syslog-ng的强大功能在此呈现
首先切换到/etc目录
cd /etc
vi log.profile
-
#日志存放路径
-
PT=/var/log/ipwall/
-
-
#客户端白名单(以逗号分割)
-
IP=192.168.2.1,192.168.2.30
-
-
#磁盘剩余空间大小(单位GB)
-
SP=10
-
-
#日志转储切割大小(单位MB)
-
SZ=50
vi syslog-ng.example
-
@version: 3.2
-
#版本号具体数值参考 /etc/syslog-ng/syslog-ng.conf 文件第一行
-
-
options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
-
owner("root"); group("adm"); perm(0640); stats_freq(0);
-
bad_hostname("^gconfd$");
-
};
-
-
source s_net { udp(ip(0.0.0.0) port(514)); };
-
-
destination d_session { file("__PATH__/$HOST/session/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_url { file("__PATH__/$HOST/url/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_qq { file("__PATH__/$HOST/QQ/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_msn { file("__PATH__/$HOST/msn/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_alipay { file("__PATH__/$HOST/alipay/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_dns { file("__PATH__/$HOST/dns/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_pop3 { file("__PATH__/$HOST/pop3/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_others { file("__PATH__/$HOST/others/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
-
filter f_local3 { level(info) and facility(local3); };
-
filter f_host { host("__IP__"); };
-
filter f_session { level(info) and facility(local1) and filter(f_host); };
-
filter f_url { level(info) and facility(local2) and filter(f_host); };
-
filter f_qq { filter(f_local3) and message(^qq) and filter(f_host); };
-
filter f_msn { filter(f_local3) and message(^msn) and filter(f_host); };
-
filter f_alipay { filter(f_local3) and message(^alipay) and filter(f_host); };
-
filter f_dns { filter(f_local3) and message(^dns) and filter(f_host); };
-
filter f_pop3 { filter(f_local3) and message(^pop3) and filter(f_host); };
-
filter f_others { not facility(local1, local2, local3) and filter(f_host); };
-
-
log { source(s_net); filter(f_session); destination(d_session); };
-
log { source(s_net); filter(f_url); destination(d_url); };
-
log { source(s_net); filter(f_qq); destination(d_qq); };
-
log { source(s_net); filter(f_msn); destination(d_msn); };
-
log { source(s_net); filter(f_alipay); destination(d_alipay); };
-
log { source(s_net); filter(f_dns); destination(d_dns); };
-
log { source(s_net); filter(f_pop3); destination(d_pop3); };
-
log { source(s_net); filter(f_others); destination(d_others); };
vi logrotate.example
vi syslog.install
-
#/bin/bash
-
-
. /etc/log.profile
-
cd /etc
-
rm -f /etc/logrotate.d/ipwall
-
PT=${PT%%/}
-
[ -d $PT ] || mkdir -p $PT
-
NUM=$(awk -vRS=, 'END{print NR}' <<<$IP)
-
-
SED_F(){
-
sed "s,__PATH__,$PT,;s,__IP__,$1,;s,__SZ__,$SZ," logrotate.example >> /etc/logrotate.d/ipwall
-
}
-
-
if [[ $NUM == 1 ]];then
-
NIP=$(sed 's/.*/^&$/' <<<$IP)
-
SED_F $IP
-
else
-
NIP=$(sed 's/.*/^&$/;s/,/$\\\\|^/g' <<<$IP)
-
awk -vRS=",|\n" '1' <<<$IP | while read LINE;do SED_F $LINE;done
-
fi
-
-
sed "s,__PATH__,$PT,;s,__IP__,$NIP," syslog-ng.example > /etc/syslog-ng/syslog-ng.conf
-
-
service syslog-ng restart 1>/dev/null
-
-
RELEASE=$(lsb_release -a 2>/dev/null | awk -F":[ \t]+" '/Distributor ID/{print $2}')
-
-
if [[ $RELEASE == "Ubuntu" ]];then
-
CRON=/var/spool/cron/crontabs/root
-
else
-
CRON=/var/spool/cron/root
-
fi
-
chmod 755 /etc/rotate /etc/monipartition
-
if [ -f $CRON ];then
-
sed -i '/rotate\|monipartition/d' $CRON
-
echo -e "* * * * * . /etc/profile;/etc/rotate\n10 0 * * * /etc/monipartition" >> $CRON
-
else
-
echo "Crontab installation failed"
-
fi
-
useradd syslog
-
exit 0
vi rotate
-
#!/bin/bash
-
-
. /etc/log.profile
-
-
MOVE_F(){
-
cd $1
-
ls *.gz 2>/dev/null|/usr/bin/awk -F"_" 'NR==1{i=$1;system("mkdir -p "i"")}{if($1==i)system("mv "$0" "i"")}'
-
}
-
-
/usr/sbin/logrotate /etc/logrotate.conf
-
-
/usr/bin/find $PT -name "messages.log.*.gz" | /usr/bin/awk -F'messages\\.log\\.' '{split($NF,a,".");system("mv "$0" "$1"`date -d \"@"a[1]"\" +%Y-%m-%d_%H-%M`.gz")}'
-
-
/usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do MOVE_F $LINE;done
-
-
exit 0
vi monipartition
-
#!/bin/bash
-
-
. /etc/log.profile
-
-
SPACE=$(df $PT | awk 'NR==2{print $4}')
-
SP=$(($SP*100000))
-
-
RM_F(){
-
cd $1
-
ls -d */ 2>/dev/null | awk 'NR==1{system("rm -rf "$0"")}'
-
}
-
-
[[ $SPACE -le $SP ]] && /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do RM_F $LINE;done
-
-
exit 0
文件全部保存在 /etc 目录下,给安装脚本 syslog.install 加执行权限,执行该脚本。
ubuntu 11.04 syslog-ng 3.13 测试通过,如果是syslog-ng 3.1.2 版本请把配置文件的版本号改为:@version: 3.0
syslog-ng管理员手册(英文版):
参考网站:
阅读(6800) | 评论(1) | 转发(3) |