This file provides some basic information to phplogcon configuration.

---------------------------------------------------------------------

There might be two different sources of system  messages for phplogcon.

* /var/log/messages

* MySQl

You can use any of them, but MySQL is highly recommended for security reasons.

Selinux policy doesn't need to be adjusted or set into permissive mode. Default 

permissions on /var/log/messages are kept unchanged.

1. /var/log/messages

====================

Asssume that you have phplogcon installed. Then you need to set proper owner 

and permissions on /var/log/messages, so http deamon can read it.

# chgrp apache /var/log/messages

# chmod g+r /var/log/messages

Start http deamon.

# service httpd start

You have to switch SELinux to permissive mode so httpd is able to modify the phplogcon configuration.

# setenforce 0

Run browser and point it to

http://127.0.0.1/phplogcon/install.php

You will be guided thru the rest of phplogcon configuration.

# setenforce 1

Note that SELinux will also prevent httpd from reading the /var/log/messages file so you would have to add a SELinux module with a 'allow httpd_t var_log_t:file read;' rule.

That's it. Open http://127.0.0.1/phplogcon/index.php and enjoy.

You might want to access phplogcon from other place than localhost, therefore

set your /etc/httpd/conf.d/phplogcon.conf up.

2.MySQL

=======

This variant is little more complicated, but gives you better sleep. 

Requirements: rsyslog-mysql, mysql, mysql-server, php-mysql.

First of all, MySQL setup is needed, so connect to the server.

#mysql -p -u root -h localhost

Create database with tables:

mysql> source /usr/share/doc/rsyslog-mysql-3.16.0/createDB.sql

(location of createDB.sql may differs, depends on rsyslog release)

mysql> SHOW DATABASES;

Create database user and grant privileges:

mysql> CREATE USER 'syslogwriter'@'localhost' IDENTIFIED BY 'topsecret';

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `Syslog`.* TO 'syslogwriter'@'localhost';

mysql> SHOW GRANTS FOR syslogwriter@localhost;

!!!Do not forget to change the name and password of MySQL user!!!

And now configure rsyslog. Edit /etc/rsyslog.conf.

Load mysql output module:

$ModLoad ommysql

Send logs to MySQL:

*.*       :ommysql:127.0.0.1,Syslog,syslogwriter,topsecret

Remove read permissions from rsyslog.conf, since the MySQL password is written here.

#chmod o-r /etc/rsyslog.conf.

Mysql and rsyslog are set up correctly. Restart rsyslog.

# service rsyslog restart.

and check if it works:

$ mysql -p -h localhost -u syslogwriter

mysql> USE Syslog;

mysql> SELECT * From SystemEvents;

If you see that rsyslog started correctly, start the webserver, open the browser

and point it at http://127.0.0.1/phplogcon/install.php. Follow the steps.

You will have to switch SELinux to permissive mode temporarily so the configuration can be saved.

# setenforce 0

Do not forget to change it back to enforcing after that.

# setenforce 1

That's it. Open http://127.0.0.1/phplogcon/index.php and enjoy.

You might want to access phplogcon from other place than localhost, therefore

set your /etc/httpd/conf.d/phplogcon.conf up.

---------------------------------------------------------------------

Feel free to offer comments, suggestions, or complaints.

Peter Vrabec <pvrabec@redhat.com> - 05/15/2008