Technitium DNS server zone high-availability

on
0

Oracle Cloud VPS: Rsyslog Loganalyzer Web Interface

on

Adiscon LogAnalyzer is a web interface to syslog and other network event data.
It provides easy browsing, analysis of realtime network events and reporting services.

1. Install loganalyzer and dependencies via apt-get.

sudo apt-get install loganalyzer apache2 php php-gd

2. Configure iptables firewall rules for the apache2 webpage HTTP/HTTPS access. Advise to secure your VPS by restricting iptables firewall access.

-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT

3. Configure Oracle Cloud's VCN to allow port 80/443 as well.

4. Open the loganalyzer (http://xxx.xxx.xxx.xxx/loganalyzer) in browser.

5. By default, loganalyzer will read data from /var/log/syslog. If encounter not readable error, make sure apache2 user (www-data) have read access to all files under /var/log. Add www-data to adm group. Remember to restart the apache2 service for the new access to take effect.

sudo usermod -a -G adm www-data
sudo systemctl restart apache2

6. Configure /etc/loganalyzer/config.php to add more log source files.

$CFG['DefaultSourceID'] = 'Source1';

$CFG['Sources']['Source1']['ID'] = "Source1";
$CFG['Sources']['Source1']['Name'] = "Syslog Disk File";
$CFG['Sources']['Source1']['Description'] = "Main syslog file from rsyslog daemon";
$CFG['Sources']['Source1']['SourceType'] = SOURCE_DISK;
$CFG['Sources']['Source1']['LogLineType'] = "syslog";
$CFG['Sources']['Source1']['MsgParserList'] = "";
$CFG['Sources']['Source1']['MsgNormalize'] = 0;
$CFG['Sources']['Source1']['DiskFile'] = "/var/log/syslog";
$CFG['Sources']['Source1']['ViewID'] = "SYSLOG";

$CFG['Sources']['Source2']['ID'] = "Source2";
$CFG['Sources']['Source2']['Name'] = "Apache2 Disk File";
$CFG['Sources']['Source2']['Description'] = "Apache2 access log";
$CFG['Sources']['Source2']['SourceType'] = SOURCE_DISK;
$CFG['Sources']['Source2']['LogLineType'] = "syslog";
$CFG['Sources']['Source2']['MsgParserList'] = "apache2";
$CFG['Sources']['Source2']['MsgNormalize'] = 0;
$CFG['Sources']['Source2']['DiskFile'] = "/var/log/apache2/access.log";
$CFG['Sources']['Source2']['ViewID'] = "WEBLOG";

7. If notice missing Facility and Severity data, configure rsyslog to use RSYSLOG_SyslogProtocol23Format under /etc/rsyslog.conf.

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format

8. Restart rsyslog service.

sudo systemctl restart rsyslog

9. Configure loganalyzer syslog LogLineType to syslog23 under /etc/loganalyzer/config.php.

$CFG['Sources']['Source1']['LogLineType'] = "syslog23";


Comments

Post a Comment