In this paper, I describe how to install LogAnalyzer. It is intentionally a brief step-by-step guide, targeted to those who want to quickly get it up and running. For more elaborate information, please consult the rest of the manual set.
Optionally, you may need:
For obvious reasons, you also need some syslog data. Any standard syslogd will do. From a feature and stability point of view, we recommend either one of these (which we also wrote ;) ):
Both of them are also capable of writing to databases. Rsyslog is a drop-in replacement for stock syslogd and also *is* the stock syslogd on some platforms (e.g. Fedora 8 and above).
For obvious reasons, you need to download LogAnalyzer. Here, I assume that you use a distribution tarball.
Load the most recent build from http://loganalyzer.adiscon.comdownloads. Extract the software with "tar xzf -nameOfDownloadSet-". This will create a new subdirectory LogAnalyzer-version in the current working directory. CD into that.
Upload all files from the loganalyzer/src/ folder to you webserver. The other files are not needed on the webserver.
If your webserver has write access to the LogAnalyzer folder, you can skip the following step:
Upload the scripts configure.sh and secure.sh from the contrib folder to your webserver, into the same folder where you uploaded the other LogAnalyzer files into. Then set the execution flag to them (chmod +x configure.sh secure.sh).
Now run ./configure.sh, this will create a blank config.php, and will also set write access to everyone to it.
You can of course do this manually if you want.
Now open your LogAnalyzer installation in your favourite webbrowser, you will see an error, and you will be pointed to the installation script. The install script will guide you through the LogAnalyzer installation, just follow the instructions.
Prerequisites Beginning of installation / welcome site. This is the first page of the installation. It just tells you, that before installing, some file permission have to be checked. Simply click "Next" to start the process.
Verify the file permissions Here you will see, if the config.php can be written or not. If it cannot be written, you have to repeat the complete Step 2.
Basic Configuration
You can set several basic options here.
Number of syslog messages per page = 50 (default)
This is the number of syslog messages displayed on each page. You can increase the value (makes LogAnalyzer slower) or decrease the value (makes it faster).
Not implemented yet, some real magic may happen here at a later stage ;-) - for now, just skip it.
Create the first source for syslog messages. This is the most important step. Here, you will configure your first data source, which holds all your syslog data.
Mainly, you have to choose a "Name of the Source" and a "Source Type". The name will be displayed later in a drop-down menu with which you choose your active syslog source. The "Source Type" can be a file, a MySQL database or the PHP PDO which supports different database types like mssql, PostgreSQL, odbc, oracle or even ibm db2.
Logline Type = Syslog / Rsyslog (default) or Adiscon WinSyslog
This tells LogAnalyzer, how the lines look like. This is necessary for show the log messages properly.
Syslog File = /var/log/syslog (default)
This is the position of the logfile in your file system.
This is the table layout. Currently, you can use "monitorware" or "syslogng". For more details see "Note on MySQL Databases" below.
Database Host = localhost (default)
This is the host, where the database is located. By default this is localhost. You can specify any other host if necessary.
Database Name = loganalyzer (default)
The name of the database you want to use.
Database Tablename = systemevents (default)
This is the name of the table in which the data is stored. The default tablename corresponds to the tables created with the MonitorWare Line of products.
Database User = user (default)
The username for the database.
Database Password = not set by default
The password for the username.
Enable Row Counting = No (default)
If configured to "Yes", the amount of rows in the table will be counted with every query, giving you the total records for your search, though having a lot of impact on your system when using a very large database. If configured to "No", the rows will not be counted, providing you a lot more performance.
Database Storage Engine = MySQL Server (default)
Choose the engine of the database you are using. These databases are supported: MySQL Server, Microsoft SQL Server, ODBC Database Connection, PostgreSQL, Oracle Call Interface, IBM DB2, Firebird/Interbase 6, IBM Informix Dynamic Server, SQLite 2.
Table Type = monitorware (default)
This is the table layout. Currently, you can use "monitorware" or "syslogng". For more details see "Note on MySQL Databases" below.
Database Host = localhost (default)
This is the host, where the database is located. By default this is localhost. You can specify any other host if necessary.
Database Name = loganalyzer (default)
The name of the database you want to use.
Database Tablename = systemevents (default)
This is the name of the table in which the data is stored. The default tablename corresponds to the tables created with the MonitorWare Line of products.
Database User = user (default)
The username for the database.
Database Password = not set by default
The password for the username.
Enable Row Counting = No (default)
If configured to "Yes", the amount of rows in the table will be counted with every query, giving you the total records for your search, though having a lot of impact on your system when using a very large database. If configured to "No", the rows will not be counted, providing you a lot more performance.
Finish :)
If everything went right, you should see syslog messages already in your LogAnalyzer installation. You can now remove the install.php script now.
In most environments the webserver has only access to the web directory. If you want to read files e.g. from /var/log/ you have to grant the necessary permisson to your webserver.
A note for linux systems that have SELinux enabled, you will most likely get an access denied error when trying to access logs in /var/log regardless if the file permissions are correct.
Of course, you always need to make sure that the user the web server runs under also has the correct file permissions. Be careful when doing this, you may create a security vulnerability by granting too much to too many users.
LogAnalyzer does support using a MySQL database as syslog source. LogAnalyzer supports Adiscon's MonitorWare database schema. The schema used by php-syslog-ng is also partly supported. That schema, however, is somewhat inefficient in that it stores facility and severity codes as textual values. We do not currently convert these values back to their native format and consequently facility and severity can not be taken from a php-syslog-ng database.
This documentation is part of the
Adiscon LogAnalyzer project.
Copyright © 2008-2011 by Adiscon.
Released under the GNU GPL version 3 or higher.
Adiscon LogAnaylzer commercial licenses are also available.