Adiscon LogAnalyzer is a web interface to syslog/Rsyslog and other network event data. Although, it provides easy browsing, analysis of real time network events and reporting services. In this guide, we are going to learn how to install and Setup Adiscon LogAnalyzer on CentOS 8.
How to Install MariaDB on CentOS 8.
How to Install PHP on CentOS 8
Install and Setup Adiscon LogAnalyzer on CentOS 8
Step 1./ Install Prerequisites
In order for LogAnalyzer to function correctly, there are a number few required packages that need to be installed on our system.
01- Install Httpd, rsyslog-mysql packages:
$ yum install httpd php-mysqlnd wget rsyslog-mysql
02- Make sure the Httpd is up and running if not run the below command:
$ systemctl enable --now httpd
03- If the firewalld is installed, you have to allow the http protocol :
$ firewall-cmd --permanent --add-service=http $ firewall-cmd --reload
Step 2./ Create LogAnalyzer Database
01- First, import the default database scheme offered by RSYSLOG using the below command:
$ mysql -u root -p < /usr/share/doc/rsyslog/mysql-createDB.sql Enter password:
02- Second, let's verify if the Syslog database was imported correctly and create a new user:
$ mysql -u root -p Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 20 Server version: 10.3.17-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | Syslog | | information_schema | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.001 sec) MariaDB [(none)]> GRANT ALL ON Syslog.* TO 'rsyslog'@'localhost' IDENTIFIED BY 'Password'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> exit Bye
Step 3./ Configure Rsyslog Server
01- To start, we need to configure Rsyslog server to accept syslog from remote servers. First, make sure to backup your rsyslog configuration File:
$ cp /etc/rsyslog.conf /etc/rsyslog.conf.org
02- Now, find and uncomment the following lines to make your the Rsyslog server to listen on the udp and tcp ports.
[...] # Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html module(load="imudp") # needs to be done just once input(type="imudp" port="514") # Provides TCP syslog reception # for parameters see http://www.rsyslog.com/doc/imtcp.html module(load="imtcp") # needs to be done just once input(type="imtcp" port="514")
03- To forward logs into MySQL/MariaDB database. So, add the following lines to enable ommysql module and to create a new forwarding rule:
[...] # Load the MySQL Module module(load="ommysql") [...] #*.* :ommysql:127.0.0.1,Syslog_Database,syslog_user,password *.* :ommysql:127.0.0.1,Syslog,rsyslog,Password
04- After, you finished editing the file. Save and restart the rsyslog service
$ systemctl restart rsyslog
05- If the firewalld is installed, you have to allow the following ports to enable to receive logs from remote servers:
$ firewall-cmd --add-port=514/{tcp,udp} --permanent $ firewall-cmd --reload
Step 4./ Install LogAnalyzer
01- First go to the official Adiscon Loganlayzer website and download the most recent version of the software to your server.
$ VERSION=4.1.10 $ wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.10.tar.gz -P /tmp $ tar -xzvf /tmp/loganalyzer-${VERSION}.tar.gz -C /tmp/
02- Create the LogAnalyzer directory under the apache web directory:
[root@loganalyzer ~]# mkdir /var/www/html/loganalyzer
03- Copy the installation files into loganalyzer directory using the following commands:
$ cp -r /tmp/loganalyzer-${VERSION}/src/* /var/www/html/loganalyzer $ cp /tmp/loganalyzer-${VERSION}/contrib/configure.sh /var/www/html/loganalyzer
04- Create a blank configuration file named config.php
in loganalyzer directory and configure the correct Apache Selinux context using the following commands:
$ cd /var/www/html/loganalyzer $ bash configure.sh $ chcon -h -t httpd_sys_script_rw_t config.php
Step 5./ start LogAnalyzer web installer
01- After completing above steps open following url in your favorite web browser to start LogAnalyzer web installer.
http://localhost/loganalyzer
02- Just click Next
03- Make sure config.php
is writable and click Next
04- Fill the database details for loganalyzer, with the rsyslog database name, user and password created in latest steps and click Next.
05- Just click Next
06- Create an Administrator account and click Next.
07- Fill the Rsyslog database details, the tablename should be SystemEvents and click Next
08- click Finish
09- Login to LogAnalyzer using Administrator credentials
Conclusion
You have successfully installed Adiscon LogAnalyzer on CentOS 8. You might want to check the following guides:
8 comments
Hellodear,
i have installed rsyslog and loganalyzer according to your exemple very goog!
after fiished installation
i get this error
No syslog records found – Error Details:
Could not find the configured table, maybe misspelled or the tablenames are case sensitive
i have changed systemevents to SystemEvents noting
can you help me please
Hi,
open the file
/var/www/html/loganalyzer/config.php
and make sure the value ofDBTableName
field isSystemEvents
and reload the httpd service.when I write the command : chcon -h -t httpd_sys_script_rw_t /var/www/html/loganalyzer/config.php
chcon: can’t apply partial context to unlabeled file ‘config.php’ | I searched a lot, to resolve this problem, ( os: centos 7 )
also in the web interface of log Analyzer :
” Could not find the configured table, maybe misspelled or the tablenames are case sensitive ”
yet I checked: /var/www/html/loganalyzer/config.php
This error is often due to wrong syntax in the DBTableName field. To fix it you need to edit the /var/www/html/loganalyzer/config.php file and check if the DBTableName value is written with the correct capital letters like below:
SystemEvents
MariaDB [Syslog]> select count(*) from SystemEvents;
+———-+
| count(*) |
+———-+
| 0 |
+———-+
1 row in set (0.00 sec)
help me
Could not find the configured table, maybe misspelled or the tablenames are case sensitive
I fix systemevent → SystemEvents
but this error no fixed
Hi, try to restart the httpd service.
Dear SIR
Could you help to show us how to add cilent server for forward log to centralize log server ?
Thanks and best regard
chorn