Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

New installation on RHEL7 - No syslog records found

Everything which is related to the installation of phpLogCon.

Moderator: alorbach

Google Ads


New installation on RHEL7 - No syslog records found

Postby sitmxj1 » Mon Feb 01, 2016 2:53 am

Hi,

I am trying to get LogAnalyzer working on the following platform:

    OS = Red Hat Enterprise Linux Server release 7.1 (Maipo)
    Loganalyzer = 3.6.6
    Database = MariaDB
    Web Server = Apache

I believe I have configured it all correctly but am getting "no syslog records found" on the webpage. Weirdly the "Statistics" page IS showing me the graph data, so it can see the data from the database!

Troubleshooting info:

    Created the MariaDB database with rsyslog-mysql supplied create script (i.e. /usr/share/doc/rsyslog-7.4.7/mysql-createDB.sql)
    Rsyslogd has been configured to use the "Syslog" database created by the script
    A manual mysql query of the "SystemEvents" table shows the rsyslog messages are being logged to the database
    LogAnalyzer config.php settings look ok (see below)
    LogAnalyzer reporting "no syslog records found"
    LogAnalyzer statistics page is showing rsyslog data counts from the database

The config.php for LogAnalyzer looks like:
Code: Select all
$CFG['DefaultSourceID'] = 'Source1';

$CFG['Sources']['Source1']['ID'] = 'Source1';
$CFG['Sources']['Source1']['Name'] = 'rsyslog MySQL Database';
$CFG['Sources']['Source1']['ViewID'] = 'SYSLOG';
$CFG['Sources']['Source1']['SourceType'] = SOURCE_PDO;
$CFG['Sources']['Source1']['DBTableType'] = 'monitorware';
$CFG['Sources']['Source1']['DBType'] = DB_MYSQL;
$CFG['Sources']['Source1']['DBServer'] = 'localhost';
$CFG['Sources']['Source1']['DBName'] = 'Syslog';
$CFG['Sources']['Source1']['DBUser'] = 'rsysloguser';
$CFG['Sources']['Source1']['DBPassword'] = '<password removed>';
$CFG['Sources']['Source1']['DBTableName'] = 'SystemEvents';
$CFG['Sources']['Source1']['DBEnableRowCounting'] = false;


The below thread sounds similar, but is a long time ago so didn't want to re-open an old thread:
syslog-records-found-t11922.html

Reading that thread I am using 3.6.6 which is the latest stable download available currently.

Also some of the online guides I've seen show the Installer creating and admin account for the console... mine did not do that. How do I access the admin console for setting up debugging?

Any assistance would be appreciated :)


Michael.
sitmxj1
New
 
Posts: 4
Joined: Mon Feb 01, 2016 2:40 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: New installation on RHEL7 - No syslog records found

Postby sitmxj1 » Mon Feb 01, 2016 2:58 am

Ok I found this document which described the requirement for a Checksum column within the database, which I currently do not have. Giving that a try:

http://loganalyzer.adiscon.com/articles ... %E2%80%9D/

Also I tried to go to /admin on my server after finding the directory on the filesystem and got:

Code: Select all
Error occured
Errordetails:   
The LogAnalyzer user system is currently disabled or not installed.


So I'll look into that some more also.
sitmxj1
New
 
Posts: 4
Joined: Mon Feb 01, 2016 2:40 am

Re: New installation on RHEL7 - No syslog records found

Postby sitmxj1 » Mon Feb 01, 2016 3:10 am

Added the column:

Code: Select all
MariaDB [Syslog]> ALTER TABLE `SystemEvents` ADD COLUMN `Checksum` INT NOT NULL DEFAULT '0' AFTER `SystemID`;
Query OK, 47 rows affected (0.02 sec)
Records: 47  Duplicates: 0  Warnings: 0

MariaDB [Syslog]> describe SystemEvents;
+--------------------+------------------+------+-----+---------+----------------+
| Field              | Type             | Null | Key | Default | Extra          |
+--------------------+------------------+------+-----+---------+----------------+
| ID                 | int(10) unsigned | NO   | PRI | NULL    | auto_increment |
| CustomerID         | bigint(20)       | YES  |     | NULL    |                |
| ReceivedAt         | datetime         | YES  |     | NULL    |                |
| DeviceReportedTime | datetime         | YES  |     | NULL    |                |
| Facility           | smallint(6)      | YES  |     | NULL    |                |
| Priority           | smallint(6)      | YES  |     | NULL    |                |
| FromHost           | varchar(60)      | YES  |     | NULL    |                |
| Message            | text             | YES  |     | NULL    |                |
| NTSeverity         | int(11)          | YES  |     | NULL    |                |
| Importance         | int(11)          | YES  |     | NULL    |                |
| EventSource        | varchar(60)      | YES  |     | NULL    |                |
| EventUser          | varchar(60)      | YES  |     | NULL    |                |
| EventCategory      | int(11)          | YES  |     | NULL    |                |
| EventID            | int(11)          | YES  |     | NULL    |                |
| EventBinaryData    | text             | YES  |     | NULL    |                |
| MaxAvailable       | int(11)          | YES  |     | NULL    |                |
| CurrUsage          | int(11)          | YES  |     | NULL    |                |
| MinUsage           | int(11)          | YES  |     | NULL    |                |
| MaxUsage           | int(11)          | YES  |     | NULL    |                |
| InfoUnitID         | int(11)          | YES  |     | NULL    |                |
| SysLogTag          | varchar(60)      | YES  |     | NULL    |                |
| EventLogType       | varchar(60)      | YES  |     | NULL    |                |
| GenericFileName    | varchar(60)      | YES  |     | NULL    |                |
| SystemID           | int(11)          | YES  |     | NULL    |                |
| Checksum           | int(11)          | NO   |     | 0       |                |
+--------------------+------------------+------+-----+---------+----------------+
25 rows in set (0.00 sec)

MariaDB [Syslog]> quit


Still getting the no syslog records found. Wondered if it might be because the existing data didn't have checksums. So used "logger" to log a new message to the database. Can see the checksum values as "0" on all records.

Code: Select all
MariaDB [Syslog]> select ReceivedAt, Message, Checksum from SystemEvents;
<snip>
| 2016-02-01 12:05:46 | Reloaded The Apache HTTP Server.                                                                                                                                                                                           |        0 |
| 2016-02-01 12:05:46 | Unregistered Authentication Agent for unix-process:24151:517553066 (system bus name :1.2991, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)                      |        0 |
| 2016-02-01 12:06:11 | Michael Jorgensen test syslog message                                                                                                                                                                                      |        0 |
+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+
51 rows in set (0.00 sec)
sitmxj1
New
 
Posts: 4
Joined: Mon Feb 01, 2016 2:40 am

Re: New installation on RHEL7 - No syslog records found

Postby sitmxj1 » Mon Feb 01, 2016 5:30 am

I have reconfigured with the UserDB enabled. I have then enabled Debug Messages in Admin Centre.

When I click "Show Events", I now get this error display in Browser:

Code: Select all
Debug Level    Debug Message
Debug    LogStream|SetFilter: SetFilter combined = ''.

Error    
LogStreamPDO|PrintDebugError: ER_BAD_FIELD_ERROR - Dynamically Adding field 'processid' with Statement failed: 'ALTER TABLE `SystemEvents` ADD `processid` varchar(60) NULL'
Detail error: 42000;1142;ALTER command denied to user 'rsysloguser'@'localhost' for table 'SystemEvents'
Error Code: 42000


Previously the mysql database user I had created, based on some online HowTOs had the following permissions:

GRANT SELECT, INSERT, UPDATE, DELETE ON Syslog.* TO 'rsysloguser'@'localhost' IDENTIFIED BY '<password removed>';

After seeing the above debug error I changed this to:

grant all privileges ON Syslog.* TO 'rsysloguser'@'localhost' IDENTIFIED BY '<password removed>'';


I can now see Events!! :)
sitmxj1
New
 
Posts: 4
Joined: Mon Feb 01, 2016 2:40 am

Google Ads



Return to Installation

Who is online

Users browsing this forum: No registered users and 0 guests

cron