this is obsolete doc -- see http://doc.nethence.com/ instead
Rsyslog & PHPSyslog
Introduction
Phpsyslog installation will create the database and its structure by itself (it asks for mysql root password). We then adapt rsyslog's configuration to fill in the colums correctly (table schema).
Phpsyslog installation
Phpsyslog's author hardcoded the path into some of his scripts. Therefore it's preferable to keep that path somehow, make it simple,
tar xvzf php-syslog-ng-*.tgz
mkdir /www
mv php-syslog-ng /www
mv /www/php-syslog-ng/html /var/www/html/logs
ln -s ../var/www/html/logs /www/php-syslog-ng/html
Point your desktop browser to this URL,
http: //SERVER/logs/install/
Fix the issues (vi /etc/php.ini),
display_errors = On
magic_quotes_gpc = On
memory_limit = 128M
max_execution_time = 60
Note. we're reloading Apache later.
Fix the permissions. Normaly we should do,
#chown -R apache:apache /var/www/html/logs/config
#chown -R apache:apache /var/www/html/logs/jpcache
But since phpsyslog needs to write a jpeg file at its rootdir (logs/graph.jpeg), we simply do,
chown -R apache:apache /var/www/html/logs
Allow .htaccess to work (vi /etc/httpd/conf/httpd.conf),
<Directory /var/www/html/logs>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
Restart Apache,
service httpd reload
reload the page in your browser and click Next,
http://SERVER/logs/install/ > Next
Step 1/ Fill in root password fields, sqluser and sqladmin password fields and press Next. If you get this error,
SQL=Column count doesn't match value count at row 1:
then change change this in the sample data SQL script and start over. In this file,
vi /var/www/html/logs/install/sql/sample_data.sql
add three empty fields at the end of each row,
,'','',''
Step 2/ Enter the title
Step 3/ Setup those,
URL for base url (without trailing slash)
Site URL for subdirectory (with trailing slash !)
(Note password)
Other options :
- 100 messages per page
- resolve IPs
To go get the diagram feature eventually make sure you've got this dependency installed,
rpm -qa | grep php-gd
and the MS Truetype fonts configured : http://pbraun.nethence.com/doc/fonts/msttcorefonts.html
Rsyslog installation
Make sure rsyslog is installed (since RHEL 5.2),
rpm -qa | grep rsyslog
ll /etc/rsyslog.conf
and activate it,
service syslog stop
service rsyslog start
chkconfig syslog off
chkconfig rsyslog on
Note. on RHEL5.1, you need to upgrade the initscripts and vixie-cron dependencies to 5.2,
rpm -e sysklogd \
initscripts \
vixie-cron
rpm -ivh rsyslog-2.0.0-11.el5.i386.rpm \
initscripts-8.45.19.EL-1.el5.centos.1.i386.rpm \
vixie-cron-4.1-72.el5.i386.rpm
Rsyslog configuration
Backup and edit rsyslog configuration,
cp /etc/rsyslog.conf /etc/rsyslog.conf.dist
vi /etc/rsyslog.conf,
like,
$ModLoad MySQL
$template syslog-ng,"insert into logs(host, facility, priority, level, tag, datetime, program, msg, seq, counter, fo, lo) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-text%', '%syslogseverity-text%', '%syslogtag%', '%timereported:::date-mysql%', '%programname%', '%msg%', '', '', '', '')", SQL
*.* >127.0.0.1,syslog,USERNAME,PASSWORD;syslog-ng
Note the there's only three lines here. The $template line is very long.
And apply and send a test log,
service rsyslog restart
logger -p local0.notice test
Ready to go
Go to the phpsyslog interface and check for that last test log. Note you can also check with phpmyadmin to see if the logs are sent to mysql : browse the 'logs' tables inside the 'syslog' database.
Post installation
Update the syslog/search_cache table,
php /www/php-syslog-ng/scripts/reloadcache.php
Apply the first log rotation by hand,
php /www/php-syslog-ng/scripts/logrotate.php
Automate those last manipulations (crontab -e),
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
#
0 3 * * * php /www/php-syslog-ng/scripts/reloadcache.php > /dev/null
0 0 1 * * php /www/php-syslog-ng/scripts/logrotate.php > /dev/null
References
Official Installation Guide : http://nms.gdd.net/index.php/Installation_Guide
Using php-syslog-ng with rsyslog : http://www.rsyslog.com/doc-rsyslog_php_syslog_ng.html
http://wiki.yobi.be/wiki/Php-Syslog-ng