With more and more machines and projects I wanted to centralize my logs to a server. As a first try, I wanted a simple rsyslog configuration that takes every log, including systemd's messags via journald, and sends them to a central server. I also wanted to have a web interface so I could sort and read these logs.
To do so, I first told rsyslog on the server side to send each log to a database so then loganalizer could parse it. Beforehand, I had to configure mysql properly to have a database, tables, user, and everything that rsyslog needs to send its logs to mysql.
After that, I set up an apache server, where I could host loganalizer. This process was simple as building a webserver is done without much trouble. After everything was done, I accessed the web interface of loganalizer with my web browser. The first time I opened the page, I had to do some configuration so loganlyzer could read from the logs which are in the mysql databse
Once the configuration was finished, and everything had setup without any error message, the web interface started displaying the logs.
The logs are shown properly. There are tabs that let use choose the time range and filter the incoming messages.
The solution worked fine and seemed to be reliable, but there was an issue. Even though and admin account was set during the initial setup, this interface, showing everything, was shown as soon as I entered the page on my browser. I did not need to login to see all this information. That means that anyone on my network that accessed the URL of the server on any device could see everything. I tried to see if I could force the user to log in but did not find anything. When logged as admin, it only unlocked more settings to administrate loganalizer but that was it.
As a consequence, I decided to stop using loganalizer. It was too much of a security risk considering the info displayed. I decided to hand over the log collecting to my Synology NAS, which I described in my NAS project.