PHP-Syslog-NG

Installing php-syslog-ng

Download:

http://software.susethailand.com

$ wget http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8l.tgz

Install:

$ tar zxvf php-syslog-ng-2.9.8l.tgz -C /srv/www/htdocs/

$ cd /srv/www/htdocs/

$ mv php-syslog-ng syslog-ng && chown wwwrun.www syslog-ng -R

$ cd syslog-ng/scripts/

$ perl -i -pe 's/\/www\/php-syslog-ng/\/srv\/www\/htdocs\/syslog-ng/g' *

$ vi /etc/php5/cli/php.ini

max_execution_time = 60

memory_limit = 128M

$ cd ..

$ vi html/install/sql/sample_data.sql

ERT INTO `syslog`.`logs` (

`host` ,

`facility` ,

`priority` ,

`level` ,

`tag` ,

`datetime` ,

`program` ,

`msg` ,

`seq` ,

`counter` ,

`fo` ,

`lo`

)

VALUES (

'192.168.0.2', 'daemon', 'warning', 'alert', 'Tag', '2008-09-15 16:49:00', 'squid', 'test by opensuseclub.org', 'no error', '1', '2008-09-15 16:49:33', '2008-09-15 16:49:36'

);

INSERT INTO `search_cache` VALUES ('logs','HOST','as-3550-2','2006-06-15 18:25:54'),('logs','HOST','192.168.0.2','2006-06-15 18:25:54'),('logs','FACILITY','daemon','2006-06-15 18:25:54'),('logs','FACILITY','kern','2006-06-15 18:25:54'),('logs','FACILITY','mail','2006-06-15 18:25:54');

$ rcapache2 reload

Installing:

http://192.168.1.13/syslog-ng/html/install/

Step1:

Host Name: localhost

MySQL User Name: root

MySQL Password: ******

Verify MySQL Password: ******

MySQL Database Name: syslog-ng

Step2:

Site name: Centralized Log Server

Step3:

URL: http://192.168.1.13/syslog-ng/html

Install Path: /srv/www/htdocs/syslog-ng/html

Site URL: http://192.168.1.13/syslog-ng/html

Username: admin

Password: ******

$ vi /html/install/sql/sample_data.sql

ERT INTO `syslog`.`logs` (

`host` ,

`facility` ,

`priority` ,

`level` ,

`tag` ,

`datetime` ,

`program` ,

`msg` ,

`seq` ,

`counter` ,

`fo` ,

`lo`

)

VALUES (

'192.168.0.2', 'daemon', 'warning', 'alert', 'Tag', '2008-09-15 16:49:00', 'squid', 'test by opensuseclub.org', 'no error', '1', '2008-09-15 16:49:33', '2008-09-15 16:49:36'

);

INSERT INTO `search_cache` VALUES ('logs','HOST','as-3550-2','2006-06-15 18:25:54'),('logs','HOST','192.168.0.2','2006-06-15 18:25:54'),('logs','FACILITY','daemon','2006-06-15 18:25:54'),('logs','FACILITY','kern','2006-06-15 18:25:54'),('logs','FACILITY','mail','2006-06-15 18:25:54');

Installing CEMDB:

ถ้ามี Error MySQL: INSERT command denied to user 'syslogadmin'@'localhost' for table 'cemdb'

ให้ตรวจสอบ Privileges ใน phpmyadmin ที่ผู้ใช้ syslogadmin

Global privileges: INSERT, DROP, RELOAD, ALTER

*** (เพิ่ม INSERT ที่ Data)

$ rcapache2 restart

Login:

http://192.168.1.13/syslog-ng/html

USING TABLE: logs

There appear to be no hosts in the Database yet
You can generate fake ones using scripts/dbgen.pl

$ cd /srv/www/htdocs/syslog-ng

$ ./scripts/dbgen.pl

*** Ctrl+C (stop)

Configuration syslog-ng sending log to MySQL:

$ vi /etc/syslog-ng/syslog-ng.conf

## Send log everything to MySQL

destination d_mysql {

program("/usr/bin/mysql -usyslogadmin -psyslogadmin syslog-ng"

template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)

VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")

template-escape(yes));

};

log {

source(src);

destination(d_mysql);

};

Crontab

$ crontab -e

#php-syslog-ng(create log table)

0 0 * * * php /srv/www/htdocs/syslog-ng/scripts/logrotate.php >> /var/log/php-syslog-ng/logrotate.log 2>&1 > /dev/null

0 0 * * * find /srv/www/htdocs/syslog-ng/html/jpcache/ -atime 1 -exec rm -f '{}' ';' 2>&1 > /dev/null

*/5 * * * * php /srv/www/htdocs/syslog-ng/scripts/reloadcache.php >> /var/log/php-syslog-ng/reloadcache.log 2>&1 > /dev/null

*/5 * * * * php /srv/www/htdocs/syslog-ng/scripts/SqueezeDB-v2.3.php >> /var/log/php-syslog-ng/squeezedb.log 2>&1 > /dev/null

#rotate syslog-ng

0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.d/syslog-ng > /dev/null

Backup Database syslog-ng:

download script: http://sourceforge.net/projects/automysqlbackup/

Crontab backup MySQL:

$ crontab -e

#backup mysql

59 23 * * * sh /root/scripts/mysql-backup.sh > /dev/null

Ref: http://code.google.com/p/php-syslog-ng/downloads/list

-----------------------------------------------------------------------------------------------------------------------------------

Note: syslog-ng # Global options:

#
# Global options.
#
#options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
options {
#buffer just a little for performance
   sync (1);
# The time to wait before a dead connection is reestablished (seconds)
   time_reopen (10);
# memory is cheap, buffer messages unable to write (like to loghost)
   log_fifo_size (2048);
   long_hostnames (off);
   use_dns (no);
   use_fqdn (no);
   create_dirs (no);
   keep_hostname (yes);
#doesn't actually help
   log_msg_size (8192);
# The default log a STATS line every 10 minutes.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
   stats(43200);

};

-------------------------------------------------------------------------------------------------------------------------------------

Note: Message length overflow, line is split, log_msg_size=4096    (syslog-ng):

***syslog defaults to 1024 byte long messages


$ vi /etc/syslog-ng/syslog-ng.conf
log_msg_size (8192);

$ rcsyslog reload

-------------------------------------------------------------------------------------------------------------------------------------

Note: php-syslog-ng | JPGraph

Error : couldn't draw any Graphs and it came up with this message: "JpGraph Error Font file "/usr/share/fonts/truetype/msttcorefonts/verdana.ttf" is not readable or does not exist..

Tips1 : Create new path
Text mode :
$ mkdir /usr/share/fonts/truetype/msttcorefonts/ -p
$ cd /usr/share/fonts/truetype/msttcorefonts/
$  wget http://www.afosteo.org/Download/Fonts/verdana.ttf


Tips2 : Edit file jpg-config.inc
GUI mode:
/usr/X11R6/lib/X11/fonts/truetype/verdana.ttf
$ vi /srv/www/htdocs/syslog/html/includes/jpgraph/jpg-config.inc

-------------------------------------------------------------------------------------------------------------------------------------

Ref: http://www.itbuzzer.net/corner/labels/monitoring.asp

------------------------------------------------------------------------------------------------------------------------------------

Note: php-syslog-ng PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted

php /srv/www/htdocs/syslog-ng/scripts/reloadcache.php >> /var/log/php-syslog-ng/reloadcache.log
PHP Fatal error:  Allowed memory size of 268435456 bytes exhausted (tried to allocate 71 bytes) in /srv/www/ htdocs/syslog-ng/html/includes/common_funcs.php on line 203


Solution:
Plz add " if (!in_array($row['program'],$cacheProgramValues))" before array_push

$sql = "SELECT program FROM ".$table." WHERE program RLIKE
'^[a-zA-Z]+[a-zA-Z0-9/()._\-]+$'";
$result = perform_query($sql, $link);
while($row = fetch_array($result, 'ASSOC')) {
if (!in_array($row['program'],$cacheProgramValues))
array_push($cacheProgramValues, $row['program']);
}


I have >3500000 logs, if without it, will get the error "Allowed memory size of
268435456 bytes exhausted"。 Add it , none this error。

My php.ini configuration:
vi /etc/php5/apache2/php.ini
vi /etc/php5/cli/php.ini

max_execution_time = 600
     memory_limit = 256M

$ rcsyslog restart

RELOAD SEARCH CACHE:

Ref: http://code.google.com/p/php-syslog-ng/issues/detail?id=86

Comments (0)

Subscribe to this comment's feed

Name

Email

Website

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

Write the displayed characters

Add Comment