== Securing loganalyzer == Access to log data can help an intruder. Therefore, loganalyzer is not fully configured by default. It is very trivial to enable it (see the quickstart section below) but before you do, it is suggested that you setup access control using an ACL or HTTP authentication. Using HTTPS is also a good idea. You can configure the access control you want in /etc/loganalyzer/apache.conf or in your usual virtualhost definitions. == Quickstart without any database == * this will work with the default /etc/loganalyzer/config.php * just make the /var/log/syslog file readable by www-data or by all users, for example: chmod o+r /var/log/syslog * and then browse to http://localhost/loganalyzer/ == More file-based solutions == If you don't want to set non-default permissions on /var/log/* files, you could also modify /etc/rsyslog.conf and configure it to write logs to some other location, perhaps filtering out entries that you consider too sensitive for web-based access. Then again, it is those sensitive log entries that you probably want to be made aware of when you inspect your logs. Once you have chosen which log files you want LogAnalyzer to use, you need to define them in /etc/loganalyzer/config.php == Beyond file data sources == Log analyzer documentation explains various other options. For example, you can configure rsyslog to store log events into an SQL database (such as MySQL) or a NoSQL database (such as MongoDB). To use datasources like this, * install the necessary rsyslog module packages and configure them for your database * install the necessary PHP modules for the database * adapt /etc/loganalyzer/config.php to connect to the database == MongoDB support == To use MongoDB with wheezy, you need packages from wheezy-backports For jessie and later releases of Debian, it should just work. Extra packages you must install: * For rsyslog to write events to MongoDB, you need to install apt-get install rsyslog-mongodb and make the necessary changes in /etc/rsyslog.conf (see the README.Debian from rsyslog-mongodb) * For the LogAnalyzer PHP code to access the MongoDB data, you need apt-get install php-mongo * Finally, you need to configure /etc/loganalyzer/config.php for MongoDB - a sample is provided in the default version of /etc/loganalyzer/config.php in this package, please just uncomment that and it should work. == PostgreSQL support == Using PostgreSQL is fairly easy and the setup is largely automated. * Install the packages: apt-get install loganalyzer rsyslog-pgsql postgresql During the installation of rsyslog-pgsql, dbconfig will ask you to choose a password for the rsyslog account. It will be saved in /etc/rsyslog.d/pgsql.conf so that rsyslog can write to the table. * Restart rsyslog systemctl restart rsyslog * (Optional) login to PostgreSQL and check the table. psql -h localhost -U rsyslog Syslog Syslog=> SELECT COUNT(*) FROM SystemEvents; * Configure loganalyzer vi /etc/loganalyzer/config.php Look for DB_PGSQL and uncomment all the example settings for the PostgreSQL data source. Remember to change the value of DBPassword to match whatever value you chose earlier. * Review the cron job vi /etc/cron.d/loganalyzer Uncomment the line to run the cron job. The default configuration deletes records older than 1209600 seconds (2 weeks).