Enabling log monitoring to a syslog server.

Even though the development of external monitoring services like New Relic or Loggly is good, but still a centralized syslog server remains to be the most practical answer in most cases to deal with the evolving demands of checking services and system databases etc on  linux server environment…….. This post will take a step-by-step of creating a Linux-based syslog server environment. Even if this appears like a daunting procedure, the truth is it should take less than ten minutes to configure and it will be easy to understand once we are through with this posting.

First install syslog-ng server

# yum install epel-release
# yum install mariadb-server syslog-ng httpd php php-mysql
syslog-ng-lbidbi libdbi-drivers libdbi-devel libdbi-dbd-mysql

MySQL configuration

After you’ve got packages installed, proceed to start the MariaDB service, and run mysql_secure_installation to put together your install. Next, build a database to log to, and create a username and password account information to the database.

 USE 'your-syslog-database-name';
 CREATE TABLE `logs` (
 `host` varchar(32) DEFAULT NULL,
 `facility` varchar(10) DEFAULT NULL,
 `priority` varchar(10) DEFAULT NULL,
 `level` varchar(10) DEFAULT NULL,
 `tag` varchar(10) DEFAULT NULL,
 `datetime` datetime DEFAULT NULL,
 `program` varchar(15) DEFAULT NULL,
 `msg` text,
 `seq` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
 PRIMARY KEY (`seq`),
 KEY `host` (`host`),
 KEY `program` (`program`),
 KEY `datetime` (`datetime`),
 KEY `priority` (`priority`),
 KEY `facility` (`facility`)

Once you are done edit the /etc/syslog-ng/conf.d/mysql.conf: which will look
like the next configuration file;

source s_mysql { udp(port(514)); tcp(port(514)); }; destination d_mysql { sql(type(mysql) host("localhost") username("your-mysql-syslog-user-name") password("your-mysql-syslog-password") database("your-mysql-syslog-database-name") table("logs") columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg") values("$HOST", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG","$YEAR- $MONTH-$DAY $HOUR:$MIN:$SEC","$PROGRAM", "$MSG") indexes("datetime", "host", "program", "msg") ); }; destination d_file { file("/var/log/syslog/$HOST" template("$FULLDATE $MSGHDR$MSG\n") template_escape(no) ); }; filter f_level { level(warning..emerg); }; log { source(s_mysql); filter(f_level); destination(d_mysql); }; log { source(s_sys); filter(f_level); destination(d_mysql); };

Setting up log viewing via LogAnalyzer (Configuring apache)
Use Adiscon LogAnalyzer for the server unpack the sources folder in the archive to /var/www/html/logs

 # wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.3.tar.gz‘.

You’ll also need to run the following commands and turn back on selinux because initially during install you need to turn it off to allow configuration of syslog:

 touch /var/www/html/logs/config.php
 chmod 666 /var/www/html/logs/config.php
 setenforce 1



Setting up a client

we can use the default syslog package on CentOS 7,) rsyslog). But initially you can first redirect all of the logs to the new syslog server. Open up /etc/rsyslog.conf, at the bottom of the file, add the next line:

*.* @@your-syslog-server-ip

After this, restart the rsyslog service. Now, anything that you have logging to local syslog. You can verify this by going back to http://SyslogServerIP/logs and seeing for yourself.


Comments are closed.