How to Setup LogAnalyzer with Rsyslog and MySQL

This article is second part of the article Setup Rsyslog with MySQL and LogAnalyzer on CentOS/RHEL systems. In the first part we have integrated Rsyslog with MySQL database server, and all the logs are now saving in database. For recalling below is few configuration details which we used in part-1 to setup it.

Rsyslog MySQL Database: Syslog
Rsyslog MySQL Username: rsyslog
Rsyslog MySQL Password: MYSQLPASSWORD

Let’s start the setup of LogAnalyzer on your Linux system with rsyslog database using following steps.

Step 1 – Download LogAnalyzer Source

Download the LogAnalyzer latest version from its official download site or use the following command to download 4.1.5 (Current latest version) version and extract it.

$ cd /tmp
$ wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.5.tar.gz
$ tar xzf loganalyzer-4.1.5.tar.gz

After extracting copy the required files to web server default document root as below.

$ mv loganalyzer-4.1.5/src /var/www/html/loganalyzer

Step 2 – Create Config File

Now create a blank configuration file named config.php in loganalyzer directory and setup write permission to apache user.

$ cd /var/www/html/loganalyzer
$ touch config.php
$ chown www-data:www-data config.php     # Use apache for redhat system
$ chmod 777 config.php

Step 3 – Start Loganalyzer Web Installer

After completing above steps open following url in your favorite web browser to start LogAnalyzer web installer.

http://tecadmin.net/loganalyzer/intall.php

Now follow the web installer steps as per below given screen shots.

Step 3.1: Just click Next.

Step 3.2: Make sure config.php is writable and click Next.

Step 3.3: Fill the database details for loganalyzer, we can also use same database used for Rsyslog and click Next.

Step 3.4: In this step installer will create database table, if tables already found, you will get an warning of data overwritten. We just need to click Next.

Step 3.5: This screen will show the result of table creation’s. Just click Next

Step 3.6: Create an Administrator account and click Next.

Step 3.7: Fill the Rsyslog database details and click Next.

Step 3.8: LogAnalyzer installation has been completed. We just need to click Finish.

Step 3.9: Login to LogAnalyzer using Administrator credentials created in Step 3.6.

Congratulation’s! on successful configuration of LogAnalyzer with Rsyslog MySQL database. Read other article to configure Rsyslog to collect logs on central server. So we can monitor all server logs at on place using LogAnalyzer.

26 Comments

Ayoub on May 17, 2021 2:26 pm
Hello,
my loganalyzer server collects logs, suddenly in the web interface shows me this erreur : “”
While reading the logstream, the php script timeout forced me to abort at this point.
If you want to avoid this, please increase the LogAnalyzer script timeout in your config.php. If the user system is installed, you can do that in Admin center. “”
Please help.
- Ayoub on May 18, 2021 8:54 am
  I solved the problem by increasing the value of : PHP Script Timeout in seconds to 120
abdal on October 19, 2020 4:14 pm
hello dear ,
have installed rsyslog with lognanalyzer
am getting this error in browser:No syslog records found – Error Details:
Could not find the configured table, maybe misspelled or the tablenames are case sensitive
even i have changed systemevents to SytemEvents
Prasad Desai on October 23, 2019 12:43 pm
hi team,
I have configure loganalyzer with centos7, its working fine, but in loganalyzer records are showing more than 21 lakh, more records will affect log analyzer, or how can i set it for only one, or two day or for hour bases.
Regards
Vladimir on June 21, 2019 1:54 pm
HOW TO ADD MORE USERS?
Step 3.6: Create an Administrator account and click Next.
Aravind on April 26, 2019 5:33 pm
I Followed the same but still i get this error
http://10.66.56.19/loganalyzer/intall.php
Not Found
The requested URL /loganalyzer/intall.php was not found on this server
and if i try with http://10.66.56.19/loganalyzer am getting the root directory of loganalyzer only
GF on April 5, 2019 7:52 pm
On Cent OS 7 error
[root@localhost loganalyzer]# chown www-data:www-data config.php
chown: invalid user: ‘www-data:www-data’
- Rahul on April 6, 2019 4:32 am
  If you are running HTTPD on CentOS. The HTTPD uses apache and default user and group. Try the following command:
  chown apache:apache config.php
SIVAKUMAR on November 7, 2017 6:21 am
date field dispaly UTC time but localtime was IST.. Can u resolve it
- Arun on November 8, 2017 4:39 am
  Mudiyavea Mudiyathu…
Mr. Simpson on October 12, 2017 5:47 pm
Is there a guide to creating message parsers? I’m looking to parsing Ubiquity’s EdgeMAX firewall rules.
luis on August 24, 2016 12:30 pm
I’ve adapted your tutorial to rh 7 and mariaDB without many problems, thank you for the tutorial.
I am missing how to make log rotation when logging to mysql.
regards
Rayen on February 29, 2016 11:20 pm
hi, when i run ” http://tecadmin.net/loganalyzer/intall.php ” , i end up with a message saying “The page you are looking for cannot be found. ” …
is ther an other to do so!
thnx !
- pradeep on April 12, 2017 10:19 am
  in place of tecadmin.net give your machine ip address.. e.g. http://192.168.10.1/loganalyzer/install.php
fish can fly on January 26, 2016 9:57 am
centos 7 :
-rw-rw-rw-. 1 root root 0 1月 26 17:33 config.php
or
-rw-rw-rw-. 1 apache:apache 0 1月 26 17:33 config.php
ERROR: At least one file or directory (or more) is not writeable, please check the file permissions (chmod 666)!
why?
chribo on September 4, 2015 8:06 am
How do I set my servers to send their logfiles to the mysql database?
I’m struggling to get other data than the localhosts to my Loganalyzer – any ideas?
Łukasz on June 30, 2015 12:21 pm
Thank you 🙂
baba on June 17, 2015 1:38 pm
Thank for this good tutorial.
In order to help someone who meet the same problem as me, i post the solution
Problem :
“Could not find the configured table, maybe misspelled or the table names are case sensitive”
Solution :
edit the file config.php and change this :
$CFG[‘Sources’][‘Source1’][‘DBTableName’] = ‘systemevents’; => ‘SystemEvents’
and update the database :
mysql -uuser -p
mysql> update logcon_sources set DBTableName =’SystemEvents’ where ID=1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
- Douglas on March 27, 2017 9:53 pm
  Thanks!!!!
Jules on May 20, 2015 8:07 pm
I use the link in your website on my Oracle Linux but I don’t get the same screens you show above. It’s talking about installing Composer and then nothing else.
Am I doing something wrong?
- Jules on May 27, 2015 1:33 pm
  Figured out that I need to change permission to the loganalyzer directory as well as the config.php file. I also needed to set it to allow edits:
  semanage fcontext -a -t httpd_sys_rw_content_t “/var/www/html/loganalyzer-3.6.6/src/config.php”
  restorecon -F -R -v /var/www/html/loganalyzer-3.6.6/src/config.php
Ranjeet Ranjan on October 24, 2014 10:13 pm
I am getting error.
I double check table, its perfect.
No syslog records found – Error Details:
Could not find the configured table, maybe misspelled or the tablenames are case sensitive
- Chris on January 5, 2015 9:25 pm
  Same issue here
Basem on August 27, 2014 10:20 am
ThanQ very much,
I need to know if Loganalyzer compatible or works with syslog-ng ??
Thanks in advanced
aa on February 21, 2014 8:01 am
tnxxxxxxxxxxxxxxxxxxxxxxxxxx
Ash on January 8, 2014 10:16 am
Thanks a lot ate for your tutorial. It really helped me.