this is obsolete doc -- see instead

Rsyslog & PHPSyslog 




Phpsyslog installation will create the database and its structure by itself (it asks for mysql root password). We then adapt rsyslog's configuration to fill in the colums correctly (table schema). 



Phpsyslog installation 

Phpsyslog's author hardcoded the path into some of his scripts. Therefore it's preferable to keep that path somehow, make it simple, 

tar xvzf php-syslog-ng-*.tgz
mkdir /www
mv php-syslog-ng /www
mv /www/php-syslog-ng/html /var/www/html/logs
ln -s ../var/www/html/logs /www/php-syslog-ng/html


Point your desktop browser to this URL, 

http: //SERVER/logs/install/


Fix the issues (vi /etc/php.ini), 

display_errors = On
magic_quotes_gpc = On
memory_limit = 128M
max_execution_time = 60

Note. we're reloading Apache later. 


Fix the permissions. Normaly we should do, 

#chown -R apache:apache /var/www/html/logs/config
#chown -R apache:apache /var/www/html/logs/jpcache

But since phpsyslog needs to write a jpeg file at its rootdir (logs/graph.jpeg), we simply do, 

chown -R apache:apache /var/www/html/logs


Allow .htaccess to work (vi /etc/httpd/conf/httpd.conf), 

<Directory /var/www/html/logs>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all


Restart Apache, 

service httpd reload

reload the page in your browser and click Next, 

http://SERVER/logs/install/ > Next


Step 1/ Fill in root password fields, sqluser and sqladmin password fields and press Next. If you get this error, 

SQL=Column count doesn't match value count at row 1:

then change change this in the sample data SQL script and start over. In this file, 

vi /var/www/html/logs/install/sql/sample_data.sql

add three empty fields at the end of each row, 



Step 2/ Enter the title 


Step 3/ Setup those, 

URL for base url (without trailing slash)
Site URL for subdirectory (with trailing slash !)
(Note password)


Other options : 

- 100 messages per page 

- resolve IPs 


To go get the diagram feature eventually make sure you've got this dependency installed, 

rpm -qa | grep php-gd

and the MS Truetype fonts configured : 



Rsyslog installation 

Make sure rsyslog is installed (since RHEL 5.2), 

rpm -qa | grep rsyslog
ll /etc/rsyslog.conf

and activate it, 

service syslog stop
service rsyslog start
chkconfig syslog off
chkconfig rsyslog on


Note. on RHEL5.1, you need to upgrade the initscripts and vixie-cron dependencies to 5.2, 

rpm -e sysklogd \
  initscripts \
rpm -ivh rsyslog-2.0.0-11.el5.i386.rpm \
  initscripts-8.45.19.EL-1.el5.centos.1.i386.rpm \



Rsyslog configuration 

Backup and edit rsyslog configuration, 

cp /etc/rsyslog.conf /etc/rsyslog.conf.dist
vi /etc/rsyslog.conf,


$ModLoad MySQL
$template syslog-ng,"insert into logs(host, facility, priority, level, tag, datetime, program, msg, seq, counter, fo, lo) values ('%HOSTNAME%', '%syslogfacility-text%', '%syslogpriority-text%', '%syslogseverity-text%', '%syslogtag%',  '%timereported:::date-mysql%', '%programname%', '%msg%', '', '', '', '')", SQL
*.*                     >,syslog,USERNAME,PASSWORD;syslog-ng

Note the there's only three lines here. The $template line is very long. 


And apply and send a test log, 

service rsyslog restart
logger -p local0.notice test



Ready to go 

Go to the phpsyslog interface and check for that last test log. Note you can also check with phpmyadmin to see if the logs are sent to mysql : browse the 'logs' tables inside the 'syslog' database. 



Post installation 

Update the syslog/search_cache table, 

php /www/php-syslog-ng/scripts/reloadcache.php

Apply the first log rotation by hand, 

php /www/php-syslog-ng/scripts/logrotate.php


Automate those last manipulations (crontab -e), 

0 3 * * * php /www/php-syslog-ng/scripts/reloadcache.php > /dev/null
0 0 1 * * php /www/php-syslog-ng/scripts/logrotate.php   > /dev/null




Official Installation Guide : 

Using php-syslog-ng with rsyslog :