How To Configure Syslog Server in Linux

This document provides steps to install a syslog server on Debian that logs messages to a MySQL database. It involves: 1. Installing Debian and required packages like Apache, PHP, MySQL, and Syslog-NG. 2. Configuring Syslog-NG to listen for UDP logs and use DNS caching. 3. Downloading PHP Syslog NG to view logs through a web interface. 4. Modifying the Syslog-NG configuration to pipe logs to a MySQL database. 5. Creating a script to load logs from the pipe to MySQL and running it on startup.

Uploaded by

binbert

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views

How To Configure Syslog Server in Linux

Uploaded by

binbert

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

Syslog server installation / configuration – Debian

Here is the step by step Installation procedure of a Syslog Server. Here I Used Debian platform.
If you are in a deferent platform please check your file names and path.

1, Install Debian lenny

Download link : http://www.debian.org/releases/stable/

2, Install Following applications

openssh-server
openssh-client
apache2
libapache2-mod-php5
php5-cli
php5-common
php5-cgi
mysql-client
mysql-common
mysql-server
php5-mysql
php5-sqlite
php5-gd
Syslog-NG‟

Root@server # apt-get install openssh-server openssh-client apache2 libapache2-mod-php5

php5-cli php5-common php5-cgi mysql-client mysql-common mysql-server php5-mysql php5-
sqlite php5-gd phpmyadmin
3, Configure /etc/default/syslog-ng

Root@server # vi /etc/default/syslog-ng

CONSOLE_LOG_LEVEL=1
case “x$KERNEL_RINGBUF_SIZE” in
x[0-9]*)
dmesg -s $KERNEL_RINGBUF_SIZE
;;
x)
;;
*)
echo “KERNEL_RINGBUF_SIZE is of unaccepted value.”
;;

4, Configure /etc/syslog-ng/syslog-ng.conf

Find following line and remove the comment

Change # udp(); to udp();

Change use_dns(no); to use_dns(yes);
add dns_cache(yes);

5, Downloaded and extract PHP Syslog NG to /var/www

Source : http://sourceforge.net/projects/php-syslog-ng/

6, Move Log from /var/log/syslog to MySQL

Add following script to the file

Root@server # vi /etc/syslog-ng/syslog-ng.conf

destination d_mysql {
pipe(“/var/log/mysql.pipe”
template(“INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( „$HOST‟, „$FACILITY‟, „$PRIORITY‟, „$LEVEL‟, „$TAG‟, „$YEAR-$MONTH-
$DAY $HOUR:$MIN:$SEC‟,
„$PROGRAM‟, „$MSG‟ );\n”) template-escape(yes));
};

log {
source(s_all);
destination(d_mysql);
};
7, Create a script to run in the start-up

root@Server # vi /etc/syslog-ng/syslog2mysql.sh

#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root –password=YOUR_PASS syslog < /var/log/mysql.pipe >/dev/null
done

8, Give execute permission to /etc/syslog-ng/syslog2mysql.sh

root@Server# chmod +x syslog2mysql.sh

9, Put this script to Startup

Create file /etc/rc2.d/S99syslog2mysql

And add following line in that file

/etc/syslog-ng/syslog2mysql.sh

Now run following command to make it as executable

root@Server# chmod +x /etc/rc2.d/S99syslog2mysql

10, Create a Database named SYSLOG

root@Server # mysql -uroot -p syslog /var/www/install/sql/dbsetup.sql

Give write access for file /var/www/config/config.php
root@Server # chmod 777 config/config.php

Now we have too configure the PHP syslog ng, for that access your server via web browser (
http://youripaddress/install/install.php ) and follow the steps. after the installation you can access
your server via web ( http://youripaddress/ )
www.binbert.com