Thursday, 17 April 2014

Installing Adiscon Loganalyzer on ubuntu and the related hiccups :)

I recently tried to install Adiscon Loganalyzer on ubuntu and boy it was a journey with a lot of googling and head wreaking! finally i managed to get it working to my liking.
Steves blog and Mikes blog were the two blogs that helped me a lot ( i have posted the links at the bottom of this article) and without thier blogs i would have definitly left it half way.

First you would want to install Ubuntu server, mine was on virtual box( i assume that you already have it installed and have it up and running, if you do have any questions about it kindly leave a comment and i will send you a detailed way to install the server)

Kindly make sure that you select the LAMP server option while installing the server as ,if you dont  install loganalyzer will work fine but once you restart the machine the the webpage wont load.
If you do forget to check the LAMP option during installation you can install it later using the command

 @ubuntu:~$  sudo apt-get install lamp-server^


I also recomend installing  SSH  as it would be easy for you to manage through a SSH client than straining you eye on the virtula box display.
 The command for installing ssh server is 

@ubuntu:~$ sudo apt-get install openssh-server


Ok, lets begin.

1)
@ubuntu:~$ sudo -s  (so that you dont have to keep typing sudo in the begining of ech command)
@ubuntu:~$ apt-get update

@ubuntu:~$ apt-get upgrade
@ubuntu:~$ apt-get install php5-gd
@ubuntu:~$ apt-get install rsyslog-mysql rsyslog-relp
you will be prompted for MySql password and to set a password for rsyslog (my recommendation is use a single password for test purposes and not for production purpose)

2)
we need to edit  /etc/rsyslog.conf and uncomment or add the following. This will set the server to accept inbound syslog messages on UDP and tcp port 514.
@ubuntu:~$ cd /etc (to move in to to the etc directory)
then use your favourite editor mine is Vi :)

@ubuntu:/etc$ vi rsyslog.conf
add the below lines
# provides UDP syslog reception

$ModLoad imudp

$UDPServerRun 514

# provides TCP syslog reception

$ModLoad imtcp

$InputTCPServerRun 514
Now, let's apply our changes:
@ubuntu:~$ service rsyslog restart

  Next use your favorite editor and create /etc/rsyslog.d/relp.conf and enter the following in it:
 
$ModLoad imrelp

$InputRELPServerRun 20514
 3)
 Make a working directory that it can store queue files in if needed.

@ubuntu:~$ mkdir -p /var/rsyslog/work

Now we need to add the following to /etc/rsyslog.conf

# Buffering stuff:

$WorkDirectory /var/rsyslog/work # default location for work (spool) files

$ActionQueueType LinkedList # use asynchronous processing

$ActionQueueFileName dbq # set file name, also enables disk mode

$ActionResumeRetryCount -1 # infinite retries on insert failure

@ubuntu:~$ service rsyslog restart

  Install LogAnalyzer- As of this writing, the newest version is v3.6.2


@ubuntu:~$ tar -xzf loganalyzer-3.6.2.tar.gz

@ubuntu:~$ cd loganalyzer-3.6.2

@ubuntu:~$ mkdir /var/www/logs

@ubuntu:~$ cp -R src/* /var/www/logs/

@ubuntu:~$ cp contrib/* /var/www/logs/

@ubuntu:~$ cd /var/www/logs/

@ubuntu:~$ chmod +x configure.sh secure.sh

@ubuntu:~$ ./configure.sh
 4)
To enable the authentication part of LogAnalyzer we need to make an empty database for users to be stored in and grant privileges on it.
~ # mysql -p
mysql> create database LogAnalyzerUsers;
mysql> show databases;
mysql> grant all on LogAnalyzerUsers.* to  username@'localhost' identified by '(pick a password)';
mysql> quit
5)
 Now open a web browser and go to http://"serverIP"/logs/. You will be pointed to the installation script which will guide you through the process of setting up LogAnalyzer.
On step 3, make sure to enable user database. Enter the database, username, and password we created above. Enable "Require user to be logged in". On step 7 use the following settings:
Name the source something logical seeing as it is going to be the compiled *logs from all your servers.
Source Type = MYSQL Native
Select View = Syslog Fields
Table type = MonitorWare
Database Host = localhost
Database Name = Syslog (case sensitive)
Database Tablename = SystemEvents (case sensitive)
Database User = rsyslog
Database password = (whatever you made it in step 2)
Enable Row Counting = no
 If you messup during the setup, all you need to do is enter the following commands

rm -rf config.php
touch config.php
chmod 666 config.php
and then reacceshttp://"serverIP"/logs/ and start the setup one more time.
Happy Loggin!

The commands and reference are from the following links.
http://stevesbog.blogspot.ae/2012/08/installing-and-configuring-loganalyzer.html
http://www.slsmk.com/setup-syslog-with-loganalyzer-on-ubuntu-server/

Few trouble shooting commands:
service rsyslog restart
sudo service mysql restart
sudo /etc/init.d/apache2 start

Thank you for reading!! :D