Operating system: RedHat Linux Enterprise 6.
Assume that Apache has been installed and configured to work properly. Apache docsroot is /var/www/html.
This installation is aimed to provide syslog facility to networking devices such as routers, switches, servers and to use Log Analyzer to view and analyse syslog.
1. Configuring Rsyslog
Rsyslog is installed by default in RHEL environment. If not, do it following this.
Configure Rsyslog to receive syslog via UDP port 514:
Edit /etc/rsyslog.conf
Uncomment $ModLoad imudp.so and $UDPServerRun 514
Add $ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format and comment all other $ActionFileDefaultTemplate
Add *.* /var/log/syslog and comment all other rules if not used. That causes all syslog messages received to be put to file /var/log/syslog.
Make Rsyslog to automatically start when OS reboots:
Run chkconfig rsyslog on
Start Rsyslog: /etc/init.d/rsyslog start
2. Installing Log Analyzer
Get it
Install it
DONE.
If you get this message "Syslog file is not readable, read access may be denied". Follow this to resolve
3. Configuring logging in Cisco IOS
logging esm config // Send to syslog server every command that user enters. Used to track what user has done on IOS.
logging trap notifications // Choose lowest severity level to send to syslog. In this case syslog messages include emerg, alert, crit, err, warning and notice. If you want more, put logging trap info or even lower.
logging origin-id hostname // To send HOSTNAME in syslog msg
logging source-interface Loopback0 // Source IP address used to send syslog msg
logging 192.168.16.9 // Syslog server
Sunday, July 17, 2011
Apache file permission issue
I was so crazy about this.
I tried to setup Log Analyzer site but couldn't get it work as wanted. "Syslog file is not readable, read access may be denied" is what I got instead of syslog information.
Searching in the net and asking for help from friends didn't work. All I got were about using such:
chmod 644 or 755 or even 777
Or chown
At last, I found out that, the main cause of the issue is SE Linux. SE Linux prevents Apache from accessing files outside its granted folders (that's /var/www). Following shows how to overcome this:
Solution 1:
Disable SE Linx (Not recommended)
edit /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
DONE.
I tried to setup Log Analyzer site but couldn't get it work as wanted. "Syslog file is not readable, read access may be denied" is what I got instead of syslog information.
Searching in the net and asking for help from friends didn't work. All I got were about using such:
chmod 644 or 755 or even 777
Or chown
At last, I found out that, the main cause of the issue is SE Linux. SE Linux prevents Apache from accessing files outside its granted folders (that's /var/www). Following shows how to overcome this:
Solution 1:
Disable SE Linx (Not recommended)
edit /etc/selinux/config
change SELINUX=enforcing to SELINUX=disabled
DONE.
Solution 2:
Grant permission to apache user (The one that's used to run apache web server) over /var/log/ or anywhere you want.
OpenLDAP for ISP on RedHat Enterprise 6
This posts shows step by step of installing OpenLDAP on RHEL 6.
The next post will shows how to add more LDAP objects and AAA attributes that often being used in Internet Service Provider environment (such as Framed-IP-Address, NAS-Port-ID...)
1. Installing compiler tools
RHEL doesn't install this by default. At least that's true to me.
Refer to this
2. Installing Prerequisites software
2.1. Installing Oracle Berkeley Database
[root@openldap db-5.1.25]# cd build_unix
[root@openldap db-5.1.25]# ../dist/configure
[root@openldap db-5.1.25]# make
[root@openldap db-5.1.25]# make install
2.2. Installing OpenSSL
Get it (Require internet connection to the server)
[root@openldap tmp]# wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
Install it
[root@openldap tmp]# tar zxvf openssl-1.0.0d.tar.gz
[root@openldap openssl-1.0.0d]# ./config
[root@openldap openssl-1.0.0d]# make
[root@openldap openssl-1.0.0d]# make install
2.3. Installing Cyrus SASL
Install Cyrus SASL from RHEL DVD: [root@openldap Packages]# rpm -Uvh cyrus-sasl-2.1.23-8.el6.x86_64.rpm
2.4. InstallingKerberos Authentication Service
3. Installing OpenLDAP
3.1. Get the latest version
http://www.openldap.org/software/download/
3.2. Compile and install
CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH4. Configuring OpenLDAP
4.1. Create database for storing config information (config DIT)
4.2. Create database for root DIT
In this example, root DIT is: dc=test, dc=com
The next post will shows how to add more LDAP objects and AAA attributes that often being used in Internet Service Provider environment (such as Framed-IP-Address, NAS-Port-ID...)
1. Installing compiler tools
RHEL doesn't install this by default. At least that's true to me.
Refer to this
2. Installing Prerequisites software
2.1. Installing Oracle Berkeley Database
[root@openldap db-5.1.25]# cd build_unix
[root@openldap db-5.1.25]# ../dist/configure
[root@openldap db-5.1.25]# make
[root@openldap db-5.1.25]# make install
2.2. Installing OpenSSL
Get it (Require internet connection to the server)
[root@openldap tmp]# wget http://www.openssl.org/source/openssl-1.0.0d.tar.gz
Install it
[root@openldap tmp]# tar zxvf openssl-1.0.0d.tar.gz
[root@openldap openssl-1.0.0d]# ./config
[root@openldap openssl-1.0.0d]# make
[root@openldap openssl-1.0.0d]# make install
2.3. Installing Cyrus SASL
Install Cyrus SASL from RHEL DVD: [root@openldap Packages]# rpm -Uvh cyrus-sasl-2.1.23-8.el6.x86_64.rpm
2.4. Installing
3. Installing OpenLDAP
3.1. Get the latest version
http://www.openldap.org/software/download/
3.2. Compile and install
CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export CPPFLAGS
LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
export LDFLAGS
LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH4. Configuring OpenLDAP
4.1. Create database for storing config information (config DIT)
4.2. Create database for root DIT
In this example, root DIT is: dc=test, dc=com
Subscribe to:
Posts (Atom)