Page 1 of 1

Remote logging

Posted: July 26th, 2019, 6:53 pm
by barczs
@ummeegge:
I saw here, that you have shortly updated your rsyslog package.
Actually I looked up for php-syslog-ng, but had to realise that the development unfortunately won't be continued any more.
I am guessing rsyslog has similar functions, so that ipfire logfiles can be checked remotely in a web interface.
Could you pls give some hints to rsyslog concerning best practices.

THX a lot :)

Re: Remote logging

Posted: July 27th, 2019, 9:51 am
by ummeegge
Hi barczs,
this is indeed a complexer topic. I started this one in the dev mailinglist --> https://lists.ipfire.org/pipermail/deve ... 03992.html causing a dead configure option in config.dat under "Remote logging". IPfire uses currently sysklogd which is not able to handle the remote logging via TCP. At that time the only way to figure out how to solve this was to use instead Rsyslog. There was a lot of development/testing from my side made to bring this to life but to change it in the core system a lot of files needed to be changed as you can see in here --> https://git.ipfire.org/?p=people/ummeeg ... 043e7c1584 . This topic died then after some correspondence which is a little sad in my opinion but i use it nevertheless. So far, this is the short history.

Have compiled the new version 2 weeks ago but i did it mainly for myself so there is no intense testing phase in there but you can find Rsyslog incl. all deps in here --> https://people.ipfire.org/~ummeegge/rsyslog/ . This has been build as packages not like in Git as Core components, there for you should be able to install it on regular system (USE TESTING SYSTEMS). Sysklogd will not be deleted but the symlinks will be set for rsyslog and the sysklogd ones will be deleted, this process should be reverted again if you use the uninstall.sh from the rsyslog package so the goal was to find an easy way back to the old configuration, not sure if this will work with 100%, so you have been warned ;-) .
barczs wrote:
July 26th, 2019, 6:53 pm
Actually I looked up for php-syslog-ng, but had to realise that the development unfortunately won't be continued any more.
I am guessing rsyslog has similar functions, so that ipfire logfiles can be checked remotely in a web interface.
Haven´t looked that much around for a substitute for 'php-syslog-ng 'but i know about loganalyzer --> https://loganalyzer.adiscon.com/ or --> https://rsyslog.readthedocs.io/en/lates ... abase.html which i tried some years ago. Since i use mainly the console/SSH for such work it is not in use here but i did a short try if i could bring it again to life (like explained in here --> https://loganalyzer.adiscon.com/doc/install.html ) and it was pretty much straight forward. A downside is, you need PHP since IPFire dropped it an essential part is not officially available but you can find it in here --> https://people.ipfire.org/~ummeegge/php/ this package includes currently no GD support (so the statistics in loganalyzer currently do not work), may i recompile PHP and will check if i can bring GD also to life if i have more time, also there are a couple of bugs after the installation which needed to be fixed.
In detail:

Code: Select all

[Sat Jul 27 09:59:39.029295 2019] [php7:warn] [pid 25573:tid 140314366965504] [client 192.168.123.2:60262] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /srv/web/loganalyzer/classes/logstream.class.php on line 470
[Sat Jul 27 10:02:26.365414 2019] [php7:notice] [pid 25573:tid 140314786379520] [client 192.168.123.2:60354] PHP Notice:  Undefined index: UserDBEnabled in /srv/web/loganalyzer/install.php on line 466, referer: https://192.168.123.18:2345/install.php?step=3
[Sat Jul 27 10:02:26.558666 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60354] PHP Notice:  Undefined index: UserDBEnabled in /srv/web/loganalyzer/install.php on line 543, referer: https://192.168.123.18:2345/install.php?step=3
[Sat Jul 27 10:02:26.766358 2019] [php7:notice] [pid 25573:tid 140314551506688] [client 192.168.123.2:60354] PHP Notice:  Undefined index: UserDBEnabled in /srv/web/loganalyzer/install.php on line 570, referer: https://192.168.123.18:2345/install.php?step=3
[Sat Jul 27 10:04:46.183350 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: ViewMessageCharacterLimit in /srv/web/loganalyzer/install.php on line 802, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:04:46.183523 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: ViewStringCharacterLimit in /srv/web/loganalyzer/install.php on line 803, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:04:46.183747 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: ViewEntriesPerPage in /srv/web/loganalyzer/install.php on line 804, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:04:46.183891 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: ViewEnableDetailPopups in /srv/web/loganalyzer/install.php on line 805, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:04:46.183981 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: EnableIPAddressResolve in /srv/web/loganalyzer/install.php on line 806, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:04:46.189986 2019] [php7:notice] [pid 25573:tid 140314358572800] [client 192.168.123.2:60396] PHP Notice:  Undefined index: UserDBEnabled in /srv/web/loganalyzer/install.php on line 907, referer: https://192.168.123.18:2345/install.php?step=7
[Sat Jul 27 10:05:09.276126 2019] [php7:warn] [pid 25573:tid 140314358572800] [client 192.168.123.2:60418] PHP Warning:  "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /srv/web/loganalyzer/classes/logstream.class.php on line 470, referer: https://192.168.123.18:2345/install.php?step=8
[Sat Jul 27 10:05:09.285978 2019] [php7:emerg] [pid 25573:tid 140314358572800] [client 192.168.123.2:60418] PHP Parse error:  syntax error, unexpected ';' in /srv/web/loganalyzer/config.php on line 86, referer: https://192.168.123.18:2345/install.php?step=8
which could be fixed with this changes:

Code: Select all


--- /srv/web/loganalyzer/config.php.orig	2019-07-27 10:11:39.750209367 +0200
+++ /srv/web/loganalyzer/config.php	2019-07-27 11:17:44.928728151 +0200
@@ -83,10 +83,10 @@
 // --- Default Frontend Options 
 $CFG['PrependTitle'] = "";					// If set, this	text will be prepended withint the title tag
 $CFG['ViewUseTodayYesterday'] = 1;			// If enabled, the date from today and yesterday is displayed as "today" and "yesterday"
-$CFG['ViewMessageCharacterLimit'] = ;		// Default character limit for the message gets trunscated! 0 means NO trunscation.
-$CFG['ViewStringCharacterLimit'] = ;		// Default character limit for all other string type fields before they get trunscated! 0 means NO trunscation.
-$CFG['ViewEntriesPerPage'] = ;			// Default number of syslog entries shown per page
-$CFG['ViewEnableDetailPopups'] = ;			// If enabled, you will see additional Details for each syslog message on mouse over. 
+$CFG['ViewMessageCharacterLimit'] = "";		// Default character limit for the message gets trunscated! 0 means NO trunscation.
+$CFG['ViewStringCharacterLimit'] = "";		// Default character limit for all other string type fields before they get trunscated! 0 means NO trunscation.
+$CFG['ViewEntriesPerPage'] = "50";			// Default number of syslog entries shown per page
+$CFG['ViewEnableDetailPopups'] = "";			// If enabled, you will see additional Details for each syslog message on mouse over. 
 $CFG['ViewDefaultTheme'] = "default";		// This sets the default theme the user is going to see when he opens LogAnalyzer the first time. 
 											// Currently only "default" and "dark" are available. 
 $CFG['ViewDefaultLanguage'] = "en";			// Sets the default display language
@@ -96,7 +96,7 @@
 $CFG['SearchCustomButtonSearch'] = "error";					// Default search string for the custom search button
 
 $CFG['EnableContextLinks'] = 1;				// if enabled, context links within the messages will automatically be created and added. Set this to 0 to disable all context links. 
-$CFG['EnableIPAddressResolve'] = ;			// If enabled, IP Addresses inline messages are automatically resolved and the result is added in brackets {} behind the IP Address
+$CFG['EnableIPAddressResolve'] = "";			// If enabled, IP Addresses inline messages are automatically resolved and the result is added in brackets {} behind the IP Address
 $CFG['SuppressDuplicatedMessages'] = 0;		// If enabled, duplicated messages will be suppressed in the main display. 
 $CFG['TreatNotFoundFiltersAsTrue'] = 0;		// If you filter / search for messages, and the fields you are filtering for is not found, the filter result is treaten as TRUE! 
 $CFG['PopupMenuTimeout'] = 3000;			// This variable defines the default timeout value for popup menus in milliseconds. (those menus which popup when you click on the value of a field.
@@ -181,4 +181,4 @@
 
 // --- 
 
-?>
\ No newline at end of file
+?>
also i added a vhost configuration for loganalyzer which looks currently like this:

Code: Select all

Listen 2345
<VirtualHost *:2345>
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:!RC4+RSA:+HIGH:+MEDIUM
    SSLCertificateFile /etc/httpd/server.crt
    SSLCertificateKeyFile /etc/httpd/server.key

        DocumentRoot "/srv/web/loganalyzer"
        Include /etc/httpd/conf/php*.conf
        ErrorLog "/var/log/httpd/loganalyzer-error.log"
        CustomLog "/var/log/httpd/loganalyzer-access.log" combined

<Directory "/srv/web/loganalyzer">
        Options +FollowSymlinks
        Require ip 192.168.123.2
</Directory>

    <Location />

        Require ip 192.168.123.2

    </Location>

</VirtualHost>

Some fast news according to this topic.

Best,

UE

Re: Remote logging

Posted: July 28th, 2019, 5:04 pm
by barczs
Hi UE,

thanks for your detailed infos.
Cheers