\u6709\u53f0\u670d\u52a1\u5668\u8981\u9000\u5f79,\u9700\u8981\u8fc1\u79fb\u670d\u52a1\u4e86,\u6070\u597d\u73b0\u5728\u6709\u65b0\u7248\u672c\u7684syslog-ng,\u91cd\u65b0\u8bb0\u5f55\u4e00\u4e0b,\u8fc7\u7a0b\u5982\u4e0b<\/p>\n
http:\/\/www.balabit.com\/downloads\/files?path=\/syslog-ng\/sources\/3.3.4\/source<\/a> CREATE DATABASE syslog; sqlsyslogd\u811a\u672c,\u5177\u4f53\u4f5c\u7528\u5982\u4e0b . \/etc\/rc.d\/init.d\/functions<\/p>\n case "$1" in PIDS= fi ;;<\/p>\n *) cat \/usr\/local\/etc\/syslog-ng.conf <\/p>\n syslog-ng\u7684\u53c2\u8003\u6587\u6863<\/p>\n<\/li>\n official syslog-ng website The syslog-ng Administrator Guide syslog-ng mailing list BalaBit Documentation Blog <\/p>\n<\/li>\n<\/ol>\n \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aKermit\u7684\u7f51\u7ad9<\/a> » \u914d\u7f6esyslog-ng<\/a><\/p>","protected":false},"excerpt":{"rendered":" \u6709\u53f0\u670d\u52a1\u5668\u8981\u9000\u5f79,\u9700\u8981\u8fc1\u79fb\u670d\u52a1\u4e86,\u6070\u597d\u73b0\u5728\u6709\u65b0\u7248\u672c\u7684syslog-ng,\u91cd\u65b0\u8bb0\u5f55\u4e00\u4e0b,\u8fc7\u7a0b\u5982\u4e0b \u5b89\u88c5syslog-ng http:\/\/www.balabit.com\/downloads\/files?path=\/syslog-ng\/sources\/3. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-436","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/436"}],"collection":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/comments?post=436"}],"version-history":[{"count":0,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/436\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/media?parent=436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/categories?post=436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/tags?post=436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nwget -c "http:\/\/www.balabit.com\/downloads\/files?path=\/syslog-ng\/sources\/3.3.4\/source\/eventlog_0.2.12.tar.gz"<\/a>;
\ntar xzvf eventlog_0.2.12.tar.gz
\n cd eventlog-0.2.12
\n .\/configure
\n make && make install
\n cd ..
\n
\nwget -c "http:\/\/www.balabit.com\/downloads\/files?path=\/syslog-ng\/sources\/3.3.4\/source\/syslog-ng_3.3.4.tar.gz"<\/a>;
\ntar xzvf syslog-ng_3.3.4.tar.gz
\n cd syslog-ng-3.3.4
\n export PKG_CONFIG_PATH=\/usr\/local\/lib\/pkgconfig
\n .\/configure
\n make && make install
\n cd ..
\n <\/p>\n\n
\n USE syslog;
\nDROP TABLE IF EXISTS logs<\/code>;
\n CREATE TABLE logs<\/code> (
\n id<\/code> bigint(20) unsigned NOT NULL auto_increment,
\n host<\/code> varchar(128) default NULL,
\n facility<\/code> varchar(10) default NULL,
\n priority<\/code> varchar(10) default NULL,
\n level<\/code> varchar(10) default NULL,
\n tag<\/code> varchar(10) default NULL,
\n datetime<\/code> datetime default NULL,
\n program<\/code> varchar(15) default NULL,
\n msg<\/code> text,
\n seq<\/code> bigint(20) unsigned NOT NULL default '0',
\n counter<\/code> int(11) NOT NULL default '1',
\n fo<\/code> datetime default NULL,
\n lo<\/code> datetime default NULL,
\n PRIMARY KEY (id<\/code>),
\n KEY datetime<\/code> (datetime<\/code>),
\n KEY sequence<\/code> (seq<\/code>),
\n KEY priority<\/code> (priority<\/code>),
\n KEY facility<\/code> (facility<\/code>),
\n KEY program<\/code> (program<\/code>),
\n KEY host<\/code> (host<\/code>)
\n ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
\n <\/p>\n\n
\ncat \/etc\/init.d\/sqlsyslogd<\/p>\n!\/bin\/bash<\/h1>\n
<\/h1>\n
sqlsyslogd This is a daemon that takes syslog-ng input and pipe it into a MySQL database.<\/h1>\n
chkconfig: 2345 98 10<\/h1>\n
description: sqlsyslogd bridges syslog-ng and mysql.<\/h1>\n
author: Josh Kuo Thu 2004\/08\/12 13:21:56 PDT<\/h1>\n
\nstart)
\nif [ -x \/tmp\/mysql.pipe ]; then
\nmkfifo \/tmp\/mysql.pipe
\nelse<\/p>\nif the service is already running, do not start another one<\/h1>\n
pidofproc mysql<\/code>
\nif [ "$PIDS" ]; then
\necho "sqlsyslogd is already running."
\nexit 1
\nfi
\nmysql -u root syslog < \/tmp\/mysql.pipe &<\/p>\n
\n;;
\nstop )
\nkillproc mysql<\/p>\nIf you need to collect apache logs into mysql, uncomment the next line.<\/h1>\n
killproc tail<\/h1>\n
\necho "Usage: sqlsyslogd {start|stop}"
\nexit 1;
\nesac
\nexit 0;
\n
\n4.syslog-ng.conf \u914d\u7f6e\u6587\u4ef6<\/p>\n<\/li>\n<\/ol>\n
\n#
\n #############################################################################
\n # Default syslog-ng.conf file which collects all local logs into a
\n # single file called \/var\/log\/messages.
\n #<\/p>\n@version: 3.3\n@include "scl.conf"\n\noptions\n{\nchain_hostnames(no);\ncreate_dirs (no);\ndir_perm(0755);\ndns_cache(no);\nkeep_hostname(yes);\nlog_fifo_size(2048);\nlog_msg_size(8192);\nperm(0644);\nstats_freq(3600);\nflush_lines(0);\ntime_reopen (10);\nuse_dns(no);\nuse_fqdn(yes);\n};\n\n#----------------------------------------------------------------------\n# Sources For Linux\n#----------------------------------------------------------------------\nsource s_stream\n{ unix-stream("\/dev\/log"); };\n\nsource s_internal\n{ internal(); };\n\nsource s_remote {\n udp(ip(0.0.0.0) port(514));\n};\nsource s_kmsg { file("\/proc\/kmsg"); };\n\n#----------------------------------------------------------------------\n# Piping method\n#----------------------------------------------------------------------\n\n\ndestination d_mysql {\n pipe("\/tmp\/mysql.pipe"\n template("INSERT INTO logs\n (host, facility, priority, level, tag, datetime, program, msg)\n VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );n") template-escape(yes));\n};\n\n#----------------------------------------------------------------------\n# Logging to a database\n#----------------------------------------------------------------------\n\nlog { source(s_kmsg); source(s_stream);source(s_internal); source(s_remote); destination(d_mysql); };\n<\/code><\/pre>\n\n
\n http:\/\/www.balabit.com\/network-security\/syslog-ng\/<\/a><\/p>\n\n
\n http:\/\/www.balabit.com\/support\/documentation\/<\/a><\/p>\n<\/li>\n
\n https:\/\/lists.balabit.hu\/mailman\/listinfo\/syslog-ng<\/a><\/p>\n<\/li>\n
\n http:\/\/robert.blogs.balabit.com<\/a><\/p>\n<\/li>\n<\/ol>\n