Ubuntu Geek

Preparing syslog

mkdir /logs (let’s make a directory for our logs) Modify /etc/syslog.conf and add the next rule if you really would like to log everything: (don’t forget to save it) *.* /logs/logger.log

It’s possible you’re only interessed in a few things, here is the list:

auth - authentication (login) messages
cron - messages from the memory-resident scheduler
daemon - messages from resident daemons
kern - kernel messages
lpr - printer messages (used by JetDirect cards)
mail - messages from Sendmail
user - messages from user-initiated processes/apps
local0-local7 - user-defined (see below)
syslog - messages from the syslog process itself

0 - Emergency (emerg)
1 - Alerts (alert)
2 - Critical (crit)
3 - Errors (err)
4 - Warnings (warn)
5 - Notification (notice)
6 - Information (info)
7 - Debug (debug)

Would you like to log everything from auth, cron, lpr error and only syslogs warnings then you have to add next lines to /etc/syslog.conf

auth.* /logs/logger.log
cron.* /logs/logger.log
kern.* /logs/logger.log
lpr.3 /logs/logger.log
syslog.4 /logs/logger.log

Now modify /etc/init.d/ksyslogd with your favourite editor and do the next:

SYSLOGD=”” Change this line by the next line and save:
SYSLOGD=”-r -m0”

restart networking again: /etc/init.d/networking restart

Install Apache2 and stuff:

apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client

php5-mysql

Check cat /etc/hostname, and the hostname that you are seeing here you have to

place in your /etc/hosts file, together with your local static ip address. /etc/hosts:
192.168.0.102 myhostname Don’t forget to change the above to your own needs! I decided to host on Port 8070, my ISP (Telenet Belgium) has blocked all ports under 1024. Modify /etc/apache2/ports.conf: (Listen 80 must be replaced by Listen 8070)
Listen 8070

If you are behind a NAT, don’t forget to open this port on your router.

Now we’re going to install our virtual hosts. cd /etc/apache2/sites-available
touch myname.homelinux.com (we create our name)
Now edit your myname.homelinux.com file with your favorite editor and make sure it looks like this:

ServerAdmin you@mail.com
ServerName myname.homelinux.com
ServerAlias myname.homelinux.com
DirectoryIndex index.php
DocumentRoot /logs

Ok, now we’re going to etc/apache2/sites-enabled

cd /etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/myname.homelinux.com myname.homelinux.com This symbolic link (ln -s) is absolutely necessary. Ok, now we’re going to our logs directory and we place there an index.php file cd /logs
touch index.php
Modify index.php now with your favorite editor. This is how it should look like:

Restart apache: /etc/init.d/apache2 force-reload

Ok, go to www.dyndns.com and www.whatsmyip.org (memorize your ip)
And on dyndns you registrate yourself, you log in, then click DNS services ->

dynamic DNS -> Add Host -> and you registrate myname.homelinux.com.

Mention your remote IP (what you saw at whatsmyip.org at the ip line)

If you visit now your myname.homelinux.com/:8070 webpage you will be able to see your syslogs!

4) Only me wants to see the log files (by using a .htacces file)

Now we take measures: Only you will have the possibility to see your syslogs.

cd /logs (Yes we go again to the /logs directory)
touch .htaccess (We’ll make an .htaccess file)
Modify .htaccess with your favorite editor. This is how your .htaccess file should look like:

AuthUserFile /root/.htpasswd
AuthName ‘Access is limited here’
AuthType basic
require valid-user

cd /root (go to the /root directory)
htpasswd -c .htpasswd webmaster (let’s make a valid account)

Now modify the /etc/apache2/sites-available/default file with your favorite editor:

DocumentRoot /var/www

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2’s
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/

This AllowOverride all tells apache2 it has to deal with a .htaccess file.
Restart apache2 again: /etc/init.d/apache2 force-reload

Go to your site now, you’ll have to give a password that you’ve specified.

Conclusion

Now you have a syslog server that’s using the virtual host technique on apache2. And only you is able to read the information, caused by the .htaccess file.

By phar0z | mansondudeNOSPAM@gmail.com

If you want to be notified the next time we write something please subscribe to our RSS feed.Thanks for Visiting!