Visseroth
Guru
- Joined
- Nov 4, 2011
- Messages
- 546
So I'm not sure if I should start a new thread or wake this thread back up.
I'm attempting to install a syslog server in iocage and obviously php56 is out of date so I'm trying with 73 and so far so good but I get the point of installing the LogAnalyzer and I have to stop because there is no log analyzer, instead I see...
I assume I should use "log_analysis" but you know what happens when we assume.
The following are my so far modified notes and command list from the original post. Any help would be appreciated. I'm really getting tired of not having a syslog server to allow me to filter through what's been going on in my network.
You'll see that I stopped at the LogAnalyzer because I couldn't proceed without more information from someone that knows more than I do.
Any help is MUCH appreciated.
I'm attempting to install a syslog server in iocage and obviously php56 is out of date so I'm trying with 73 and so far so good but I get the point of installing the LogAnalyzer and I have to stop because there is no log analyzer, instead I see...
Code:
log_analysis/ logrotate/ logstash-forwarder/ logstash6/ logwatch/ log-courier/ logstalgia/ logstash5/ logtool/
I assume I should use "log_analysis" but you know what happens when we assume.
The following are my so far modified notes and command list from the original post. Any help would be appreciated. I'm really getting tired of not having a syslog server to allow me to filter through what's been going on in my network.
You'll see that I stopped at the LogAnalyzer because I couldn't proceed without more information from someone that knows more than I do.
Any help is MUCH appreciated.
Code:
nano /etc/rc.conf Install Apache Apache is a popular open source web server Code: cd /usr/ports/www/apache24 && make install clean BATCH=yes Configure Apache to run at boot Code: echo 'apache24_enable="YES"' >> /etc/rc.conf Start Apache Code: service apache24 start The error "Could not reliably determine the server's fully qualified domain name" is normal at this point Test connection to http://{jail IP address} You should see "It Works!" web page Configure Apache Code: nano /usr/local/etc/apache24/httpd.conf Find these lines and change them Code: ServerName syslogserver.local DirectoryIndex index.html index.php Add these lines to end of the file Code: <FilesMatch "\.php$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.phps$"> SetHandler application/x-httpd-php-source </FilesMatch> Alias /phpmyadmin "/usr/local/www/phpMyAdmin" <Directory "/usr/local/www/phpMyAdmin"> Options None AllowOverride None Require all granted </Directory> Save the file and exit nano. Restart Apache Code: service apache24 restart The error "Could not reliably determine the server's fully qualified domain name" goes away Install MySQL MySQL is a popular open source database server Code: cd /usr/ports/databases/mysql56-server && make install clean BATCH=yes Configure MySQL to run at boot Code: echo 'mysql_enable="YES"' >> /etc/rc.conf Start MySQL Code: service mysql-server start Add a root user to MySQL. MySQL logins are separate from FreeBSD logins, so this could be completely different. For this tutorial I am keeping it the user name and password as the OS login. Feel free to substitute your own password Code: /usr/local/bin/mysqladmin -u root password 'qazWSX' Install PHP PHP is a server-side scripting language for web development Code: cd /usr/ports/lang/php73 && make install clean BATCH=yes cd /usr/ports/www/mod_php73 && make install clean BATCH=yes cd /usr/ports/databases/php73-pdo_mysql && make install clean BATCH=yes Configure PHP Copy the sample configuration ini and modify it Code: cp /usr/local/etc/php.ini-development /usr/local/etc/php.ini nano /usr/local/etc/php.ini Find these lines about halfway through the file. Uncomment and modify them. You should use your own timezone https://php.net/manual/en/timezones.php Code: extension=php_mbstring.so extension=php_pdo_mysql.so date.timezone = America/Los_Angeles Test PHP Create a new file Code: nano /usr/local/www/apache24/data/test.php Add these lines to the file Code: <?php phpinfo(); ?> Restart Apache Code: service apache24 restart Test connection to http://{jail IP address}/test.php You should see a detailed information page on Apache and PHP (Optional) Install phpMyAdmin phpMyAdmin is a graphic interface to administer MySQL. It's not necessary for this tutorial, but may be useful later. You can also skip this for now and install it later. Code: cd /usr/ports/databases/phpmyadmin/ && make install clean BATCH=yes Configure phpMyAdmin Code: mkdir /usr/local/www/phpMyAdmin/config && chmod o+w /usr/local/www/phpMyAdmin/config chmod o+r /usr/local/www/phpMyAdmin/config.inc.php service apache24 restart Open http://{jail IP address}/phpmyadmin/setup Select "New server" Select the "Authentication" tab Under the "Authentication type" choose "http" from the drop-down list (using HTTP-Auth to sign-in into phpMyAdmin will avoid storing login/password credentials directly in config.inc.php) Remove "root" from the "User for config auth" Select "Apply" You will be returned you to the Overview page where you should see a new server listed Select “Save” in the Overview page Saves configuration as /usr/local/www/phpMyAdmin/config/config.inc.php Move newly created config so php uses it Code: mv /usr/local/www/phpMyAdmin/config.inc.php /usr/local/www/phpMyAdmin/ Open http://{jail IP address}/phpmyadmin/ and login to test ( root / qazWSX ) Config directory is no longer needed. Remove it, as well as the read permission added previously Code: rm -r /usr/local/www/phpMyAdmin/config chmod o-r /usr/local/www/phpMyAdmin/config.inc.php Install rsyslog rsyslog is a drop in replacement for syslog with additional features Code: cd /usr/ports/sysutils/rsyslog8 && make install clean Select "MYSQL - MySQL output module for rsyslog" and then select "OK", accept defaults for all other options Replace syslogd with rsyslogd Code: /etc/rc.d/syslogd stop echo 'syslogd_enable="NO"' >> /etc/rc.conf echo 'rsyslogd_enable="YES"' >> /etc/rc.conf ln -s /usr/local/etc/rc.d/rsyslogd /etc/rc.d/rsyslog Create the rsyslog database Code: mysql -u root -p enter password qazWSX In the mysql> prompt, enter the following commands (change the password on the last line if you are not using qazWSX Code: CREATE DATABASE Syslog; USE Syslog; CREATE TABLE SystemEvents ( ID int unsigned not null auto_increment primary key, CustomerID bigint, ReceivedAt datetime NULL, DeviceReportedTime datetime NULL, Facility smallint NULL, Priority smallint NULL, FromHost varchar(60) NULL, Message text, NTSeverity int NULL, Importance int NULL, EventSource varchar(60), EventUser varchar(60) NULL, EventCategory int NULL, EventID int NULL, EventBinaryData text NULL, MaxAvailable int NULL, CurrUsage int NULL, MinUsage int NULL, MaxUsage int NULL, InfoUnitID int NULL , SysLogTag varchar(60), EventLogType varchar(60), GenericFileName VarChar(60), SystemID int NULL ); CREATE TABLE SystemEventsProperties ( ID int unsigned not null auto_increment primary key, SystemEventID int NULL , ParamName varchar(255) NULL , ParamValue text NULL ); grant all privileges on Syslog.* to 'root'@'%' identified by 'qazWSX' with grant option; ctrl-c to quit mysql Make missing rsyslog directory mkdir /var/spool/rsyslog Configure rsyslog Code: nano /usr/local/etc/rsyslog.conf paste following into the new, blank file change the subnet on line 4 to match your network change the password on the last line if you are not using qazWSX Code: $ModLoad immark # provides --MARK-- message capability $ModLoad imuxsock # provides support for local system logging $ModLoad ommysql # load MySQL functionality $AllowedSender UDP, 192.168.1.0/24 # depends on your subnet obviously # for TCP use: module(load="imtcp") # needs to be done just once input(type="imtcp" port="514") # for UDP use: module(load="imudp") # needs to be done just once input(type="imudp" port="514") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $RepeatedMsgReduction on $WorkDirectory /var/spool/rsyslog $FileOwner root $FileGroup wheel $FileCreateMode 0777 $DirCreateMode 0755 $Umask 0022 $PrivDropToUser root $PrivDropToGroup wheel $IncludeConfig /etc/rsyslog.d/*.conf *.* :ommysql:127.0.0.1,Syslog,root,qazWSX Start rsyslog check to see it is working Code: service rsyslog start mysql -u root -p enter the password qazWSX enter the following query Code: USE Syslog; SELECT * FROM SystemEvents; (should get back 3-4 records) ctrl-c to quit mysql Install LogAnalyzer LogAnalyzer is a web interface for browsing the syslog server database Code: cd /usr/ports/sysutils/loganalyzer && make install clean DEFAULT_VERSIONS=php=73
Last edited: