The following document describes how to install and configure a SysLog Server on a CentOS 6.5 Linux Operating System. The steps described below can also be applied to other distributions with very minor corrections. For more information check the corresponding documentation.
The solution is based on three main component:
LAMP stack (Linux, Apache, MySQL, PHP)
Rsyslog server http://www.rsyslog.com/
LogAnalyzer http://loganalyzer.adiscon.com/
This guide assumes that both SELinux and IPTables are disabled and not running. If that kind of security level is necessary, check the proper documentation.
The solution is based on three main component:
LAMP stack (Linux, Apache, MySQL, PHP)
Rsyslog server http://www.rsyslog.com/
LogAnalyzer http://loganalyzer.adiscon.
This guide assumes that both SELinux and IPTables are disabled and not running. If that kind of security level is necessary, check the proper documentation.
Apache
To install Apache Web server open a root command line and type:
[root@localhost ]# yum install httpd
Start the server:
[root@localhost ]# service httpd start
Set automatically start the server at boot time:
[root@localhost ]# chkconfig httpd on
Test the Apache installation:
Open http://localhost or http://your-server-address on your web browser of choice and check if Apache is working. You should see a page like this:

MySQL
To install MySQL database, open a root command line and type:
[root@localhost ]# yum install mysql mysql-server
Start the server:
[root@localhost ]# service mysqld start
Set the server to automatically start on boot:
[root@localhost ]# chkconfig mysql on
Change the MySQL root user password
[root@localhost ]# mysqladmin -u root password 'changeMe'
Test the MySQL installation.
Log in to the database:
[root@localhost ]# mysql -u root -p
You should receive an output like this:
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> Type 'exit' to log out: mysql> exit
PHP
To install PHP open a root command line and type:
[root@localhost ]# yum install php php-mysql
Create a simple test page to test the installation, by using your editor of choice:
[root@localhost ]# nano /var/www/html/test.php
Insert the following content:
<?php phpinfo(); ?>
Save and close.
Restart the web server:
[root@localhost ]# service httpd restart
Open http://localhost/test.php or http://your-server-address/

Rsyslog
To install Rsyslog server, open a root command line and type:
[root@localhost ]# yum install rsyslog*
Start the server:
[root@localhost ]# service rsyslog start
Set automatically start the server at boot time:
[root@localhost ]# chkconfig rsyslog on
Rename the Rsyslog database:
[root@localhost ]# nano /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
From Syslog to rsyslogdb
CREATE DATABASE rsyslogdb; USE rsyslogdb; CREATE TABLE SystemEvents ( [...]
Create the rsyslogdb database:
[root@localhost ]# mysql -u root -p < /usr/share/doc/rsyslog-mysql-5.8.10/createDB.sql
Now you should be able to access the database:
[root@localhost ]# mysql -u root -p rsyslogdb
Create a dedicated user to access the Rsyslog database:
mysql> GRANT ALL ON rsyslogdb.* TO rsysloguser@localhost IDENTIFIED BY 'changeMe'; mysql> FLUSH PRIVILEGES; mysql> exit
Test if you can access the database with the new user typing:
[root@localhost ]# mysql -u rsysloguser -p rsyslogdb
Configure the Rsyslog server in order to use MySQL.
Open the configuration file:
[root@localhost ]# nano /etc/rsyslog.conf
Uncomment the following modules:
$ModLoad imudp $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514
Add the MySQL module:
$ModLoad ommysql
Add the forwarding rule:
*.* :ommysql:127.0.0.1,rsyslogdb,rsysloguser,changeMe
where:
127.0.0.1 - mysql server address rsyslogdb - mysql rsyslog database name rsysloguser - mysql rsyslog database user username changeMe - mysql rsyslog database user password
Save and exit.
Restart the Rsyslog server in order to load the new configuration:
[root@localhost ]# service rsyslog restart
You should be able to see the log entry in the database:
[root@localhost ]# mysql -u rsysloguser -p rsyslogdb
mysql> select count(*) from SystemEvents;
+----------+
| count(*) |
+----------+
| 2 |
+----------+
You should have a count number greater than ZERO. If not, wait a few seconds in order to let Rsyslog to generate log entries.
Hint:
To send a test message to the log:
[root@localhost ]# echo '<14>ip_address_here tag_here message here' | nc -v -u -w 0 127.0.0.1 514
LogAnalyzer
Download the latest version of the software (when this document was written, it was 3.6.5):
[root@localhost ]# wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5. tar.gz
Unpack the tarball:
[root@localhost ]# tar zxvf loganalyzer-3.6.5.tar.gz
Copy installation files to the desired folder:
[root@localhost ]# cp -r loganalyzer-3.6.5/src/ /var/www/html/loganalyzer [root@localhost ]# cp -r loganalyzer-3.6.5/contrib/* /var/www/html/loganalyzer/
Change directory to the installation folder:
[root@localhost ]# cd /var/www/html/loganalyzer/
Add the execution permission to the following files:
[root@localhost ]# chmod +x configure.sh secure.sh
Now run ./configure.sh. This will create a blank config.php, and will also set write access to everyone to it.
[root@localhost ]# ./configure.sh
To complete the installation open http://localhost/loganalyzer or http://your-server-address/
Click on here link and start the guided installation process:

Step 1
Simply click Next to start the process.


Step 2
Simply click Next to continue the process.


Step 3
Enable the user database to secure the UI access and fill the fields accordingly


Step 4
Simply click Next to continue the process.


Step 5
Simply click Next to continue the process.


Step 6
Create a user in order to access the LogAnalyzer web interface. In the example we create a user admin/admin, fill the fields and click Next to continue the process.


Step 7
Create the first source for Syslog messages. Fill the fields and then click Next to continue the process.


Step 8
Simply click Next to continue the process.

The installation is complete.

The installation is complete.
Step 9
Log in the web UI with the credentials created in Step 6


Step 10
Congratulations! You have successfully installed and configured your logging solution.

Install rsyslog package in your client systems.
For RHEl/CentOS Clients:
# yum install rsyslog -y
For Debian/Ubuntu Clients:
$ sudo apt-get install rsyslog
Open the rsyslog config file and the rsyslog server details.
# vi /etc/rsyslog.conf
Add Rsyslog server details:
*.* @@192.168.54.102
and start rsyslog services.
# service rsyslog start # chkconfig rsyslog on
Now goto rsyslog server and check for client logs.
As you see in the above screenshot my client GitLab has been added and log details are shown in the LogAnalyzer admin console.
Troubleshooting
After login you may receive the error message:
could not find the configured table, maybe misspelled or the table names are case sensitive
This error is often due to wrong syntax in the DBTableName field. To fix it you need to edit the /var/www/html/loganalyzer/config.php file and check if the DBTableName value is written with the correct capital letters.
SystemEvents
Amended the DBTableName value, the system should work properly.