sligh
Verified User
CentOS 4.4 Lire Log Analyzer Install
# Add rpmforge repo for convience
# warning about converters issue
lr_log2report: WARNING invalid value for parameter 'converters': /usr/local/etc/lire/converters at /usr/local/share/perl5/Lire/Config/List.pm line 35
# to address the issue I had to create the converters directory
# Create the web directory to hold the logs
# Create Lire shell script
add the following:
# set permissions to executable
# To gather BIND queries you will need to edit named.conf and add the logging functionality (this can be resource intensive, as well as redundant)
add to the bottom of the file:
# To gather MySQL queries you will need to edit MySQL config file and add direct logging functionality (this can be resource intensive, as well as redundant), typically located at /etc/my.cnf
add:
# Add to cron to autorun (I have set to 16 minutes after 3am... this may be resource intensive); adjust to suite your needs
add to the bottom of the file:
# Add .htaccess security
insert the following:
# Add user to .htaccess
enter password twice
# Run initial log generator script
Access the logs via http://servername/logs, with the user 'admin'
If your looking for a good log parser... I have had great results thus far,
Please post your success/failures, I will be happy to assist.
Ted
# Add rpmforge repo for convience
Code:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
Code:
yum install perl-MIME-tools perl-Spreadsheet-WriteExcel perl-Test-Unit* ploticus perl-Curses perl-Curses-UI perl-DBD-SQLite2 perl-XML-Parser perl-Time-modules perl-libintl perl-DateManip perl-Spreadsheet-WriteExcel perl-TermReadKey
Code:
cd /usr/local/src
wget [url]http://download.logreport.org/pub/lire-2.0.2.tar.gz[/url]
tar zxvf lire-2.0.2.tar.gz
cd lire-2.0.2
./configure
make
make install
# warning about converters issue
lr_log2report: WARNING invalid value for parameter 'converters': /usr/local/etc/lire/converters at /usr/local/share/perl5/Lire/Config/List.pm line 35
# to address the issue I had to create the converters directory
Code:
mkdir /usr/local/etc/lire/converters
# Create the web directory to hold the logs
Code:
mkdir /var/www/html/logs
# Create Lire shell script
Code:
vi /usr/local/etc/lire/lire.sh
Code:
#!/bin/bash
export PLOTICUS_PREFABS=/usr/share/ploticus
# EXIM Logs
/usr/local/bin/lr_log2report -o html exim /var/log/exim/mainlog /var/www/html/logs/exim
# BIND Queries
/usr/local/bin/lr_log2report -o html bind9_query /var/log/named.log /var/www/html/logs/bind
# MySQL Queries
/usr/local/bin/lr_log2report -o html mysql /var/log/mysql.log /var/www/html/logs/mysql
# Syslog
/usr/local/bin/lr_log2report -o html syslog /var/log/messages /var/www/html/logs/syslog
# set permissions to executable
Code:
chmod 755 /usr/local/etc/lire/lire.sh
# To gather BIND queries you will need to edit named.conf and add the logging functionality (this can be resource intensive, as well as redundant)
Code:
vi /etc/named.conf
Code:
# logging controls
logging {
channel "bind-log" {
file "/var/log/named.log" versions 20 size 10m;
print-category yes;
print-severity yes;
print-time yes;
severity info;
};
category "queries" { "bind-log"; };
};
# To gather MySQL queries you will need to edit MySQL config file and add direct logging functionality (this can be resource intensive, as well as redundant), typically located at /etc/my.cnf
add:
Code:
log=/var/log/mysql.log
# Add to cron to autorun (I have set to 16 minutes after 3am... this may be resource intensive); adjust to suite your needs
Code:
vi /etc/crontab
Code:
16 3 * * * root /usr/local/etc/lire/lire.sh #Lire html logs 16 minutes after 3am every 24hrs
# Add .htaccess security
Code:
vi /var/www/html/logs/.htaccess
Code:
AuthType Basic
AuthName "Authenticated Users Only"
AuthUserFile /var/www/.htpasswd
<limit GET PUT POST>
require valid-user
</limit>
# Add user to .htaccess
Code:
htpasswd -c /var/www/.htpasswd admin
# Run initial log generator script
Code:
/usr/local/etc/lire/lire.sh
Access the logs via http://servername/logs, with the user 'admin'
If your looking for a good log parser... I have had great results thus far,
Please post your success/failures, I will be happy to assist.
Ted
Last edited: