LogZilla on SUSE/SLES

From Network Management Wiki

Contents 1 Preface 2 Installation path 3 MySQL 5.1 4 AppArmor profile modification for syslog-ng 5 Sphinx startup 6 Crontab

Preface

Useful Packages for OpenSuSE 11.3

Installation path

Place logzilla to the folder

/srv/www/logzilla

MySQL 5.1

If OpenSUSE version <= 10.2 or SLES version <= 10SP2 please download and install appropriate MySQL 5.1 RPMs for your distribuution (http://dev.mysql.com/downloads/mysql/#downloads)

MySQL options

Create /etc/my.cnf file with following contents:

[mysqld]
local-infile=1
event-scheduler=1

[client]
loose-local-infile=1

db_insert.pl

Modify MySQL connect lines in db_insert.pl

$dbh = DBI->connect( "DBI:mysql:$db:$dbhost;mysql_read_default_file=/etc/my.cnf", $dbuser, $dbpass );

AppArmor profile modification for syslog-ng

Please add following lines to syslog-ng AppArmor profile (/etc/apparmor.d/sbin.syslog-ng)

 /bin/bash ixr,
 /dev/shm/infile.txt rw,
 /dev/tty10 rw,
 /srv/www/logzilla/** ixr,
 /usr/bin/perl ix,
 /usr/share/mysql/charsets/Index.xml r,
 /var/lib/syslog-ng/syslog-ng.persist rw,

Reload syslog-ng profile with command:

apparmor_parser -r </etc/apparmor.d/sbin.syslog-ng

To test changes run following command and check if any additional permissions required

logprof

Sphinx startup

Create /etc/rc.d/rc.local file with following contents:

#! /bin/sh
#
#
# /etc/init.d/rc.local
#
### BEGIN INIT INFO
# Provides:          rc.local
# Required-Start:
# X-UnitedLinux-Should-Start:
# Required-Stop:
# Default-Start:        3 5
# Default-Stop:         0 1 2 6
# Description:       start local progs
### END INIT INFO

. /etc/rc.status

rc_reset

case "$1" in
  start|reload|restart|force-reload)
        #
        # If we use a serial console, don't use the fsck progress bar

        echo -n "Starting local progs"

        # sphinx
        /srv/www/logzilla/sphinx/bin/searchd -c /srv/www/logzilla/sphinx/sphinx.conf

        rc_status -v
        ;;
    stop)
        echo -n "Stopping local progs"

        # sphinx
        killall searchd

        rc_status -v
        ;;
    status)
        rc_failed 4
        rc_status -v
        ;;
    *)
        echo "Usage: $0 {start|stop|status}"
        exit 1
        ;;
esac

rc_exit

Add symbolic links to startup file:

ln -s /etc/rc.d/rc.local /etc/rc.d/rc3.d/S99local
ln -s /etc/rc.d/rc.local /etc/rc.d/rc5.d/S99local

Crontab

Please add root user to logzilla.crontab lines and place it to /etc/cron.d/logzilla.crontab

30 0 1 * *      root    /srv/www/logzilla/sphinx/indexer.sh full >> /var/log/logzilla/sphinx_indexer.log 2>&1
*/5 * * * *     root    /srv/www/logzilla/sphinx/indexer.sh delta >> /var/log/logzilla/sphinx_indexer.log 2>&1
0 0 * * *       root    /srv/www/logzilla/sphinx/indexer.sh merge >> /var/log/logzilla/sphinx_indexer.log 2>&1