Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3028246
  • 博文数量: 272
  • 博客积分: 5544
  • 博客等级: 大校
  • 技术积分: 5496
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-08 00:48
个人简介

  每个人都要有一个骨灰级的爱好,不为金钱,而纯粹是为了在这个领域享受追寻真理的快乐。

文章分类

全部博文(272)

文章存档

2015年(2)

2014年(5)

2013年(25)

2012年(58)

2011年(182)

分类: LINUX

2011-12-08 13:12:31

syslog-ng的强大功能在此呈现

首先切换到/etc目录
cd /etc

vi log.profile
  1. #日志存放路径
  2. PT=/var/log/ipwall/

  3. #客户端白名单(以逗号分割)
  4. IP=192.168.2.1,192.168.2.30

  5. #磁盘剩余空间大小(单位GB)
  6. SP=10

  7. #日志转储切割大小(单位MB)
  8. SZ=50

vi syslog-ng.example
  1. @version: 3.2
  2. #版本号具体数值参考 /etc/syslog-ng/syslog-ng.conf 文件第一行

  3. options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
  4.           owner("root"); group("adm"); perm(0640); stats_freq(0);
  5.           bad_hostname("^gconfd$");
  6. };

  7. source s_net { udp(ip(0.0.0.0) port(514)); };

  8. destination d_session { file("__PATH__/$HOST/session/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  9. destination d_url { file("__PATH__/$HOST/url/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  10. destination d_qq { file("__PATH__/$HOST/QQ/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  11. destination d_msn { file("__PATH__/$HOST/msn/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  12. destination d_alipay { file("__PATH__/$HOST/alipay/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  13. destination d_dns { file("__PATH__/$HOST/dns/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  14. destination d_pop3 { file("__PATH__/$HOST/pop3/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  15. destination d_others { file("__PATH__/$HOST/others/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };

  16. filter f_local3 { level(info) and facility(local3); };
  17. filter f_host { host("__IP__"); };
  18. filter f_session { level(info) and facility(local1) and filter(f_host); };
  19. filter f_url { level(info) and facility(local2) and filter(f_host); };
  20. filter f_qq { filter(f_local3) and message(^qq) and filter(f_host); };
  21. filter f_msn { filter(f_local3) and message(^msn) and filter(f_host); };
  22. filter f_alipay { filter(f_local3) and message(^alipay) and filter(f_host); };
  23. filter f_dns { filter(f_local3) and message(^dns) and filter(f_host); };
  24. filter f_pop3 { filter(f_local3) and message(^pop3) and filter(f_host); };
  25. filter f_others { not facility(local1, local2, local3) and filter(f_host); };

  26. log { source(s_net); filter(f_session); destination(d_session); };
  27. log { source(s_net); filter(f_url); destination(d_url); };
  28. log { source(s_net); filter(f_qq); destination(d_qq); };
  29. log { source(s_net); filter(f_msn); destination(d_msn); };
  30. log { source(s_net); filter(f_alipay); destination(d_alipay); };
  31. log { source(s_net); filter(f_dns); destination(d_dns); };
  32. log { source(s_net); filter(f_pop3); destination(d_pop3); };
  33. log { source(s_net); filter(f_others); destination(d_others); };

vi logrotate.example
  1. __PATH__/__IP__/session/messages.log {
  2.         missingok
  3.         rotate 65535
  4.         create 0777 syslog adm
  5.         compress
  6.         size __SZ__M
  7.         dateext
  8.         dateformat .%s
  9.         postrotate
  10.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  11.         endscript
  12. }

  13. __PATH__/__IP__/url/messages.log {
  14.         missingok
  15.         rotate 65535
  16.         create 0777 syslog adm
  17.         compress
  18.         size __SZ__M
  19.         dateext
  20.         dateformat .%s
  21.         postrotate
  22.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  23.         endscript
  24. }

  25. __PATH__/__IP__/QQ/messages.log {
  26.         missingok
  27.         rotate 65535
  28.         create 0777 syslog adm
  29.         compress
  30.         size __SZ__M
  31.         dateext
  32.         dateformat .%s
  33.         postrotate
  34.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  35.         endscript
  36. }

  37. __PATH__/__IP__/msn/messages.log {
  38.         missingok
  39.         rotate 65535
  40.         create 0777 syslog adm
  41.         compress
  42.         size __SZ__M
  43.         dateext
  44.         dateformat .%s
  45.         postrotate
  46.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  47.         endscript
  48. }

  49. __PATH__/__IP__/alipay/messages.log {
  50.         missingok
  51.         rotate 65535
  52.         create 0777 syslog adm
  53.         compress
  54.         size __SZ__M
  55.         dateext
  56.         dateformat .%s
  57.         postrotate
  58.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  59.         endscript
  60. }

  61. __PATH__/__IP__/dns/messages.log {
  62.         missingok
  63.         rotate 65535
  64.         create 0777 syslog adm
  65.         compress
  66.         size __SZ__M
  67.         dateext
  68.         dateformat .%s
  69.         postrotate
  70.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  71.         endscript
  72. }

  73. __PATH__/__IP__/pop3/messages.log {
  74.         missingok
  75.         rotate 65535
  76.         create 0777 syslog adm
  77.         compress
  78.         size __SZ__M
  79.         dateext
  80.         dateformat .%s
  81.         postrotate
  82.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  83.         endscript
  84. }

  85. __PATH__/__IP__/others/messages.log {
  86.         missingok
  87.         rotate 65535
  88.         create 0777 syslog adm
  89.         compress
  90.         size __SZ__M
  91.         dateext
  92.         dateformat .%s
  93.         postrotate
  94.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  95.         endscript
  96. }

vi syslog.install
  1. #/bin/bash

  2. . /etc/log.profile
  3. cd /etc
  4. rm -f /etc/logrotate.d/ipwall
  5. PT=${PT%%/}
  6. [ -d $PT ] || mkdir -p $PT
  7. NUM=$(awk -vRS=, 'END{print NR}' <<<$IP)

  8. SED_F(){
  9.     sed "s,__PATH__,$PT,;s,__IP__,$1,;s,__SZ__,$SZ," logrotate.example >> /etc/logrotate.d/ipwall
  10. }

  11. if [[ $NUM == 1 ]];then
  12.     NIP=$(sed 's/.*/^&$/' <<<$IP)
  13.     SED_F $IP
  14. else
  15.     NIP=$(sed 's/.*/^&$/;s/,/$\\\\|^/g' <<<$IP)
  16.     awk -vRS=",|\n" '1' <<<$IP | while read LINE;do SED_F $LINE;done
  17. fi

  18. sed "s,__PATH__,$PT,;s,__IP__,$NIP," syslog-ng.example > /etc/syslog-ng/syslog-ng.conf

  19. service syslog-ng restart 1>/dev/null

  20. RELEASE=$(lsb_release -a 2>/dev/null | awk -F":[ \t]+" '/Distributor ID/{print $2}')

  21. if [[ $RELEASE == "Ubuntu" ]];then
  22.     CRON=/var/spool/cron/crontabs/root
  23. else
  24.     CRON=/var/spool/cron/root
  25. fi
  26. chmod 755 /etc/rotate /etc/monipartition
  27. if [ -f $CRON ];then
  28.     sed -i '/rotate\|monipartition/d' $CRON
  29.     echo -e "* * * * * . /etc/profile;/etc/rotate\n10 0 * * * /etc/monipartition" >> $CRON
  30. else
  31.     echo "Crontab installation failed"
  32. fi
  33. useradd syslog
  34. exit 0



vi rotate
  1. #!/bin/bash

  2. . /etc/log.profile

  3. MOVE_F(){
  4.         cd $1
  5.         ls *.gz 2>/dev/null|/usr/bin/awk -F"_" 'NR==1{i=$1;system("mkdir -p "i"")}{if($1==i)system("mv "$0" "i"")}'
  6. }

  7. /usr/sbin/logrotate /etc/logrotate.conf

  8. /usr/bin/find $PT -name "messages.log.*.gz" | /usr/bin/awk -F'messages\\.log\\.' '{split($NF,a,".");system("mv "$0" "$1"`date -d \"@"a[1]"\" +%Y-%m-%d_%H-%M`.gz")}'

  9. /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do MOVE_F $LINE;done

  10. exit 0

vi monipartition
  1. #!/bin/bash

  2. . /etc/log.profile

  3. SPACE=$(df $PT | awk 'NR==2{print $4}')
  4. SP=$(($SP*100000))

  5. RM_F(){
  6.     cd $1
  7.     ls -d */ 2>/dev/null | awk 'NR==1{system("rm -rf "$0"")}'
  8. }

  9. [[ $SPACE -le $SP ]] && /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do RM_F $LINE;done

  10. exit 0

文件全部保存在 /etc 目录下,给安装脚本 syslog.install 加执行权限,执行该脚本。
ubuntu 11.04  syslog-ng 3.13 测试通过,如果是syslog-ng 3.1.2 版本请把配置文件的版本号改为:@version: 3.0

syslog-ng管理员手册(英文版):

参考网站:
阅读(6806) | 评论(1) | 转发(3) |
给主人留下些什么吧!~~

走西口1232011-12-09 00:43:36

路径好繁杂