Sawmill Source Install with LDAP, SFTP and Mysql (Debian 8 Jesse)

Sawmill Source Install with LDAP, SFTP and MySQL (Debian 8 Jesse)

By default on Debian (because the build servers are standard vanilla builds) some features of Sawmill are not available. These are the LDAP authentication module, using SFTP as a log source, using MySQL as a back end database and using ODBC as a log source or back end database. Installing ODBC drivers on Debain is outside the scope of this document, but you should start by going to the server vendor for information about their solutions (both Microsoft and Oracle have instructions available publically for this).

You may receive the error “SFTP not enabled in this build”:

Or you can’t see a MySQL database option when creating a profile:

Or your LDAP authentication fails with error “ldap_initialize() called, but LDAP is not available in this build”:

Here is how to get LDAP, SFTP and MySQL working using a minimal Debian 8 install:

As root update Debain

apt-get update

apt-get upgrade

As root install sudo

apt-get install sudo

As root add your user to sudoers

sudoaddusergrahamsudo

Logout as root / login as graham

Install build-essential (development tools bundle)

sudo apt-get install build-essential

Install OpenLDAP (development version)

sudo apt-get install libldap2-dev

Install OpenSSL (development version)

sudoapt-get install libssl-dev

Install MySQL Client (development version)

sudo apt-get install libmysqlclient-dev

Install Sawmill / Start Sawmill

tar -xzf sawmill8.7.7.6_crypt_src.tar.gz
cd sawmill-8.7.7.6/
./configure
make sawmill
./sawmill

You should now see the Sawmill Banner telling you Sawmill is running and on which IP and port:

Sawmill 8.7.7.6; Copyright (c) 1996-2016 Flowerfire, Inc.
Web server running; browse to use Sawmill.
To run on a different IP address, use "sawmill -ship-addr -ws t"

Testing

LDAP

From the command line (stop Sawmill first):

./sawmill -a tl -lsh 192.168.1.1 -lb CN=Users,DC=ldap,DC=domain,DC=co,DC=uk -ad CN=graham,CN=Users,DC=ldap,DC=domain,DC=co,DC=uk -usfl false -lulsAMAccountName -luusername -lp test -ap test

Output should show failure to connect but you will see:

result of ldap_initialize: 31313440
Calling ldap_bind()
BOUND: success=false
ldap_bind() failed
ldap_error_return_code=-1
ldap_errno=0
ldap_error_message=Success
ldap_error_message_ret=Can't contact LDAP server

SFTP

There is currently no way to test this from the command line, so you need to log into Sawmill and create a new profile, or edit an existing profile. Change the log source to an SFTP source and save changes.

MySQL

There is currently no way to test this from the command line, so you need to log into Sawmill and create a new profile, or edit an existing profile. If MySQL is enabled it will be present as a drop down menu option for the Database server type value. You can see this in the New Profile Wizard (Database screen) when creating a new profile or in the Config Options > Database Server & Tuning > Server section of an existing profile.