[[manage:phpsyslog]]
目次
phpSyslog (syslog管理用Webインターフェース)
更新履歴
- 2006/06/01 初版
- Author kikuzou
概要
- syslogを管理するためのWebインターフェース
- syslog-ng を利用して、syslogをデータベースに保存する
- syslogデータベースにPHPで接続して管理する
バージョン
- phpSyslog 0.8
インストール環境
- CentOS 4.3
- Apache 2.2.2
- MySQL 5.0.21
- PHP 5.1.4
- syslog-ng 1.6.11
前提条件
- Apache,MySQL,PHP,syslog-ng がインストールされ、正常に動作していること
- 各サーバのインストール手順は こちら
参考URL
インストール手順
syslog保管用データベースの作成
- syslog保存用データベースを作成する。
# mysqladmin -u root -p create syslog Enter password: 管理者パスワードを入力 # # vi syslog.sql
syslog.sql
CREATE TABLE logs ( host varchar(32) default NULL, facility varchar(10) default NULL, priority varchar(10) default NULL, level varchar(10) default NULL, tag varchar(10) default NULL, timestamp int(11) NOT NULL default '0', program varchar(15) default NULL, msg text, seq int(10) unsigned NOT NULL auto_increment, PRIMARY KEY (seq), KEY host (host), KEY seq (seq), KEY program (program), KEY priority (priority), KEY facility (facility), KEY timestamp (timestamp) ) TYPE=MyISAM;
# mysql -u root -p syslog < syslog.sql Enter password: 管理者パスワードを入力 # # mysql -u root -p syslog Enter password: 管理者パスワードを入力
Welcome to the MySQL monitor. Commands END with ; OR \g. Your MySQL connection id IS 34 to server version: 5.0.21-LOG Type 'help;' OR '\h' for HELP. Type '\c' to clear the buffer. mysql> GRANT ALL PRIVILEGES ON syslog.* TO syslog@'localhost' IDENTIFIED BY 'syslog'; ※'syslog'はパスワード Query OK, 0 rows affected (0.05 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> SHOW tables; +------------------+ | Tables_in_syslog | +------------------+ | logs | +------------------+ 1 row IN SET (0.03 sec) mysql> SHOW FIELDS FROM logs; +-----------+------------------+------+-----+---------+----------------+ | FIELD | Type | NULL | Key | DEFAULT | Extra | +-----------+------------------+------+-----+---------+----------------+ | host | VARCHAR(32) | YES | MUL | NULL | | | facility | VARCHAR(10) | YES | MUL | NULL | | | priority | VARCHAR(10) | YES | MUL | NULL | | | level | VARCHAR(10) | YES | | NULL | | | tag | VARCHAR(10) | YES | | NULL | | | TIMESTAMP | INT(11) | NO | MUL | 0 | | | program | VARCHAR(15) | YES | MUL | NULL | | | msg | TEXT | YES | | NULL | | | seq | INT(10) UNSIGNED | NO | PRI | NULL | AUTO_INCREMENT | +-----------+------------------+------+-----+---------+----------------+ 9 rows IN SET (0.00 sec) mysql> exit Bye
syslog-ng の設定
- syslog-ngの設定を変更して、syslog保存用データベースにログを出力するようにする。
- 本手順の syslog-ng.conf は以下の特殊な設定を行っているため、環境に応じて適宜変更すること。
- 自分自身のsyslogもネットワーク経由で送信(ローカルホストのログのIPを127.0.0.1にしないため)
- すべてのログを一つのファイルに集約
# mkfifo /tmp/mysql.pipe # # vi /etc/syslog-ng/syslog-ng.conf
/etc/syslog-ng/syslog-ng.conf
####################
# options
####################
options {
sync (0);
time_reopen (10);
stats(86400);
log_fifo_size (2048);
log_msg_size(8192);
chain_hostnames(no);
long_hostnames (off);
keep_hostname (no);
use_dns (no);
use_fqdn (no);
create_dirs(yes);
dir_perm(0700);
perm(0600);
group(root);
owner(root);
};
####################
# sources
####################
source local { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
source net { udp( ip(0.0.0.0) port(514) ); internal(); };
####################
# destination
####################
destination netudp { udp("<自分自身のIPアドレス>" port(514) ); };
destination d_summary { file("/var/log/summary.log"); };
destination d_mysql_p {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host,facility,priority,level,tag, timestamp,program,msg)
VALUES ('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$UNIXTIME','$PROGRAM','$MSG');\n")
template-escape(yes));
};
####################
# filter
####################
filter f_summary { level(debug..emerg); };
####################
# log
####################
log { source(local); filter(f_summary); destination(netudp); };
log { source(net); filter(f_summary); destination(d_summary); };
log { source(net); filter(f_summary); destination(d_mysql_p); };
- syslog-ng 起動時に MySQLにログを出力するように起動スクリプトを修正する。
/etc/init.d/syslog-ng
################################################################################
#
# Program: syslog-ng init script for Red Hat
#
################################################################################
# the following information is for use by chkconfig
# if you are want to manage this through chkconfig (as you should), you must
# first must add syslog-ng to chkconfig's list of startup scripts it
# manages by typing:
#
# chkconfig --add syslog-ng
#
# DO NOT CHANGE THESE LINES (unless you know what you are doing)
# chkconfig: 2345 12 88
# description: syslog-ng is the next generation of the syslog daemon. \
# syslog-ng gives you the flexibility of logging not only by facility and \
# severity, but also by host, message content, date, etc. it can also replace \
# klogd's function of logging kernel messages
#
# This following block of lines is correct, do not change! (for more info, see
# http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/facilname.html)
### BEGIN INIT INFO
# Provides: $syslog
### END INIT INFO
################################################################################
#
# This is an init script for syslog-ng on the Linux platform.
#
# It totally relies on the Redhat function library and works the same
# way as other typical Redhat init scripts.
#
#
# Platforms (tested): Linux (Redhat 7.3)
#
#
# Author: Gregor Binder <gbinder@sysfive.com>
# Changed: October 10, 2000
#
# Last Changed: September 27, 2002
# Updated by: Diane Davidowicz
# changes: Brought the start script up to snuff as far as compliance
# with managing the startup script through chkconfig;
# added PATH variable ability to hook in path to syslog-ng (if
# its necessary); converted init script format to the
# standard init script format in Red Hat (7.3 to be exact)
# including using the /etc/sysconfig/syslog-ng file to
# managed the arguments to syslog-ng without changing this
# script, and disabled klogd but noted where and under what
# conditions it should be enabled. HAPPY LOGGING.
#
# Copyright (c) 2000 by sysfive.com GmbH, All rights reserved.
#
#
################################################################################
#
# configuration
#
INIT_PROG=syslog-ng
#
# Source Redhat function library.
#
. /etc/rc.d/init.d/functions
# Tack on path to syslog-ng if not already in PATH
SYSLOGNG_PATH=":/usr/local/sbin"
MYSQL="/usr/local/mysql/bin/mysql"
PATH=$PATH$SYSLOGNG_PATH
export PATH
# for MySQL
test -e /tmp/mysql.pipe || /usr/bin/mkfifo /tmp/mysql.pipe
# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.
# Source config
if [ -f /etc/sysconfig/syslog-ng ] ; then
. /etc/sysconfig/syslog-ng
else
SYSLOGNG_OPTIONS=
fi
RETVAL=0
umask 077
ulimit -c 0
# See how we were called.
start() {
echo -n "Starting $INIT_PROG: "
daemon $INIT_PROG $SYSLOGNG_OPTIONS
RETVAL=$?
echo
$MYSQL -u syslog --password=syslog syslog < /tmp/mysql.pipe &
# syslog-ng can handle kernel messages. If you do this, don't
# run klogd. Consult the following FAQ question to find out why.
#
# http://www.campin.net/syslog-ng/faq.html#klogd
#
# If you still prefer to run klogd without syslog-ng handling
# kernel messages, uncomment the following block of lines
#echo -n $"Starting kernel logger: "
#daemon klogd $KLOGD_OPTIONS
#echo
[ $RETVAL -eq 0 ] && touch "/var/lock/subsys/${INIT_PROG}"
return $RETVAL
}
stop() {
# Same here concerning klogd. Uncomment the following block of
# code if you are needing to run it
#echo -n $"Shutting down kernel logger: "
#killproc klogd
#echo
echo -n "Stopping $INIT_PROG: "
killproc $INIT_PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "/var/lock/subsys/${INIT_PROG}"
return $RETVAL
}
rhstatus() {
status $INIT_PROG
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/syslog-ng ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $?
- syslog-ng を再起動する。
# /etc/init.d/syslog-ng stop Stopping syslog-ng: [ OK ] # /etc/init.d/syslog-ng start Starting syslog-ng: [ OK ]
phpSyslog インストール
- phpsyslogをインストールする。
- 本手順では、Apacheの公開ディレクトリを「/var/www/html」としている。
# cd /usr/local/src/ # wget http://home.nedlinux.nl/~bart/software/phpSyslog-0.8.tar.gz # tar xvzf phpSyslog-0.8.tar.gz # cp -r phpSyslog /var/www/html # chown -R apache:apache /var/www/html/phpSyslog/ # # cd /var/www/html/phpSyslog/ # vi dbinfo.inc.php
dbinfo.inc.php
<? // // php-syslog-ng Configuration options // // Database hostname //========================== $hostname = "localhost"; // Database username //========================== $username = "syslog"; // Database password //========================== $password = "syslog"; // Database name //========================== $dbname = "syslog"; // phpSyslog verion //========================== $phpSyslogversion = "v0.8"; ?>
phpSyslog 動作確認
- 以下URLにアクセスする
- http://サーバIP/phpSyslog/
