MonitorWare Knowledge Base

[Kaizen]

Hi,

Install on Fedora need some modifications. Here they are.
Assuming mysqld is installed.

rsyslog installation :

Dowload rsyslog-1.12.2.tar.gz (or newest release) and unpack

Code: Select all

wget http://www.rsyslog.com/Downloads-index-req-getit-lid-27.phtml
tar -zxvf rsyslog-1.12.2.tar.gz
cd rsyslog-1.12.2/linux

in Makefile, change

Code: Select all

FEATURE_DB=0

to

Code: Select all

FEATURE_DB=1

and

Code: Select all

LIBS = -lmysqlclient -L/usr/local/lib/mysql

to

Code: Select all

LIBS = -lmysqlclient -L/usr/lib/mysql

Compile

Code: Select all

make
make install

Let's configure it
create /etc/rsyslog.conf

Code: Select all

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

create /etc/sysconfig/rsyslog.conf

Code: Select all

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0 -r 514"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"

We need rsyslog to work as a service
create /etc/rc.d/init.d/rsyslog

Code: Select all

#!/bin/bash
#
# rsyslog        Starts rsyslogd/klogd.
#
#
# chkconfig: 2345 12 88
# description: Syslog is the facility by which many daemons use to log \
# messages to various system log files.  It is a good idea to always \
# run rsyslog.
### BEGIN INIT INFO
# Provides: $rsyslog
### END INIT INFO

# Source function library.
. /etc/init.d/functions

[ -f /usr/sbin/rsyslogd ] || exit 0
[ -f /sbin/klogd ] || exit 0

# Source config
if [ -f /etc/sysconfig/rsyslog ] ; then
        . /etc/sysconfig/rsyslog
else
        SYSLOGD_OPTIONS="-m 0"
        KLOGD_OPTIONS="-2"
fi

RETVAL=0

umask 077

start() {
        echo -n $"Starting system logger (rsyslog): "
        daemon rsyslogd $SYSLOGD_OPTIONS
        RETVAL=$?
        echo
        echo -n $"Starting kernel logger: "
        daemon klogd $KLOGD_OPTIONS
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/rsyslog
        return $RETVAL
}
stop() {
        echo -n $"Shutting down kernel logger: "
        killproc klogd
        echo
        echo -n $"Shutting down system logger (rsyslog): "
        killproc rsyslogd
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/rsyslog
        return $RETVAL
}
rhstatus() {
        status rsyslogd
        status klogd
}
restart() {
        stop
        start
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        rhstatus
        ;;
  restart|reload)
        restart
        ;;
  condrestart)
        [ -f /var/lock/subsys/rsyslog ] && restart || :
        ;;
  *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
        exit 1
esac

exit $?

Now, we have to modify logrotate

Code: Select all

cd /etc/logrotate.d
mv syslog .syslog.back

create /etc/logrotate.d/rsyslog

Code: Select all

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

Then we remove syslog from startup and add rsyslog

Code: Select all

chkconfig --del syslog
chkconfig --add rsyslog

We finally stop syslog and start rsyslog

Code: Select all

service syslog stop
service rsyslog start

rsyslog is now installed and acting as a syslog server.

phpLogCon :

Code: Select all

tar -zxvf phplogcon-1.2.2.tar.gz
mkdir /var/www/html/log
mv phplogcon-1.2.2/* /var/www/html/log/
chown apache:apache /var/www/html/log/ -R
chmow 755 /var/www/html/log/ -R

Create a db and a user with in SQL (read/write/create)

With your browser, go to http://your_server/log/install/install.php and follow the install instructions.

Once phpLogCon is installed, we need to tell rsyslog to store logs in the database.
In /etc/rsyslog.conf add (replacing values with your settings)

Code: Select all

*.*       >database-server,database-name,database-userid,database-password

We finally restart the service

Code: Select all

service rsyslog restart

With your browser, go to http://your_server/log/ , login and VOILA!

[lchang]

i think it can be used on FC 5,but there are some syntax error(for example,function missing ). I am looking for the solution.

[mmeckelein]

Please could you provide the details of the error messages?

Michael

[lchang]

[root@localhost linux]# make
cc -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce -I/usr/local/include -DWITH_DB -DFEATURE_REGEXP -DNDEBUG -DUSE_PTHREADS -c ../rfc3195d.c
cc -s -o rfc3195d rfc3195d.o
cc -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce -I/usr/local/include -DWITH_DB -DFEATURE_REGEXP -DNDEBUG -DUSE_PTHREADS -DSYSLOG_INET -DSYSLOG_UNIXAF -DFSSTND -DSYSLOGD_PIDNAME=\"rsyslogd.pid\" -c ../syslogd.c
../syslogd.c:172:26: 错误：mysql/mysql.h：没有那个文件或目录
../syslogd.c:173:26: 错误：mysql/errmsg.h：没有那个文件或目录
../syslogd.c:496: 错误：expected specifier-qualifier-list before ‘MYSQL’
../syslogd.c: 在函数 ‘getFIOPName’ 中：
../syslogd.c:756: 错误：‘FIOP_CONTAINS’ 未声明 (在此函数内第一次使用)
../syslogd.c:756: 错误：(即使在一个函数内多次出现，每个未声明的标识符在其
../syslogd.c:756: 错误：所在的函数内只报告一次。)
../syslogd.c:759: 错误：‘FIOP_ISEQUAL’ 未声明 (在此函数内第一次使用)
../syslogd.c:762: 错误：‘FIOP_STARTSWITH’ 未声明 (在此函数内第一次使用)
../syslogd.c: 在顶层：
../syslogd.c:1282: 警告：‘enum TCPSendStatus’ 在形参表内部声明
../syslogd.c:1282: 警告：它的作用域仅限于此定义或声明，这可能并不是您想要的
../syslogd.c:1282: 错误：形参 2 (‘iNewState’) 的类型不完全
../syslogd.c: 在函数 ‘TCPSendSetStatus’ 中：
../syslogd.c:1293: 错误：‘struct filed’ 没有名为 ‘f_un’ 的成员


*****************************************************************************
I want to use the rsyslog as the server to receive the syslog messages from the clients which run the syslogd.I want to get the configuration details as soon as possibly.
If not using the rsyslog,how to send the syslog messages to database?if there is other soft which makes the syslog support the database?
Thank you very much.

[Trellian]

I have created rpm packages for FC4 (recompile of the src.rpm on other FC versions and RH/CentOS should olso work) available here and here (src).
They will be available for as long as they are available, so no guarantees.

I used the configuration and init script posted in this tutorial. I hope you don't mind Kaizen.