Syslog server installation / configuration – Debian
Here is the step by step Installation procedure of a Syslog Server. Here I Used Debian platform. If you are in a deferent platform please check your file names and path.
1, Install Debian lenny Download link : http://www.debian.org/releases/stable/
3, Configure /etc/default/syslog-ng Root@server # vi /etc/default/syslog-ng CONSOLE_LOG_LEVEL=1 case “x$KERNEL_RINGBUF_SIZE” in x[0-9]*) dmesg -s $KERNEL_RINGBUF_SIZE ;; x) ;; *) echo “KERNEL_RINGBUF_SIZE is of unaccepted value.” ;; 4, Configure /etc/syslog-ng/syslog-ng.conf Find following line and remove the comment Change # udp(); to udp(); Change use_dns(no); to use_dns(yes); add dns_cache(yes); 5, Downloaded and extract PHP Syslog NG to /var/www Source : http://sourceforge.net/projects/php-syslog-ng/ 6, Move Log from /var/log/syslog to MySQL Add following script to the file Root@server # vi /etc/syslog-ng/syslog-ng.conf destination d_mysql { pipe(“/var/log/mysql.pipe” template(“INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( „$HOST‟, „$FACILITY‟, „$PRIORITY‟, „$LEVEL‟, „$TAG‟, „$YEAR-$MONTH$DAY $HOUR:$MIN:$SEC‟, „$PROGRAM‟, „$MSG‟ );\n”) template-escape(yes)); }; log { source(s_all); destination(d_mysql); };
7, Create a script to run in the start-up root@Server # vi /etc/syslog-ng/syslog2mysql.sh #!/bin/bash if [ ! -e /var/log/mysql.pipe ] then mkfifo /var/log/mysql.pipe fi while [ -e /var/log/mysql.pipe ] do mysql -u root –password=YOUR_PASS syslog < /var/log/mysql.pipe >/dev/null done
8, Give execute permission to /etc/syslog-ng/syslog2mysql.sh root@Server# chmod +x syslog2mysql.sh
9, Put this script to Startup Create file /etc/rc2.d/S99syslog2mysql And add following line in that file /etc/syslog-ng/syslog2mysql.sh Now run following command to make it as executable root@Server# chmod +x /etc/rc2.d/S99syslog2mysql
10, Create a Database named SYSLOG root@Server # mysql -uroot -p syslog /var/www/install/sql/dbsetup.sql Give write access for file /var/www/config/config.php root@Server # chmod 777 config/config.php Now we have too configure the PHP syslog ng, for that access your server via web browser ( http://youripaddress/install/install.php ) and follow the steps. after the installation you can access your server via web ( http://youripaddress/ )