Lire Log Analyzer

S

sligh

Verified User
Joined
Jan 20, 2007
Messages
20
Location
Hobart, Indiana
CentOS 4.4 Lire Log Analyzer Install

# Add rpmforge repo for convience
Code: 
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
Code: 
yum install perl-MIME-tools perl-Spreadsheet-WriteExcel perl-Test-Unit* ploticus perl-Curses perl-Curses-UI perl-DBD-SQLite2 perl-XML-Parser perl-Time-modules perl-libintl perl-DateManip perl-Spreadsheet-WriteExcel perl-TermReadKey

Code: 
cd /usr/local/src
wget [url]http://download.logreport.org/pub/lire-2.0.2.tar.gz[/url]
tar zxvf lire-2.0.2.tar.gz
cd lire-2.0.2
./configure
make
make install

# warning about converters issue
lr_log2report: WARNING invalid value for parameter 'converters': /usr/local/etc/lire/converters at /usr/local/share/perl5/Lire/Config/List.pm line 35
# to address the issue I had to create the converters directory
Code: 
mkdir /usr/local/etc/lire/converters

# Create the web directory to hold the logs
Code: 
mkdir /var/www/html/logs

# Create Lire shell script
Code: 
vi /usr/local/etc/lire/lire.sh
add the following:
Code: 
#!/bin/bash
export PLOTICUS_PREFABS=/usr/share/ploticus
# EXIM Logs
/usr/local/bin/lr_log2report -o html exim /var/log/exim/mainlog /var/www/html/logs/exim
# BIND Queries
/usr/local/bin/lr_log2report -o html bind9_query /var/log/named.log /var/www/html/logs/bind
# MySQL Queries
/usr/local/bin/lr_log2report -o html mysql /var/log/mysql.log /var/www/html/logs/mysql
# Syslog
/usr/local/bin/lr_log2report -o html syslog /var/log/messages /var/www/html/logs/syslog

# set permissions to executable
Code: 
chmod 755 /usr/local/etc/lire/lire.sh

# To gather BIND queries you will need to edit named.conf and add the logging functionality (this can be resource intensive, as well as redundant)
Code: 
vi /etc/named.conf
add to the bottom of the file:

Code: 
# logging controls
logging {
channel "bind-log" {
file "/var/log/named.log" versions 20 size 10m;
print-category yes;
print-severity yes;
print-time yes;
severity info;
};

category "queries" { "bind-log"; };
};

# To gather MySQL queries you will need to edit MySQL config file and add direct logging functionality (this can be resource intensive, as well as redundant), typically located at /etc/my.cnf
add:
Code: 
log=/var/log/mysql.log

# Add to cron to autorun (I have set to 16 minutes after 3am... this may be resource intensive); adjust to suite your needs
Code: 
vi /etc/crontab
add to the bottom of the file:
Code: 
16 3 * * * root /usr/local/etc/lire/lire.sh #Lire html logs 16 minutes after 3am every 24hrs

# Add .htaccess security
Code: 
vi /var/www/html/logs/.htaccess
insert the following:
Code: 
AuthType Basic
AuthName "Authenticated Users Only"
AuthUserFile /var/www/.htpasswd
<limit GET PUT POST>
require valid-user
</limit>

# Add user to .htaccess
Code: 
htpasswd -c /var/www/.htpasswd admin
enter password twice

# Run initial log generator script
Code: 
/usr/local/etc/lire/lire.sh

Access the logs via http://servername/logs, with the user 'admin'

If your looking for a good log parser... I have had great results thus far,
Please post your success/failures, I will be happy to assist.
Ted
 
Last edited:
You must log in or register to reply here.
Back
Top