# php-syslog-ng problems

## nagual

I followed the guide here

http://gentoo-wiki.com/HOWTO_setup_PHP-Syslog-NG

and get all the way to the end just fine.  When I try and go to 

http://localhost/phpsyslogng/ i get this

Fatal error: Call to undefined function preg_match() in /var/www/localhost/htdocs/phpsyslogng/includes/common_funcs.php on line 125

Any help would be appreciated.Last edited by nagual on Sun Mar 19, 2006 5:55 am; edited 2 times in total

----------

## think4urs11

mysql-support in php is active?

----------

## SoTired

You probably forgot to compile php with the pcre use flag.

----------

## nagual

so I am going to have to unmerge php5 and add that to the use flag, and recompile?  Also how would I check if Mysql support is configured?

----------

## think4urs11

i've dev-lang/php configured (on a dedicated php-syslog-ng machine) as follows:

```
 ~ # emerge -pv dev-lang/php

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild     U ] dev-lang/php-4.4.2 [4.4.1-r3] -adabas -apache +apache2 -bcmath +berkdb -birdstep +bzip2 -calendar -cdb +cgi -cjk +cli +crypt -ctype -curl -db2 +dba -dbase -dbmaker -dbx -debug -discard-path -doc -empress -empress-bcs -esoob -exif +expat -fastbuild -fdftk -filepro -firebird -flatfile -force-cgi-redirect -frontbase -ftp +gd -gd-external +gdbm -gmp -hardenedphp -hyperwave-api -iconv -imap -informix -inifile -interbase -iodbc -ipv6 -java-external -java-internal -kerberos -ldap -libedit -mcal -mcve -memlimit -mhash -ming -mnogosearch -msql -mssql +mysql +ncurses +nls -oci8 -oci8-instant-client -odbc -oracle7 -overload -ovrimos -pcntl +pcre -pfpro -pic -posix -postgres +readline -recode -sapdb -session -sharedext -sharedmem +snmp -sockets -solid +spell -sqlite +ssl -sybase -sybase-ct -sysvipc -threads -tiff -tokenizer -truetype -wddx -xml -xmlrpc -xpm -xsl -yaz -zip +zlib
```

check for missing useflags on your installation and add them as needed

 */etc/portage/package.use wrote:*   

> dev-lang/php dba cgi cli mysql pcre

 

----------

## nagual

I got it working.  Thanks for the help.

----------

## nagual

Ok.  I have that problem fixed.  When I try and login to phpsylogng i get this.

Query failed: Table 'syslog.users' doesn't exist

I followed the directions to a tee.  Why wasn't this table created, and how can I create it?  Sorry SQL newb here.

----------

## Aonoa

 *nagual wrote:*   

> Ok.  I have that problem fixed.  When I try and login to phpsylogng i get this.
> 
> Query failed: Table 'syslog.users' doesn't exist
> 
> I followed the directions to a tee.  Why wasn't this table created, and how can I create it?  Sorry SQL newb here.

 

I have your exact problem after installing php-syslog-ng, did you correct it?

I would appreciate it if anyone knew a solution for this. Thanks  :Smile: 

----------

## mocsokmike

 *Quote:*   

> Query failed: Table 'syslog.users' doesn't exist

 

This is because you did not set up the database yet. That wiki page is not perfect. I have managed to bypass this error message yesterday evening (now I have an SQL query error) by using it parallel with the phpsyslogng help page (click on the "help" link on your half-working phpsyslogng page).

```
mysql -u root -p < /var/www/localhost/htdocs/phpsyslogng/scripts/dbsetup.sql
```

And before you load it into your mysql server, open it with an editor and customize to your needs. This script will build up a default database and will add a control user with "admin" username and password. This is important to log in for the first time!

----------

## Aonoa

That dbsetup.sql file did it's thing, thanks.  :Smile: 

Is it by any chance this error you are getting now as well?

```
Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
```

----------

## mocsokmike

Yep, that WAS it.

Now it is running fine!   :Very Happy: 

I have did a lot of things, but I believe the main point was that I logged in as "admin", and added two users: "syslog" and "syslogfeeder". Then I went into my good old phpmyadmin page, where I simply renamed the "admin" user into "syslogadmin" in the users table of the syslog database (just to match the how-tos   :Wink:  ).

Of course, you need to edit the phpsyslogng config files to match these usernames and passwords.

If your system is still not working after these changes, I can send you my settings approx. 7 hours later. It is in my home Linux box.

----------

## thepustule

 *Heion wrote:*   

> That dbsetup.sql file did it's thing, thanks. 
> 
> Is it by any chance this error you are getting now as well?
> 
> ```
> ...

 

I was getting this error also, until I had some log data in the database.  Then it worked ok.

----------

## mocsokmike

 *thepustule wrote:*   

> I was getting this error also, until I had some log data in the database.  Then it worked ok.

 

You are right. If there is no log in the syslog database, that can be because the syslogfeeder user has no SELECT, INSERT and UPDATE privileges for the syslog database.

----------

## Aonoa

I'm still getting the sql syntax error after adding those users (logged in as admin).  I tried some mysql stuff, "show logs;" logged in as several users against the syslog database and got access denied messages (I'm not certain show logs; is the right command?). Maybe this means there are some permission issues or nothing being logged?

Would be nice if you could send me your configurations, then I could look for differences/faults in mine.

----------

## mocsokmike

OK, here they come:

First, check your syslog-ng configuration. I will list here only the necessary parts of the config file, not the whole.

/etc/syslog-ng/syslog-ng.conf (part 1: where to log?)

```
log { source(src); destination(messages); };

#log { source(src); destination(console_all); };

log { source(src); destination(d_mysql); };

```

Here I removed logging into the console, 'cause I don't need it (I will admin this machine remotely). I still left in the good-old /var/log/messages file, as a back-up. You can leave the terminal logging there if you like - the only important line is the d_mysql from the php-syslog-ng point of view.

/etc/syslog-ng/syslog-ng.conf (part 2: logging into mysql)

```
# This is for php-syslog-ng

destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs

(host, facility, priority, level, tag, datetime, program, msg)

VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',

'$PROGRAM', '$MSG' );\n") template-escape(yes)); };
```

If you changed something, restart syslog-ng:

```
/etc/init.d/syslog-ng restart
```

Secondly, the script:

/etc/syslog-ng/syslog2mysql.sh

```
#!/bin/bash

if [ ! -e /var/log/mysql.pipe ]

then

   mkfifo /var/log/mysql.pipe

fi

while [ -e /var/log/mysql.pipe ]

do

   mysql -u syslogfeeder --password=<put_your_passwd_here> syslog < /var/log/mysql.pipe >/dev/null

done
```

I have put this script into /etc/syslog-ng/ simply because I can easily find it there later. It can be anywhere.

This script must run in order to have the messages sent to the sql database. To start it every boot-up put this line into your local.start file:

/etc/conf.d/local.start

```
/etc/syslog-ng/syslog2mysql.sh &
```

You need that script running.

To check it do:

```
ps -ef | grep syslog2mysql
```

If the script is running, it must return something like this:

root      6330     1  0 10:17 ?        00:00:00 /bin/bash /etc/syslog-ng/syslog2mysql.sh

root      6609  6528  0 11:03 pts/0    00:00:00 grep syslog2mysql

If you don't have it running, type:

```
/etc/syslog-ng/syslog2mysql.sh &
```

Now you are almost there. Syslog-ng knows the necessary sql commands to send your log into the database, and the script, which login into the sql database as "syslogfeeder" and keeps the pipe alive for syslog-ng, is running. The only problem can be that syslogfeeder has no privileges to do its job. You can get it straight by doing this:

```
mysql -u root -p syslog
```

 And once you logged in to you mysql database, type:

```
REVOKE ALL PRIVILEGES ON `syslog` . * FROM 'syslogfeeder'@'localhost';

GRANT SELECT, INSERT, UPDATE ON `syslog` . *

TO 'syslogfeeder'@'localhost';
```

You also need to have at least SELECT privileges for the syslog user:

```
REVOKE ALL PRIVILEGES ON `syslog` . * FROM 'syslog'@'localhost';

GRANT SELECT ON `syslog` . *

TO 'syslog'@ 'localhost';
```

And give some privileges to syslogadmin as well:

```
REVOKE ALL PRIVILEGES ON `syslog` . * FROM 'syslogadmin'@'localhost';

GRANT SELECT, INSERT, UPDATE, DELETE ON `syslog` . *

TO 'syslogadmin'@ 'localhost';

quit
```

In your case this user is called as "admin" instead of "syslogadmin", I guess. If this is the case, use "admin" where I wrote "syslogadmin".

And finally, generate some output to the syslog by inserting a USB device or simply rebooting your PC. Now you can check the php-syslog-ng page and how nicely it work   :Wink: 

(I hope I didn't forget anything important)

----------

## Aonoa

Thanks a million, it works!   :Very Happy:  nothing else for me to say other than it's playtime  :Wink: 

----------

