HOWTO install LogAnalyzer



Abstract

In this paper, I describe how to install LogAnalyzer. It is intentionally a brief step-by-step guide, targeted to those who want to quickly get it up and running. For more elaborate information, please consult the rest of the manual set.

Steps To Do

To install LogAnalyzer, you need:

Optionally, you may need:

For obvious reasons, you also need some syslog data. Any standard syslogd will do. From a feature and stability point of view, we recommend either one of these (which we also wrote ;) ):

Both of them are also capable of writing to databases. Rsyslog is a drop-in replacement for stock syslogd and also *is* the stock syslogd on some platforms (e.g. Fedora 8 and above).

Step 1 - Download Software

For obvious reasons, you need to download LogAnalyzer. Here, I assume that you use a distribution tarball.

Load the most recent build from http://loganalyzer.adiscon.comdownloads. Extract the software with "tar xzf -nameOfDownloadSet-". This will create a new subdirectory LogAnalyzer-version in the current working directory. CD into that.

Step 2

Upload all files from the loganalyzer/src/ folder to you webserver. The other files are not needed on the webserver.

Step 3

If your webserver has write access to the LogAnalyzer folder, you can skip the following step:

Upload the scripts configure.sh and secure.sh from the contrib folder to your webserver, into the same folder where you uploaded the other LogAnalyzer files into. Then set the execution flag to them (chmod +x configure.sh secure.sh).

Now run ./configure.sh, this will create a blank config.php, and will also set write access to everyone to it.

You can of course do this manually if you want.

Step 4

Now open your LogAnalyzer installation in your favourite webbrowser, you will see an error, and you will be pointed to the installation script. The install script will guide you through the LogAnalyzer installation, just follow the instructions.

Step 4.1

Prerequisites Beginning of installation / welcome site. This is the first page of the installation. It just tells you, that before installing, some file permission have to be checked. Simply click "Next" to start the process.

Step 4.2

Verify the file permissions Here you will see, if the config.php can be written or not. If it cannot be written, you have to repeat the complete Step 2.

Step 4.3

Basic Configuration

You can set several basic options here.

Step 4.4

Not implemented yet, some real magic may happen here at a later stage ;-) - for now, just skip it.

Step 4.5

Create the first source for syslog messages. This is the most important step. Here, you will configure your first data source, which holds all your syslog data.

Mainly, you have to choose a "Name of the Source" and a "Source Type". The name will be displayed later in a drop-down menu with which you choose your active syslog source. The "Source Type" can be a file, a MySQL database or the PHP PDO which supports different database types like mssql, PostgreSQL, odbc, oracle or even ibm db2.

If you choose the diskfile, you have to provide the following information:
If you choose MySQL native as data source, following information is needed:
If you choose Database (PDO), the following has to be defined:

Step 4.6

Finish :)

Step 5

If everything went right, you should see syslog messages already in your LogAnalyzer installation. You can now remove the install.php script now.

Note on Accesing Files

In most environments the webserver has only access to the web directory. If you want to read files e.g. from /var/log/ you have to grant the necessary permisson to your webserver.

A note for linux systems that have SELinux enabled, you will most likely get an access denied error when trying to access logs in /var/log regardless if the file permissions are correct.

Of course, you always need to make sure that the user the web server runs under also has the correct file permissions. Be careful when doing this, you may create a security vulnerability by granting too much to too many users.

Note on MySQL Databases

LogAnalyzer does support using a MySQL database as syslog source. LogAnalyzer supports Adiscon's MonitorWare database schema. The schema used by php-syslog-ng is also partly supported. That schema, however, is somewhat inefficient in that it stores facility and severity codes as textual values. We do not currently convert these values back to their native format and consequently facility and severity can not be taken from a php-syslog-ng database.

Copyright

This documentation is part of the Adiscon LogAnalyzer project.
Copyright © 2008-2011 by Adiscon. Released under the GNU GPL version 3 or higher. Adiscon LogAnaylzer commercial licenses are also available.