有台服务器要退役,需要迁移服务了,恰好现在有新版本的syslog-ng,重新记录一下,过程如下
- 安装syslog-ng
http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.3.4/source
wget -c "http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.3.4/source/eventlog_0.2.12.tar.gz"
tar xzvf eventlog_0.2.12.tar.gz
cd eventlog-0.2.12
./configure
make && make install
cd ..
wget -c "http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.3.4/source/syslog-ng_3.3.4.tar.gz"
tar xzvf syslog-ng_3.3.4.tar.gz
cd syslog-ng-3.3.4
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
./configure
make && make install
cd ..
- 配置mysql
CREATE DATABASE syslog;
USE syslog;
DROP TABLE IF EXISTS logs;
CREATE TABLE logs (
id bigint(20) unsigned NOT NULL auto_increment,
host varchar(128) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
datetime datetime default NULL,
program varchar(15) default NULL,
msg text,
seq bigint(20) unsigned NOT NULL default '0',
counter int(11) NOT NULL default '1',
fo datetime default NULL,
lo datetime default NULL,
PRIMARY KEY (id),
KEY datetime (datetime),
KEY sequence (seq),
KEY priority (priority),
KEY facility (facility),
KEY program (program),
KEY host (host)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
sqlsyslogd脚本,具体作用如下
cat /etc/init.d/sqlsyslogd!/bin/bash
sqlsyslogd This is a daemon that takes syslog-ng input and pipe it into a MySQL database.
chkconfig: 2345 98 10
description: sqlsyslogd bridges syslog-ng and mysql.
author: Josh Kuo Thu 2004/08/12 13:21:56 PDT
. /etc/rc.d/init.d/functions
case "$1" in
start)
if [ -x /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
elseif the service is already running, do not start another one
PIDS=
pidofproc mysql
if [ "$PIDS" ]; then
echo "sqlsyslogd is already running."
exit 1
fi
mysql -u root syslog < /tmp/mysql.pipe &fi
;;
stop )
killproc mysqlIf you need to collect apache logs into mysql, uncomment the next line.
killproc tail
;;
*)
echo "Usage: sqlsyslogd {start|stop}"
exit 1;
esac
exit 0;
4.syslog-ng.conf 配置文件
cat /usr/local/etc/syslog-ng.conf
#
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#
@version: 3.3
@include "scl.conf"
options
{
chain_hostnames(no);
create_dirs (no);
dir_perm(0755);
dns_cache(no);
keep_hostname(yes);
log_fifo_size(2048);
log_msg_size(8192);
perm(0644);
stats_freq(3600);
flush_lines(0);
time_reopen (10);
use_dns(no);
use_fqdn(yes);
};
#----------------------------------------------------------------------
# Sources For Linux
#----------------------------------------------------------------------
source s_stream
{ unix-stream("/dev/log"); };
source s_internal
{ internal(); };
source s_remote {
udp(ip(0.0.0.0) port(514));
};
source s_kmsg { file("/proc/kmsg"); };
#----------------------------------------------------------------------
# Piping method
#----------------------------------------------------------------------
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );n") template-escape(yes));
};
#----------------------------------------------------------------------
# Logging to a database
#----------------------------------------------------------------------
log { source(s_kmsg); source(s_stream);source(s_internal); source(s_remote); destination(d_mysql); };
-
syslog-ng的参考文档
-
official syslog-ng website
http://www.balabit.com/network-security/syslog-ng/-
The syslog-ng Administrator Guide
http://www.balabit.com/support/documentation/ -
syslog-ng mailing list
https://lists.balabit.hu/mailman/listinfo/syslog-ng -
BalaBit Documentation Blog
http://robert.blogs.balabit.com
-
转载请注明:Kermit的网站 » 配置syslog-ng