PHP-syslog-ng: Interpretation of Syslog-ng logs in a web interface

Introduction link

php-syslog-ng is a web application that allows you to format, search, and interpret logs. For searching, it requires logs to be in an SQL database, and for log interpretation, it’s specifically designed for Cisco logs.

Note: Before continuing, you’ll need a web server like Apache with PHP module installed. You’ll also need the MySQL module for PHP.

Installation link

Let’s use the latest version:

  cd /var/www
wget http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz
  

Now let’s extract it:

  tar -xzvf php-syslog-ng-2.9.8.tgz
  

If we want graphs, we need to install Microsoft fonts:

  apt-get install msttcorefonts
  

Configuration link

Simply go to the page http://localhost/php-syslog-ng/html/ and fill in the correct information. The installer will prepare your MySQL database. After installation, you can delete the “installation” folder and modify the configuration file located at /var/www/php-syslog-ng/html/config/config.php whenever you want.

Log Rotation link

Let’s edit the configuration file /var/www/php-syslog-ng/html/config/config.php and modify this line to keep 6 months of logs:

  define('LOGROTATERETENTION', 180);
  

Here, we want all logs older than 180 days to be deleted. However, we need to make sure this is configured in root’s crontab. Edit it and add these lines:

  @daily php /var/www/php-syslog-ng/scripts/logrotate.php >> /var/log/php-syslog-ng/logrotate.log
@daily find /var/www/php-syslog-ng/html/jpcache/ -atime 1 -exec rm -f '{}' ';'
*/5 * * * * php /var/www/php-syslog-ng/scripts/reloadcache.php >> /var/log/php-syslog-ng/reloadcache.log
  

Also create the log folder if it doesn’t exist:

  mkdir -p /var/log/php-syslog-ng/