.
  • Open a shell via the FreeNas gui (or jls command line).
  • edit the startup config
    Code:
    vi /etc/rc.conf
  • Change or add the following lines
    Code:
    sshd_enable="YES"
    hostname="syslog"
    syslogd_enable="NO"
    rsyslogd_enable="YES"
    mysql_enable="YES"
    rsyslogd_pidfile="/var/run/syslog.pid"
    apache24_enable="YES"
  • Edit sshd_config and set permit root login to yes
    Code:
    vi /etc/ssh/sshd_config

    Code:
    PermitRootLogin yes
  • Change the root password from the autogenerated one.
    Code:
    passwd root
  • Start the ssh daemon
    Code:
    service sshd start
2. Basic ports
  • Update the ports tree & package mgr
    Code:
    portsnap fetch extract
    cd /usr/ports/ports-mgmt/pkg && make deinstall clean
    cd /usr/ports/ports-mgmt/pkg && make install clean BATCH=yes
    pkg update
    pkg upgrade
    cd /usr/ports/lang/perl5.20/ && make install clean BATCH=yes
    cd /usr/ports/misc/help2man && make install clean

    U might have to deinstall the previous perl version first. Do this after the pkg upgrade.
    Optional:
    Code:
    cd /usr/ports/ftp/wget && make install clean BATCH=yes
  • install the webserver
    Code:
    cd /usr/ports/www/apache24 && make install clean BATCH=yes
    cd /usr/ports/lang/php56/ && make install clean BATCH=yes
    cd /usr/ports/www/php56-session/ && make install clean BATCH=yes
    cd /usr/ports/graphics/php56-gd && make install clean BATCH=yes
    cd /usr/ports/www/mod_php56 && make install clean BATCH=yes
    cd /usr/ports/converters/php56-mbstring && make install clean BATCH=yes
    cd /usr/ports/devel/php56-json && make install clean BATCH=yes
  • install the database & phpmyadmin
    Code:
    cd /usr/ports/databases/php56-mysql && make install clean BATCH=yes
    cd /usr/ports/databases/mysql56-server/ && make install clean BATCH=yes
    cd /usr/ports/databases/phpmyadmin && make install clean BATCH=yes
    ln -s /usr/local/www/phpMyAdmin /usr/local/www/apache24/data/phpMyAdmin

    for phpMyAdmin, I didn't do BATCH=yes rightaway, I added the pdf integration using 'make config' first. This will also pull openjdk into the install and take up aeons of time and a massive amount of memory.
3. Webserver configuration
  • Set a root pass
    Code:
    service mysql-server status
    vi ~/mysql-init.txt

    The textfile should have the following content. Adapt the password accordingly.
    Code:
    SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');

    Code:
    service mysql-server stop
    mysqld_safe --init-file=/root/mysql-init.txt
    service mysql-server start
  • Adapt httpd.conf (most of this needs to be added)
    Code:
    vi /usr/local/etc/apache24/httpd.conf

    Code:
    ServerName syslogserver.local
    
    <IfModule dir_module>
            DirectoryIndex index.php index.html
    </IfModule>
    
    <FilesMatch "\.php$">
         SetHandler application/x-httpd-php
    </FilesMatch>
    <FilesMatch "\.phps$">
         SetHandler application/x-httpd-php-source
    </FilesMatch>
    
    LoadModule php5_module  libexec/apache24/libphp5.so
    
    AddType application/x-httpd-php-source .phps
    AddType application/x-httpd-php .php .htm .html
    
    Alias /phpmyadmin/ "/usr/local/www/phpMyAdmin/"
    <Directory "/usr/local/www/phpMyAdmin/">
      Options None
      AllowOverride Limit
      Require local
      Require host .syslog
    </Directory>
  • Adapt php.ini
    Code:
    vi /usr/local/etc/php.ini

    Code:
    extension=php_mbstring.dll
    extension=php_mysqli.dll
4. RSysLog

  • Install the port
    Code:
    cd /usr/ports/sysutils/rsyslog8 && make install clean BATCH=yes
  • Inject a database & tables (via phpmyadmin OR mysql -u root -p)
    Code:
       create database loganalyzer;

    Code:
       create database Syslog;

    Code:
       USE Syslog;

    Code:
       CREATE TABLE SystemEvents
       (
           ID int unsigned not null auto_increment primary key,
           CustomerID bigint,
           ReceivedAt datetime NULL,
           DeviceReportedTime datetime NULL,
           Facility smallint NULL,
           Priority smallint NULL,
           FromHost varchar(60) NULL,
           Message text,
           NTSeverity int NULL,
           Importance int NULL,
           EventSource varchar(60),
           EventUser varchar(60) NULL,
           EventCategory int NULL,
           EventID int NULL,
           EventBinaryData text NULL,
           MaxAvailable int NULL,
           CurrUsage int NULL,
           MinUsage int NULL,
           MaxUsage int NULL,
           InfoUnitID int NULL ,
           SysLogTag varchar(60),
           EventLogType varchar(60),
           GenericFileName VarChar(60),
           SystemID int NULL
       );

    Code:
       CREATE TABLE SystemEventsProperties
       (
           ID int unsigned not null auto_increment primary key,
           SystemEventID int NULL ,
           ParamName varchar(255) NULL ,
           ParamValue text NULL
       );
    
  • Allow root to connect (grant all privileges on Syslog.* to 'sysloguser'@'%' identified by 'syslogpass' with grant option)
    Code:
    grant all privileges on Syslog.* to 'root'@'%' identified by 'yourpassword' with grant option
  • enable the use of service rsyslog
    Code:
    ln -s /usr/local/etc/rc.d/rsyslogd /etc/rc.d/rsyslog
  • Configure rsyslog
    Code:
    vi /usr/local/etc/rsyslog.conf

    Code:
       $ModLoad immark  # provides --MARK-- message capability
       $ModLoad imuxsock  # provides support for local system logging
       $ModLoad ommysql  # load MySQL functionality
       $AllowedSender UDP, 10.10.0.0/16 # depends on your lan/subnet obviously
       # for TCP use:
       module(load="imtcp") # needs to be done just once
       input(type="imtcp" port="514")
       # for UDP use:
       module(load="imudp") # needs to be done just once
       input(type="imudp" port="514")
    
       $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
       $RepeatedMsgReduction on
       $WorkDirectory /var/spool/rsyslog
       $FileOwner root
       $FileGroup wheel
       $FileCreateMode 0777
       $DirCreateMode 0755
       $Umask 0022
       $PrivDropToUser root
       $PrivDropToGroup wheel
       $IncludeConfig /etc/rsyslog.d/*.conf
       *.*  :ommysql:127.0.0.1,Syslog,root,yourpassword
5. Loganalyzer
  • Code:
    cd /usr/ports/sysutils/loganalyzer && make install clean DEFAULT_VERSIONS=php=56
    ln -s /usr/local/www/loganalyzer /usr/local/www/apache24/data/loganalyzer
    touch /usr/local/www/loganalyzer/config.php
    chmod 777 /usr/local/www/loganalyzer/config.php
  • Now browse to http://your.syslog.server.jail/loganalyzer and follow the install instructions.

    Issues:

    1. I had to enable userless login and add the user to the database manually after.

    Create a user using phpMyAdmin or use 'mysql -u root -p'
    Code:
    USE Syslog;
    INSERT INTO `loganalyzer`.`logcon_users` (`ID`, `username`, `password`, `is_admin`, `is_readonly`, `last_login`) VALUES (NULL, 'loganalyzer', MD5('yourloganalyzerpass'), '1', '0', '1');

    Change the config manually
    Code:
    vi /usr/local/www/apache24/data/loganalyzer/config.php

    Code:
    $CFG['UserDBLoginRequired'] = true;
    $CFG['UserDBAuthMode'] = 0;  // USERDB_AUTH_INTERNAL means LogAnalyzer Internal Auth


    2. Special symbols in database account password (so for me the root password) screw up the loganalyzer install.

    I added another db user and did the install. Afterwards I changed the generated config.php file with vi so it uses the root user with that special password.

  • restart rsyslog
    Code:
    service rsyslog restart
6. Automatic log cleanup
  • Either use code, or use the phpMyAdmin gui
    Code:
    CREATE EVENT `cleanup_SystemEvents` ON SCHEDULE EVERY 1 DAY STARTS '2015-04-22 04:40:00.000000' ON COMPLETION PRESERVE ENABLE DO DELETE FROM SystemEvents WHERE ReceivedAt < DATE_SUB(NOW(), INTERVAL 3 MONTH)
    CREATE EVENT `optimize_SystemEvents` ON SCHEDULE EVERY 1 DAY STARTS '2015-04-22 04:55:00.000000' ON COMPLETION PRESERVE ENABLE DO OPTIMIZE TABLE SystemEvents;


    upload_2015-4-21_17-22-49.png


  • Enable the mysql event scheduler. I used the phpMyAdmin gui. I Don't have the command for that.
    upload_2015-4-21_17-22-24.png


  • You might check if these lines work outside of the event schedule
    upload_2015-4-21_17-21-35.png
7. Result (sorry about the blurfest)

In the Syslog database, the logs will take up approximately 260 bytes per entry.
When logging everything from all servers (so not just the criticals & warnings), this will generate a serious datastream. Keep an eye out. I'm at 100 MB atm and am not noticing any delays so far.

upload_2015-4-21_21-22-50.png
 
Last edited:

norskman

Contributor
Joined
Sep 28, 2012
Messages
149
Can you expand point 5.1 a bit more. I followed everything - this was a very good guide. But now I cannot login into the system! I have the front page. I suspect that I need to add a user with a valid password. I don;t know how to do this.

Otherwise this is a very good.
 

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
I updated the guide.
Could you verify this please?

Thanks for this fast test, btw
 
Last edited:

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148

kjnicoletti

Cadet
Joined
May 2, 2015
Messages
9
First, let me say thank you. Without this write up, I most likely never would got my syslog server up and running.

That said (I hope this doesn't offend you) I found your instructions confusing - there are a lot of unnecessary steps and some steps that didn't work at all. Steps to configure phpMyAdmin and LogAnalyzer seem to be left out all together. In the interest of helping out, here are my streamlined instructions based off your writeup. I have tested these instructions extensively in a VM with the latest FreeBSD stable install ISO. My steps below follow your concept of a "total newbguide"


Overview:
  • Install AMP (Apache / MySQL / PHP / and optionally PHPMyAdmin )
  • Replace syslogd with rsyslogd - configure rsyslogd to send events to MySQL
  • Install LogAnalyzer - configure LogAnalyzer to pull events from MySQL
An AMP server is the basis for many packages in the *nix world, so these instructions may help you for other projects as well. https://en.wikipedia.org/wiki/LAMP_(software_bundle)

You should have FreeNAS jail root and jail IP configuration defined properly before following these instructions http://doc.freenas.org/9.3/freenas_jails.html#jails-configuration

Jail Setup:
Create jail named syslog in FreeNAS Web GUI, accept all the default settings
ssh to FreeNAS
find the JID for syslog and switch to the jail
Code:
jls
jexec {JID} tcsh

You should have a "root@syslog:/ #" prompt now

(Optional) Install nano (feel free to use the text editor of your choice)
Code:
pkg install -y nano


(Optional) Enable ssh directly to the jail
Code:
nano /etc/rc.conf

change line to sshd_enable="YES"
remove duplicate "hostname=syslog"

Code:
nano /etc/ssh/sshd_config

uncomment and change line to "PermitRootLogin yes"

change jail root password, in this tutorial I will use qazWSX for the password
Code:
passwd root


start the ssh daemon
Code:
service sshd start


ssh to syslog jail directly​
Fetch the latest ports repository and extract
Code:
portsnap fetch extract
Install Apache
Apache is a popular open source web server
Code:
cd /usr/ports/www/apache24 && make install clean BATCH=yes

Configure Apache to run at boot
Code:
echo 'apache24_enable="YES"' >> /etc/rc.conf

Start Apache
Code:
service apache24 start

The error "Could not reliably determine the server's fully qualified domain name" is normal at this point
Test connection to http://{jail IP address}
You should see "It Works!" web page

Configure Apache
Code:
nano /usr/local/etc/apache24/httpd.conf

Find these lines and change them
Code:
ServerName syslogserver.local
DirectoryIndex index.html index.php

Add these lines to end of the file
Code:
<FilesMatch "\.php$">
  SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
  SetHandler application/x-httpd-php-source
</FilesMatch>

Alias /phpmyadmin "/usr/local/www/phpMyAdmin"

<Directory "/usr/local/www/phpMyAdmin">
Options None
AllowOverride None
Require all granted
</Directory>

Save the file and exit nano. Restart Apache
Code:
service apache24 restart

The error "Could not reliably determine the server's fully qualified domain name" goes away​

Install MySQL
MySQL is a popular open source database server
Code:
cd /usr/ports/databases/mysql56-server && make install clean BATCH=yes

Configure MySQL to run at boot
Code:
echo 'mysql_enable="YES"' >> /etc/rc.conf

Start MySQL
Code:
service mysql-server start

Add a root user to MySQL. MySQL logins are separate from FreeBSD logins, so this could be completely different. For this tutorial I am keeping it the user name and password as the OS login. Feel free to substitute your own password
Code:
/usr/local/bin/mysqladmin -u root password 'qazWSX'

Install PHP

PHP is a server-side scripting language for web development
Code:
cd /usr/ports/lang/php56 && make install clean BATCH=yes
cd /usr/ports/www/mod_php56 && make install clean BATCH=yes
cd /usr/ports/databases/php56-pdo_mysql && make install clean BATCH=yes


Configure PHP
Copy the sample configuration ini and modify it
Code:
cp /usr/local/etc/php.ini-development /usr/local/etc/php.ini
nano /usr/local/etc/php.ini

Find these lines about halfway through the file. Uncomment and modify them. You should use your own timezone https://php.net/manual/en/timezones.php
Code:
extension=php_mbstring.so
extension=php_pdo_mysql.so
date.timezone = America/Chicago

Test PHP
Create a new file
Code:
nano /usr/local/www/apache24/data/test.php

Add these lines to the file
Code:
<?php
phpinfo();
?>

Restart Apache
Code:
service apache24 restart

Test connection to http://{jail IP address}/test.php
You should see a detailed information page on Apache and PHP​

(Optional) Install phpMyAdmin
phpMyAdmin is a graphic interface to administer MySQL. It's not necessary for this tutorial, but may be useful later. You can also skip this for now and install it later.
Code:
cd /usr/ports/databases/phpmyadmin/ && make install clean BATCH=yes

Configure phpMyAdmin
Code:
mkdir /usr/local/www/phpMyAdmin/config && chmod o+w /usr/local/www/phpMyAdmin/config
chmod o+r /usr/local/www/phpMyAdmin/config.inc.php
service apache24 restart

  • Open http://{jail IP address}/phpmyadmin/setup
  • Select "New server"
  • Select the "Authentication" tab
  • Under the "Authentication type" choose "http" from the drop-down list (using HTTP-Auth to sign-in into phpMyAdmin will avoid storing login/password credentials directly in config.inc.php)
  • Remove "root" from the "User for config auth"
  • Select "Apply"
  • You will be returned you to the Overview page where you should see a new server listed
  • Select “Save” in the Overview page
  • Saves configuration as /usr/local/www/phpMyAdmin/config/config.inc.php
  • Move newly created config so php uses it
Code:
mv /usr/local/www/phpMyAdmin/config/config.inc.php /usr/local/www/phpMyAdmin/

Open http://{jail IP address}/phpmyadmin/ and login to test ( root / qazWSX )

Config directory is no longer needed. Remove it, as well as the read permission added previously
Code:
rm -r /usr/local/www/phpMyAdmin/config
chmod o-r /usr/local/www/phpMyAdmin/config.inc.php

Install rsyslog
rsyslog is a drop in replacement for syslog with additional features
Code:
cd /usr/ports/sysutils/rsyslog8 && make install clean

Select "MYSQL - MySQL output module for rsyslog" and then select "OK", accept defaults for all other options

Replace syslogd with rsyslogd
Code:
/etc/rc.d/syslogd stop
echo 'syslogd_enable="NO"' >> /etc/rc.conf
echo 'rsyslogd_enable="YES"' >> /etc/rc.conf
ln -s /usr/local/etc/rc.d/rsyslogd /etc/rc.d/rsyslog


Create the rsyslog database
Code:
mysql -u root -p

enter password qazWSX
In the mysql> prompt, enter the following commands (change the password on the last line if you are not using qazWSX
Code:
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
  ID int unsigned not null auto_increment primary key,
  CustomerID bigint,
  ReceivedAt datetime NULL,
  DeviceReportedTime datetime NULL,
  Facility smallint NULL,
  Priority smallint NULL,
  FromHost varchar(60) NULL,
  Message text,
  NTSeverity int NULL,
  Importance int NULL,
  EventSource varchar(60),
  EventUser varchar(60) NULL,
  EventCategory int NULL,
  EventID int NULL,
  EventBinaryData text NULL,
  MaxAvailable int NULL,
  CurrUsage int NULL,
  MinUsage int NULL,
  MaxUsage int NULL,
  InfoUnitID int NULL ,
  SysLogTag varchar(60),
  EventLogType varchar(60),
  GenericFileName VarChar(60),
  SystemID int NULL
);
CREATE TABLE SystemEventsProperties
(
  ID int unsigned not null auto_increment primary key,
  SystemEventID int NULL ,
  ParamName varchar(255) NULL ,
  ParamValue text NULL
);
grant all privileges on Syslog.* to 'root'@'%' identified by 'qazWSX' with grant option;

ctrl-c to quit mysql

Configure rsyslog
Code:
nano /usr/local/etc/rsyslog.conf

paste following into the new, blank file
change the subnet on line 4 to match your network
change the password on the last line if you are not using qazWSX
Code:
$ModLoad immark  # provides --MARK-- message capability
$ModLoad imuxsock  # provides support for local system logging
$ModLoad ommysql  # load MySQL functionality
$AllowedSender UDP, 192.168.1.0/24 # depends on your subnet obviously
# for TCP use:
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
# for UDP use:
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$RepeatedMsgReduction on
$WorkDirectory /var/spool/rsyslog
$FileOwner root
$FileGroup wheel
$FileCreateMode 0777
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser root
$PrivDropToGroup wheel
$IncludeConfig /etc/rsyslog.d/*.conf
*.*  :ommysql:127.0.0.1,Syslog,root,qazWSX


Start rsyslog check to see it is working
Code:
service rsyslog start
mysql -u root -p

enter the password qazWSX

enter the following query
Code:
USE Syslog;
SELECT * FROM SystemEvents;

(should get back 3-4 records)
ctrl-c to quit mysql​

Install LogAnalyzer
LogAnalyzer is a web interface for browsing the syslog server database
Code:
cd /usr/ports/sysutils/loganalyzer && make install clean DEFAULT_VERSIONS=php=56

Select "PHP_MYSQL - MySQL database support (PHP extension)" and then select "OK", accept defaults for all other options

Create a symbolic link for LogAnalyzer in Apache
Code:
ln -s /usr/local/www/loganalyzer /usr/local/www/apache24/data/loganalyzer


Configure LogAnalyzer
Create the config file, make it writeable
Code:
touch /usr/local/www/loganalyzer/config.php
chmod 666 /usr/local/www/loganalyzer/config.php

Restart Apache
Code:
service apache24 restart

Open the configuration wizard at http://{jail IP address}/loganalyzer
Click the link "Click here to install Adiscon LogAnalyzer"
During the setup wizard, ignore the error lines "Deprecated: preg_replace(): The /e modifier is deprecated...", scroll all the way down to the bottom and you will see the configuration wizard
Select "Next" until you get to "First Syslog Source"

"First Syslog Source"
  • Set "Name of the Source" to "MySQL Syslog Database"
  • Set "Source Type" to "Database (PDO)"
  • Leave "Select View" set to "Syslog Fields" (the default setting)
  • Leave "Database Storage Engine" set to "Mysql Server" (the default setting)
  • Leave "Table type" set to "MonitorWare" (the default setting)
  • Leave "Database Host" set to "localhost" (the default setting)
  • Set "Database Name" to "Syslog"
  • Set "Database Tablename" to "SystemEvents"
  • Set "Database User" to "root"
  • Set "Database Password" to "qazWSX"
  • Leave "Enable Row Counting" set to "No" (the default setting)
  • Select "Next"
  • Select "Finish" and you should see a working LogAnalyzer page and no "Deprecated" errors
At this point, I recommend adding log cleanup jobs as explained in the OP, section 6

Again, thanks for your OP, this is just meant to compliment the OP and make it easier for someone who has limited knowledge of installing and configuring FreeBSD ports.
 
Last edited:

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
None taken, kjnicoletti.
Your updated version of the guide looks nice.
I'll update my first post and refer to yours.
 

Scharbag

Guru
Joined
Feb 1, 2012
Messages
620
Of course I have no luck with Apache...

Code:
===>  Checking if p5-Locale-gettext already installed
===>   Registering installation for p5-Locale-gettext-1.05_4 as automatic
pkg-static: Unable to access file /usr/ports/devel/p5-Locale-gettext/work/stage/usr/local/lib/perl5/site_perl/mach/5.16/auto/Locale/gettext/gettext.so: No such file or directory
pkg-static: Unable to access file /usr/ports/devel/p5-Locale-gettext/work/stage/usr/local/lib/perl5/site_perl/mach/5.16/Locale/gettext.pm: No such file or directory
pkg-static: Unable to access file /usr/ports/devel/p5-Locale-gettext/work/stage/usr/local/lib/perl5/site_perl/man/man3/Locale::gettext.3.gz: No such file or directory
*** [fake-pkg] Error code 74

Stop in /usr/ports/devel/p5-Locale-gettext.
*** [build-depends] Error code 1

Stop in /usr/ports/misc/help2man.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/autoconf.
*** [build-depends] Error code 1

Stop in /usr/ports/www/apache24.


Fuddle de dee...
 

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
Of course I have no luck with Apache...
Fuddle de dee...
Did you upgrade pkg?
Code:
portsnap fetch extract
cd /usr/ports/ports-mgmt/pkg && make deinstall clean
cd /usr/ports/ports-mgmt/pkg && make install clean BATCH=yes
pkg update
pkg upgrade
 

Scharbag

Guru
Joined
Feb 1, 2012
Messages
620
Worked. Not sure what I did differently the second time.

Thank you.
 

Grasfer

Dabbler
Joined
Jun 19, 2015
Messages
11
Thanks for the guide. What would be the best way to log all my jails to this server?

Edit /etc/syslog.conf and add *.* @syslogip ?
 

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
Grasfer, u already gave the answer to your own question.
I like those.

1 more remark: set a decay on that database to only keep the last x days, weeks or month OR only log the bare minimum to the syslog server.
I dropped all log info from all jails, nasses & desktops to that syslog jail & it generated 42.000.000 entries in the mysql table in about 3 months.
Requesting the status became extremely slow, as you can imagine.
 

Aberu

Cadet
Joined
Jan 30, 2015
Messages
6
Getting a syntax error in phpMyAdmin from the 'optimize_systemevents' event both at command line and in the GUI. Can you confirm this works on your end with a screenshot of this event's edit screen from your end?

Nevermind, it randomly worked after I tried it a few more times more carefully, don't know what I was doing wrong honestly.
 

GrumpyBear

Contributor
Joined
Jan 28, 2015
Messages
141
...I dropped all log info from all jails, nasses & desktops to that syslog jail & it generated 42.000.000 entries in the mysql table in about 3 months.
Requesting the status became extremely slow, as you can imagine.
We usually refer to this as "pruning" at work and use some special scripts to remove certain entries at or below certain severities from logs.
The fact that logalyzer works with these small data rates on a Virtual machine in a jail is just impressive.
 

Visseroth

Guru
Joined
Nov 4, 2011
Messages
546
Why not just make a plugin and have it posted???
Don't get me wrong, it's not that I'm ungrateful but I've spent all morning (the past 10 hours) trying to get this installed and just hit a wall because I am NOT that savy with mysql or scripting, really hardly any of this.
Now that I've hit a wall, rather then spend MANY more hours trying to figure out what I did wrong I'm going to blow the install away and start over.... again


Somedays I just ask myself why...........
 

Visseroth

Guru
Joined
Nov 4, 2011
Messages
546
Configure PHP
Copy the sample configuration ini and modify it

I'm not seeing
  • extension=php_mbstring.so
  • extension=php_pdo_mysql.so

I'm seeing

;extension=php_bz2.dll
;extension=php_curl.dll
;extension=php_fileinfo.dll
;extension=php_gd2.dll
;extension=php_gettext.dll
;extension=php_gmp.dll
;extension=php_intl.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_ldap.dll
;extension=php_mbstring.dll
;extension=php_exif.dll ; Must be after mbstring as it depends on it
;extension=php_mysql.dll
;extension=php_mysqli.dll
;extension=php_oci8_12c.dll ; Use with Oracle Database 12c Instant Client
;extension=php_openssl.dll
;extension=php_pdo_firebird.dll
;extension=php_pdo_mysql.dll
;extension=php_pdo_oci.dll
;extension=php_pdo_odbc.dll
;extension=php_pdo_pgsql.dll
;extension=php_pdo_sqlite.dll
;extension=php_pgsql.dll
;extension=php_shmop.dll

do the quotes mean it's commented out? I'm used to seeing '#'
 

Visseroth

Guru
Joined
Nov 4, 2011
Messages
546
ok, I figured out the comments. I did indeed remove the ';'

But I'm not sure about step 6.

I logged into mysql after adding the scheduled tasks via the gui and put in 'use Syslog;' and received a output of,

Code:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed


Is that correct or is something wrong?


My second question is... Would it be possible to setup a email alert notification. Something that sends an email when it get's a matched string?
 

Visseroth

Guru
Joined
Nov 4, 2011
Messages
546
Oh, and I pointed a couple devices at it and received... (See Attached)

And going to http://{jail IP address}/
gives me "It works!"
 

Attachments

  • Error.JPG
    Error.JPG
    17.3 KB · Views: 923

Osiris

Contributor
Joined
Aug 15, 2013
Messages
148
Visseroth, I have no idea why you're getting disallowed sender messages.
Neither do I see why you're arriving at the standard index.php page.

By now, I would do the whole php webserver thing differently, probably using portmaster.
Then again, I created a webserver jail template that I can start from (see other guide).
 
Joined
Mar 6, 2014
Messages
686
Thanks for this howto! I got it up and running very easy! The only remark: we're now at MySQL version 5.7

I ran into some password problem for the MySQL root user. I got that fixed using this: http://stackoverflow.com/questions/...tlocalhost-using-passwordno/23924870#23924870 steps 1-4 then use the ps command to get the PID of the mysqld_safe process and use the command
kill -KILL [PID of mysqld_safe] and then service mysql stop (just to be sure) and finally service mysql start. If you then type mysql -u root -p [ENTER] you can login with the newly created password

I now got (besided the local host / jail) my FreeNAS server logging to this jail, and also my switch. Now i'm just having a hard time getting my pfSense box to do the same. Let's try their forums once again, maybe it's my lucky day :)

Anyway, good write-up, thanks!
 
Top