HackMD
Transport iptables log file to log server
Objective
Setting iptables log function in log client,and transport log file to log server.
Deploy LogAnalyzer on log server.
System environment
All System use CentOS 7.6
- R1(Network Adapter *2)
- log server (in LAN)
Build iptables rules and rsyslog in R1
iptables -A INPUT -i $LAN_INTERFACE -j LOG --log-prefix "INPUT ICMPv4:" --log-level notice
iptables -A INPUT -p tcp -j LOG --log-prefix "INPUT TCP:" --log-level notice
iptables -A INPUT -p udp -j LOG --log-prefix "INPUT UDP:" --log-level notice
iptables -t nat -A POSTROUTING -o ens33 -J LOG --log-level notice --log-prefix "NAT Packet:"
iptables -t nat -A POSTROUTING -o ens33 -J MASQUERADE
Save log file in /var/log/iptables.log
edit /etc/rsyslog.conf
*.* @192.168.0.1:514 //log server ip or FQDN and be a log client
enable ipv4.ip_forward in sysctl.conf
net.ipv4.ip_forward = 1
Build rsyslog in log server
edit /etc/rsyslog.conf
#uncommend these lines
$ModLoad imudp
$UDPServerRun 514
#add these line to allow log client
$AllowedSender UDP,192.168.0.0/24
kern.=notice /var/log/iptables.log #Save log in file
*.info;*.!notice;mail.none;authpriv.none;cron.none;
Deploy LogAnalyzer in log server
Install apache2 and php
(In this project,php version is 7.3,and defalut version in CentOS 7 is 5.4)
yum install httpd php
Recommand:Reboot the computer after finishing install or LogAnalyzer will not install successfully.
Download LogAnalyzer from official website and extract it
wget http://download.adiscon.com/loganalyzer/loganalyzer-4.1.7.tar.gz
tar -zxvf loganalyzer-4.1.7.tar.gz
To show report-images in LogAnalyzer,need to install GD module.
yum install gd gd-devel php-gd
systemctl restart httpd
Browse $YOUR_SERVER_IP/loganalyzer/src/install.php to install LogAnalyzer.
Use MariaDB(MySQL) to store log files , and use phpMyAdmin to manage.
Install MariaDB and configure
yum install epel-release
yum install mariadb-server php-mysql rsyslog-mysql
mysql_secure_installation
mysql -u root -p #Login
In this project , phpMyAdmin version is 4.9 , php version need 5.5 or later.
Download phpMyAdmin setup file from official website , and extract to /var/www , browse $SERVER_IP/phpmyadmin/setup to set configuration.
mysql -u root -p logdb </usr/share/doc/rsyslog/mysql-createDB.sql #create database
mv config.php config.php.backup #re-configure
touch config.php
Edit rsyslog.conf
#load ommysql module
$ModLoad ommysql
#:ommysql:資料庫IP,資料庫名,使用者名稱,密碼
kern.=notice :ommysql:localhost,logdb,$dbuser,$dbpassword
Screenshot
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Reference
自行架設LogAnalyzer日誌管理伺服器
LogAnalyzer日誌分析工具安裝設定詳解
CentOS Linux 7 安裝 MySQL/MariaDB 資料庫教學
rsyslog+mysql+loganalyzer記錄系統log至資料庫並由web介面呈現
