Instalasi dan Konfigurasi SYSLOG-NG dengan database MYSQL.

| Saturday, July 02, 2011

SYSLOG-NG adalah daemon yang bisa digunakan untuk menggantikan syslogd di FreeBSD atau di Linux yang berfungsi untuk merekam log2 yang ada, baik itu server berbasis linux, bsd ataupun mikrotik ;)
Dengan SYSLOG-NG yang digabung dengan database MySQL maka kita bisa menyimpan semua log secara terpusat dalam satu database, sehingga mudah untuk di manage.

Untuk Web Interface tampilan log saya memakai php-syslog-ng yg bisa di download di http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz
Syaratnya server anda sudah ada webserver support php

# cd /usr/local/www
# fetch http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz
# tar -xzvf php-syslog-ng-2.9.8.tgz
# chown -R www:www php-syslog-ng
# edit httpd.conf
Alias /log "/usr/local/www/php-syslog-ng/html/"

Options None
AllowOverride None
Order allow,deny
Allow from all


Jika sudah selesai langsung restart webserver dan akses http://ipserver/log
Akan muncul menu instalasi php-syslog, pastikan fitur2 PHP dan file web sudah sesuai (tidak ada warning) klik next, centang konfirmasi, next.
Isikan user root dan password mysql, nama database yang akan digunakan untuk menyimpan log, dan user untuk database dan password (user dan password ini diingat2 yah, karena untuk
konfigurasi syslog servernya),
Misalkan disini
user mysql : syslog
pass mysql : 123abc
nama db : syslogserv

Hilangkan centang dimenu bawah, klik next. next akan muncul :

URL : http://ipserver/log
site : log/ (ingat belakang harus ada backslash)
email : abc@aaaa.com
passwd : syslogadmin

Klik next, akan muncul user : admin passwd: syslogadmin

Selesaaiiii.. hehe untuk web interface sama database doang hehe..



Selanjutnya install via port :
# cd /usr/ports/sysutils/syslog-ng
# make install clean
# cd /usr/local/etc/syslog-ng/
# cp syslog-ng.conf.sample syslog-ng.conf

options { long_hostnames(off);
sync(0);
use_dns(yes);
use_fqdn(no); };

#
# sources
#
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
internal(); file("/dev/klog"); };

source netsrc { udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(514)); };

#
# destinations
#
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };
destination authlog { file("/var/log/auth.log"); };
destination maillog { file("/var/log/maillog"); };
destination lpd-errs { file("/var/log/lpd-errs"); };
destination xferlog { file("/var/log/xferlog"); };
destination cron { file("/var/log/cron"); };
destination debuglog { file("/var/log/debug.log"); };
destination consolelog { file("/var/log/console.log"); };
destination all { file("/var/log/all.log"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
# CISCO Destinations...
destination netlog { file("/var/log/network/$HOST/$YEAR$MONTH$DAY.log" owner(root) group(wheel) perm(0644) create_dirs(yes)); };

destination netsql
{
program("/usr/local/bin/mysql --user=syslog --password=123abc syslogserv < /var/log/mysql.pipe");
pipe ("/var/log/mysql.pipe"
template ("INSERT INTO syslogserv.logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$ISODATE', '$PROGRAM', '$MESSAGE' );\n")
template_escape(yes));
};

#
# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_not_authpriv { not facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };

#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
filter f_is_debug { level(debug); };

#
# program filters
#
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };

#
# host filters
#

# CISCO Filters
filter f_netswitch001 {host("10.1.5.1"); };
filter f_netswitch002 {host("10.1.5.2"); };
filter f_netswitch003 {host("10.1.5.3"); };
filter f_netswitch004 {host("10.1.5.4"); };
filter f_netswitch005 {host("172.16.4.1"); };
filter f_netrouter001 {host("10.1.5.9"); };
filter f_netrouter002 {host("172.16.4.2"); };
filter f_netserver001 {host("server1.example.com"); };
filter f_netserver002 {host("server2.example.com"); };
#
# *.err;kern.warning;auth.notice;mail.crit /dev/console
#
log { source(src); filter(f_err); destination(console); };
log { source(src); filter(f_kern); filter(f_warning); destination(console); };
log { source(src); filter(f_auth); filter(f_notice); destination(console); };
log { source(src); filter(f_mail); filter(f_crit); destination(console); };

#
# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
#
log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
log { source(src); filter(f_news); filter(f_err); destination(messages); };

#
# security.* /var/log/security
#
log { source(src); filter(f_security); destination(security); };

#
# auth.info;authpriv.info /var/log/auth.log
log { source(src); filter(f_auth); filter(f_info); destination(authlog); };
log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };

#
# mail.info /var/log/maillog
#
log { source(src); filter(f_mail); filter(f_info); destination(maillog); };

#
# lpr.info /var/log/lpd-errs
#
log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };

#
# ftp.info /var/log/xferlog
#
log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };

#
# cron.* /var/log/cron
#
log { source(src); filter(f_cron); destination(cron); };

#
# *.=debug /var/log/debug.log
#
log { source(src); filter(f_is_debug); destination(debuglog); };

#
# *.emerg *
#
log { source(src); filter(f_emerg); destination(allusers); };

#
# !startslip
# *.* /var/log/slip.log
#
log { source(src); filter(f_slip); destination(slip); };

#
# !ppp
# *.* /var/log/ppp.log
#
log { source(src); filter(f_ppp); destination(ppp); };

#
# CISCO Program Filters
#
log { source(netsrc); destination(netlog); };
log { source(netsrc); destination(netsql); };


taken from : http://www.freebsdwiki.net/index.php/Syslog-NG_Installation#Installation

# mkfifo /var/log/mysql.pipe
# ee /etc/rc.conf
syslogd_enable="NO"
syslog_ng_enable="YES"
syslogd_program="/usr/local/sbin/syslog-ng"
syslogd_flags=""

Setelah saya cek ternyata field yg digenerate oleh php-syslog ada yg kurang jadi silahkan login ke mysql server dan tambahkan sbb :


CREATE TABLE `logs` (
`host` varchar(128) default NULL,
`facility` varchar(10) default NULL,
`priority` varchar(10) default NULL,
`level` varchar(10) default NULL,
`tag` varchar(10) default NULL,
`datetime` datetime default NULL,
`program` varchar(15) default NULL,
`msg` text,
`seq` bigint(20) unsigned NOT NULL auto_increment,
`counter` int(11) NOT NULL default '1',
`fo` datetime default NULL,
`lo` datetime default NULL,
PRIMARY KEY (`seq`),
KEY `host` (`host`),
KEY `program` (`program`),
KEY `datetime` (`datetime`),
KEY `priority` (`priority`),
KEY `facility` (`facility`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;


Ok insya Allah sudah finish. Silahkan reboot server anda. Pastikan mysql server jalan dulu baru syslog-ng server.

bersambungg...

0 Comments  

Merubah data directory pada mysql server FreeBSD Server

, , | Friday, July 01, 2011

Secara default, jika kita install mysql server via port maka data-data dari database yang ada dalam mysql server akan tersimpan pada dir /var/db/mysql
Akan merepotkan kalau ternyata partisi /var kita terlalu kecil, sehingga data nambah sedikit aja partisi /var udah penuh.
Ada 2 cara untuk mensiasati hal tsb,
pertama ada merubah letak data directory pada file konfigurasi mysql kita my.cnf.
Hal ini memerlukan perubahan pada file konfigurasi my.cnf
# ee /var/db/mysql/my.cnf
[mysqld]
datadir=/data/mysqlbaru
Create directory tempat data baru disimpan
# mkdir /data/mysqlbaru
merubah owner directory tsb menjadi milik mysql
#chown -R mysql:mysql /data/mysqlbaru
kemudian start mysql
# /usr/local/etc/rc.d/mysql-server start

Cara kedua adalah dengan memindah dan melakukan linking directory mysql.
Detailnya sbb :

matikan server :
# /usr/local/etc/rc.d/mysql-server stop
# cd /var/db
pindahkan directory data mysql ke directory baru yang kapasitasnya lebih lega :
# mv mysql /data
lakukan linking directory
# ln -s /data/mysql /var/db/mysql
start server :
# /usr/local/etc/rc.d/mysql-server start

1 Comments  

Subscribe to: Posts (Atom)