LXC | Monitoring rsyslog and LogAnalyzer
- www.rsyslog.com/ | Wiki rsyslog
- loganalyzer.adiscon.com/ |
Install
-
- www.rsyslog.com/ | Wiki rsyslog
- loganalyzer.adiscon.com/ |
Install
| apt update -y apt upgrade -y apt install apache2 apache2-doc -y apt install php5-common libapache2-mod-php5 php5-cli php5-gd -y apt install mysql-server mysql-client -y apt install php5-mysql -y mysql_secure_installation apt upgrade -y |
| apt install rsyslog -y | |
| vi /etc/syslogserver.conf | # provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # provides TCP syslog reception $ModLoad imtcp $InputTCPServerRun 514 |
| apt install rsyslog-mysql |
| cd /usr/src wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.6.tar.gz tar -xzvf loganalyzer-3.6.6.tar.gz |
| mv /usr/src/loganalyzer-3.6.6/src /var/www/html/loganalyzer |
| cd /var/www/html/loganalyzer |
| touch config.php chmod 777 config.php |
| Config on a Ciso Switch |
| enable config terminal logging on logging 10.147.42.37 logging trap 9 (9 for Test then back to 4 or 5) service sequence-numbers service timestamps log datetime msec |
Config a Client (on Debian 8)
| /etc/ryslog.conf | $ModLoad imuxsock $ModLoad imklog # Provides UDP forwarding. The IP is the server's IP address *.* @10.147.42.37:514 # Provides TCP forwarding. But the current server runs on UDP # *.* @@192.168.1.1:514 |
Change the IP to your RsyncServer |
| service rsyslog restart |
Quellen/Source:
- https://www.howtoforge.com/centralized-rsyslog-server-monitoring
- http://www.laub-home.de/wiki/Syslog_Server_unter_Debian_Linux_mit_Rsyslog
-
-
-
-
-
-