Rsyslog - Installation on Centos 5

Brief report of the installation of rsyslog on Centos 5, with mysql support and PhpLogCon web interface.

This procedure has been tested on Centos 5 using the EPEL rpm repository.  

Ensure all necessary packages are installed:  
yum install rsyslog rsyslog-mysql  

If you want local mysql server and web interface:  
yum install mysql-server  
yum install httpd php php-mysyql php-gd  

If not running, start mysqld:  
service mysqld status || service mysqld start  

Create mysql database for rsyslog (file path changes on other distros/releases ):  
mysql < /usr/share/doc/rsyslog-mysql-2.0.0/createDB.sql  

Set mysql permissions (must be the same in /etc/rsyslog.conf and /path/top/phplogcon/config.php )  
mysql> grant all on Syslog.* to syslog@localhost identified by 'mypass';  
mysql> flush privileges ;  

vi /etc/rsyslog.conf  
# Log to Mysql Settings  
$ModLoad ommysql  
*.*       :ommysql:localhost,Syslog,syslog,phplogcon  
#Standard Redhat syslog settings  
*.info;mail.none;authpriv.none;cron.none                /var/log/messages  
authpriv.*                                              /var/log/secure  
mail.*                                                  -/var/log/maillog  
cron.*                                                  /var/log/cron  
*.emerg                                                 *  
uucp,news.crit                                          /var/log/spooler  
local7.*                                                /var/log/boot.log  

Try rsyslog (disable sysklogd):  
service syslog stop  
service rsyslog start  

If you get messages like:  
Feb 23 23:43:30 mon rsyslogd:could not load module '/usr/lib/rsyslog/ommysql', dlopen: /usr/lib/rsyslog/ommysql: cannot open shared object file: No such file or directory  

fix fast with:  
ln -s /usr/lib/rsyslog/ommysql.so /usr/lib/rsyslog/ommysql  
  
Enable rsyslog service at boot time (and disable default syslog)  
chkconfig syslog off  
chkconfig rsyslog on  


CENTRAL RSYSLOG   
As with standard syslogd edit /etc/sysconfig/rsyslog with option -r:  
SYSLOGD_OPTIONS="-m 0 -r"  
to enable the listening of syslog on the default 514 UDP port.  
This is necessary for a centralized syslog server.  


PHPLOGCON   
Get latest package from http://www.phplogcon.org/  
Unpack and move relevant files under Apache documents:     
tar -zxvf phplogcon-2.5.24.tar.gz  
cd phplogcon-2.5.24  
mkdir /var/www/html/syslog  
cp -a src/* /var/www/html/syslog  

cd /var/www/html/syslog  
To permit web configuration:    
chmod 666 config.php   
Browse to web interface: http://yourserver/syslog/ and follow on screen instructions.  
Enable a Mysql source and use the authentication settings defined before.  
Note that the logs table name is SystemEvents     
To restore safe settings (do it after web configuration):  
chmod 644 config.php

Privacy Policy