Php-syslog-ng

From CEDPS

Jump to: navigation, search

This page contains notes on configuring php-syslog-ng.

It is based on information at: http://chaos.untouchable.net/index.php/HOWTO_setup_syslog-ng_to_log_to_mysql and http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG

First install mysql and apache with php support. Then untar php-syslog-ng package (http://sourceforge.net/projects/php-syslog-ng/)

Secure the php-syslog-ng config file, etc, by adding this to /etc/apache2/apache2.conf: 

<Directory "/var/www/phpsyslogng/scripts">
    Deny from all 
</Directory>
<Directory "/var/www/phpsyslogng/includes">
    Deny from all
</Directory>
<Directory "/var/www/phpsyslogng/config">
    Deny from all
</Directory>

and restart apache: 'apache2ctl restart'


Add passwords to the 'create users' section in phpsyslogng/scripts/dbsetup.sql , and run: 

mysql -u root < dbsetup.sql

Then add something like the following to your syslog-ng.conf file: 

destination d_mysql {
       pipe("/var/log/grid/mysql.pipe"
               template("INSERT INTO logs
               (host, facility, priority, level, tag, datetime, program, msg)
               VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', 
               '$YEAR-$MONTH-$DAY  $HOUR:$MIN:$SEC',  '$PROGRAM', '$MSG' );\n") 
               template-escape(yes));
};
filter notdebug {  level(info...emerg); };
filter my_hosts {  host("list of hosts you want to log") ; };
log { source(s_all); filter(notdebug); filter(my_hosts);  destination(d_mysql); };

Next edit phpsyslogng-2.8/config/config.php: 

add passwords set in dbsetup.sql
#
# and change this:
define('REQUIRE_AUTH', TRUE);
#
# and maybe this:
define('LOGROTATERETENTION', 60);

Then install this script somewhere (e.g.: in /etc/syslog-ng): 

#!/bin/sh 
# syslog-ng-mysql-pipe.sh
#
# This script takes input from a FIFO and run execute it as a query for
# a mysql database.
#
if [ ! -e /var/log/grid/mysql.pipe ]
then
   mkfifo /var/log/grid/mysql.pipe
   chmod o-r /var/log/grid/mysql.pipe
fi
while [ -e /var/log/grid/mysql.pipe ]
do
       mysql --user=syslogfeeder --password=PASS_HERE syslog < /var/log/grid/mysql.pipe
done

Finally, create a boot scrip with the following lines: 

  #!/bin/sh
  echo "running syslog-ng-mysql-pipe.sh"
  /etc/syslog-ng/syslog-ng-mysql-pipe.sh &


Then connect to your web server: http://yourwebhost.foo.org/phpsyslogng

login as user=admin, password=admin, then change the admin password, and set up additional users.


Then set up log rotation cron job to age out old data. This will require the php command line client package to be install (e.g.: apt-get install php5-cli) 

cat > /etc/cron.weekly/php-syslog-ng-logrotate
 #!/bin/sh
 php  /var/www/phpsyslogng/scripts/logrotate.php
 ^D
chmod +x  /etc/cron.weekly/php-syslog-ng-logrotate

to test, run: /etc/cron.weekly/php-syslog-ng-logrotate

Retrieved from "http://www.cedps.net/index.php/Php-syslog-ng"
Personal tools