LogAnalyzer and rsyslog MongoDB support now in wheezy-backports and Ubuntu

LogAnalyzer is a powerful but simple log file analysis tool. The upstream web site gives an online demo.

It is developed in PHP, runs in Apache and has no other dependencies such as databases - it can read directly from the log files.

For efficiency, however, it is now trivial to make it work with MongoDB on Debian.

Using a database (including MongoDB and SQL backends) also means that severity codes (debug/info/notice/warn/error/...) are retained. These are not available from many log files. The UI can only colour-code and filter the messages by severity if it has a database backend.

Package status

The packages just entered Debian recently. It has now been migrated to wheezy-backports and Ubuntu so anybody on wheezy or Ubuntu can use it.

Quick start with MongoDB

The version of rsyslog in Debian wheezy does not support MongoDB output. It is necessary to grab 7.4.8 from backports.

Some versions, up to 7.4.4 in backports, had bugs with MongoDB support - if you tried those, please try again now.

The backported rsyslog is a drop-in replacement for the standard rsyslog package and for users with a default configuration it is unlikely you will notice any difference. For users who customized the configuration, as always, make a backup before trying the new version.

  • Install all the necessary packages: apt-get install rsyslog-mongodb php5-mongo mongodb-server
  • Add the following to /etc/rsyslog.conf:

    module (load="ommongodb")
    *.* action(type="ommongodb" server="127.0.0.1" db="logs" collection="syslog")

  • Look for the MongoDB settings in /etc/loganalyzer/config.php and uncomment them. Comment out the stuff for disk log access.
  • Restart rsyslog and then browse your logs at http://localhost/loganalyzer

Comments

Hello Daniel,

Have you tried this configuration (rsyslog + mongoDB + LogAnalyzer) with new rsyslog version (7.6) ?

In my lab it's doesn't works, I read this : http://loganalyzer.adiscon.com/articles/using-mongodb-with-rsyslog-and-l...

But I can not use TCP and with UDP my MongoDB is not used (no entry).

Have a nice day,

Clement