Setup Rsyslog with MySQL on CentOS/RHEL 7

RSYSLOG is a super fast system to process logs and events. It provides a very efficient way to setup centralized log server. This article will help you to save log files to MySQL database.

MySQL Database

See Also:

SETUP RSYSLOG WITH MYSQL ON CENTOS/RHEL 6/5

Step 1: Add MySQL Repository

First we need to add the MySQL repository to install MySQL packages. Use mention command to add MySQL repository.

# rpm -Uvh http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

Step 2: Install MySQL, Apache and PHP (LAMP)

First we need to install LAMP on our server to setup rsyslog with MySQL. Use following commands to install required packages.

# yum install php php-mysql mysql-server httpd

After installing all the required packages start all services using following commands.

# systemctl start httpd
# systemctl start mysqld
# systemctl enable httpd
# systemctl enable mysqld

Apply security on mysql and also set root user password.

# mysqladmin -u root password 'Password'
OR
# mysql_secure_installation

Step 3: Install Rsyslog

By default rsyslog is installed on RHEL based system. If rsyslog is not installed user following commands to install rsyslog packeges.

# yum install rsyslog rsyslog-mysql

After installing start rsyslog service and make sure syslog is stopped on server.

# systemctl stop syslog
# systemctl disable syslog
# systemctl start rsyslog
# systemctl enable rsyslog

Step 4: Configure Rsyslog Database

There is default sql script is available to create the database. Use mention command to create MySQL database.

# mysql -u root -p < /usr/share/doc/rsyslog-8.24.0/mysql-createDB.sql

After creating the rsyslog database, we need to create MySQL user with grant access for accessing database

# mysql -u root -p
mysql> GRANT ALL ON Syslog.* TO 'rsyslog'@'localhost' IDENTIFIED BY 'Password';
mysql> FLUSH PRIVILEGES; mysql> exit

Step 5: Enable MySQL Module

Now we need to enable MySQL module using Rsyslog configuration file, Also update Rsyslog configuration with MySQL connection details.

vim /etc/rsyslog.conf

Uncomment the following lines.

module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")

Add following entries in configuration file.

 $ModLoad ommysql
*.* :ommysql:127.0.0.1,Syslog,rsyslog,Password

Now restart Rsyslog service.

# service rsyslog restart

We have successfully configured Rsyslog with MySQL database server. Now, all the logs will save in Syslog database. If you want to view logs on web interface following below link.

Continue to Part 2 – Setup LogAnalyzer with Rsyslog MySQL

Reference: Rsyslog Official Website

Enjoy it!

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.