forked from rsyslog/loganalyzer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
210 lines (151 loc) · 8.25 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
LogAnalyzer Installation help
----------------------------------
To install LogAnalyzer, you will need:
* Apache or IIS Webserver
* PHP5
Optionally, you may need:
* MySQL Database
For obvious reasons, you also need some syslog data. Any standard
syslogd will do. From a feature and stability point of view, we
recommend either one of these (which we also wrote ;)):
- WinSyslog (for Windows Environments - http://www.winsyslog.com)
- rsyslog (for Linux/Unix Environments - http://www.rsyslog.com)
Both of them are also capable to writing to a database. Rsyslog is
a drop-in replacement for stock syslogd and also *is* the stock
syslogd on some platforms (e.g. Fedora 8 and above).
Installation in Detail
----------------------
1. Upload all files from the loganalyzer/src/ folder to you webserver.
The other files are not needed on the webserver.
2. If your webserver has write access to the LogAnalyzer folder,
you can skip the following step:
Upload the scripts configure.sh and secure.sh from the
contrib folder to your webserver, into the same folder
where you uploaded the other LogAnalyzer files into. Then set
the execution flag to them (chmod +x configure.sh secure.sh).
Now run ./configure.sh, this will create a blank config.php,
and will also set write access to everyone to it.
You can of course do this manually if you want.
3. Now open your LogAnalyzer installation in your favourite webbrowser,
you will see an error, and you will be pointed to the installation
script. The install script will guide you through the LogAnalyzer
installation, just follow the instructions.
3.1 Step 1 - Prerequisites Beginning of installation / welcome site
This is the first page of the installation. It just tells
you, that before installing, some file permission have to
be checked. Simply click "Next" to start the process.
3.2 Step 2 - Verify the file permissions
Here you will see, if the config.php can be written or not.
If it cannot be written, you have to repeat the complete
Step 2.
3.3 Step 3 - Basic Configuration
You can set several basic options here.
- Number of syslog messages per page = 50 (default)
This is the number of syslog messages displayed on each page.
You can increase the value (makes LogAnalyzer slower) or decrease
the value (makes it faster).
- Message character limit for the main view = 80 (default)
Set the number of characters per message which will be shown
in the last column of the main view. Full messages can be
reviewed by hovering the mouse over it.
- Show message details popup (default yes) = yes (default)
Here you can set, if you want the small window with the complete
message to pop up if you are hovering over a event with the
cursor. If you choose "No", then you have to click on the
message to see the details.
3.4 Step 4 - not implemented yet
3.5 Step 5 - not implemented yet
3.6 Step 6 - not implemented yet
3.7 Step 7 - Create the first source for syslog messages
This is the most important step. Here, you will configure
your first data source, which holds all your syslog data.
Mainly, you have to choose a "Name of the Source" and a
"Source Type". The name will be displayed later in a drop-down
menu with which you choose your active syslog source. The
"Source Type" can be a file, a MySQL database or the PHP PDO
which supports different database types like mssql, PostgreSQL,
odbc, oracle or even ibm db2.
If you choose the diskfile, you have to provide the following
information:
- Logline Type = Syslog / Rsyslog (default) or Adiscon WinSyslog
This tells LogAnalyzer, how the lines look like. This is
necessary for show the log messages properly.
- Syslog File = /var/log/syslog (default)
This is the position of the logfile in your file system.
If you choose MySQL native as data source, following information
is needed:
- Table Type = monitorware (default)
This is the table layout. Currently, you can use "monitorware"
or "syslogng". For more details see "Note on MySQL Databases"
below.
- Database Host = localhost (default)
This is the host, where the database is located. By default this
is localhost. You can specify any other host if necessary.
- Database Name = loganalyzer (default)
The name of the database you want to use.
- Database Tablename = systemevents (default)
This is the name of the table in which the data is stored. The
default tablename corresponds to the tables created with the
MonitorWare Line of products.
- Database User = user (default)
The username for the database.
- Database Password = not set by default
The password for the username.
- Enable Row Counting = No (default)
If configured to "Yes", the amount of rows in the table will be
counted with every query, giving you the total records for your
search, though having a lot of impact on your system when using
a very large database. If configured to "No", the rows will not
be counted, providing you a lot more performance.
If you choose Database (PDO), the following has to be defined:
- Database Storage Engine = MySQL Server (default)
Choose the engine of the database you are using. The databases
are available: MySQL Server, Microsoft SQL Server, ODBC
Database Connection, PostgreSQL, Oracle Call Interface, IBM
DB2, Firebird/Interbase 6, IBM Informix Dynamic Server,
SQLite 2.
- Table Type = monitorware (default)
This is the table layout. Currently, you can use "monitorware"
or "syslogng". For more details see "Note on MySQL Databases"
below.
- Database Host = localhost (default)
This is the host, where the database is located. By default this
is localhost. You can specify any other host if necessary.
- Database Name = loganalyzer (default)
The name of the database you want to use.
- Database Tablename = systemevents (default)
This is the name of the table in which the data is stored. The
default tablename corresponds to the tables created with the
MonitorWare Line of products.
- Database User = user (default)
The username for the database.
- Database Password = not set by default
The password for the username.
- Enable Row Counting = No (default)
If configured to "Yes", the amount of rows in the table will be
counted with every query, giving you the total records for your
search, though having a lot of impact on your system when using
a very large database. If configured to "No", the rows will not
be counted, providing you a lot more performance.
3.8 Step 8 - Finish
4. If everything went right, you should see syslog messages already
in your LogAnalyzer installation. You can now remove the install.php
script now.
Note on Accesing Files
--------------------------------
In most environments the webserver has only access to the web directory.
If you want to read files e.g. from /var/log/ you have to grant
the necessary permisson to your webserver.
Of course, you always need to make sure that the user the web server
runs under also has the correct file permissions. Be careful when doing
this, you may create a security vulnerability by granting too much
to too many users.
Note on MySQL Databases
--------------------------------
LogAnalyzer does support using a MySQL database as syslog source.
LogAnalyzer supports Adiscon's MonitorWare database schema. The schema
used by php-syslog-ng is also partly supported. That schema, however, is
somewhat inefficient in that it stores facility and severity codes as
textual values. We do not currently convert these values back to their
native format and consequently facility and severity can not be taken
from a php-syslog-ng database.