Apr 232010
 

After installing our working monitoring solution, it could be useful to have also logs available inside our monitoring web interface.
For that purpose we will use these ressources:

You will need Centreon-Syslog installation files. Please go to http://forge.centreon.com/ and register. You’ll be able to download sources after that:

http://forge.centreon.com/projects/list_files/centreon-syslog

Download the stable release (when I wrote, it was the 1.2.1 version). After getting the frontend and server files, transfer them on your server with WinSCP or any other tools you like.

WinSCP is available as setup or portable version http://winscp.net/eng/download.php

Personnaly, I prefer the portable one.

Once the tranfer is done, we will start with the installation process:

Centreon-Syslog

tar xvzf centreon-syslog-server-1.1.tar.gz
cd centreon-syslog-server-1.1
sudo bash install.sh -i

Use the default settings and paths. When you are asked for account credentials, use these:

MySQL password: mysqlcentaccess03
database name: syslog
user: syslogadmin
password: syslogpasswd03

RSyslog

Replace syslog with rsyslog

sudo aptitude install rsyslog rsyslog-mysql -y

This will replace the syslog service by rsyslog. Do not create any database.

Edit rsyslog configuration file

sudo nano /etc/rsyslog.conf

Instert at the beginig of the file these parameter to enable UDP and TCP input

$ModLoad MySQL
$AllowedSender UDP, 127.0.0.1, 192.168.0.0/24 
$AllowedSender TCP, 127.0.0.1, 192.168.0.0/24

Off course, replace 192.168.0.0 by your network address

Add at the end of the file log events redirection inside your database:

$template sysMysql,"INSERT INTO logs (host,facility, priority,level,tag,datetime,program,msg) VALUES ('%HOSTNAME%','%syslogfacility%','%syslogpriority-text%','%syslogseverity-text%','%syslogtag%', '%timereported:::date-mysql%','%programname%', '%msg%')", SQL 

 *.=notice;mail.*;\
       *.=crit;*.=err;\
       *.=warning >127.0.0.1,syslog,syslogadmin,syslogpasswd;sysMysql

To enable the UDP and TCP access I also edit the rsyslog default settings

sudo nano /etc/default/rsyslog

Replace the following line:

#RSYSLOGD_OPTIONS="-m 0"
RSYSLOGD_OPTIONS="-r514 -t514 -m 0"

It’s time to start the rsyslog:

sudo /etc/init.d/rsyslog start

Installing the frontend

Requirements

First, install the requirements:

sudo aptitude install libssl-dev php5-dev -y
cd /usr/local/src
sudo wget http://www.libssh2.org/download/libssh2-1.2.5.tar.gz
sudo tar xvfz libssh2-1.2.5.tar.gz
cd  libssh2-1.2.5
sudo ./configure
sudo make all install
cd ..
sudo wget http://pecl.php.net/get/ssh2-0.11.0.tgz
sudo tar xvfz ssh2-0.11.0.tgz
cd ssh2-0.11.0
sudo phpize
sudo ./configure --with-ssh2
sudo make
sudo cp modules/ssh2.so /usr/lib/php5/20060613/ssh2.so

Enable ssh2 in php5:

sudo nano /etc/php5/cli/conf.d/ssh2.ini

Add this entry:

extension=ssh2.so

Normaly it should generate the same entry in this file:

cat /etc/php5/apache2/conf.d/ssh2.ini

Restart apache2:

sudo /etc/init.d/apache2 restart

Frontend

tar xvfz centreon-syslog-frontend-1.2.1.tar.gz
cd  centreon-syslog-frontend-1.2.1
sudo bash install.sh -i

Accept the licence and when asked, provide centreon configuration directory:

/etc/centreon

Finish the installation

Connect to your Centreon web interface and proceed to the plugin configuration:

If you have this error do not worry, you’ll have to wait for the first rotation log:

After that, you’ll have the search function effective: