Chinaunix首页 | 论坛 | 博客
  • 博客访问: 8822907
  • 博文数量: 29
  • 博客积分: 4010
  • 博客等级: 上校
  • 技术积分: 797
  • 用 户 组: 普通用户
  • 注册时间: 2007-09-19 14:12
文章分类

全部博文(29)

文章存档

2008年(29)

我的朋友

分类: LINUX

2008-06-04 09:44:09

1.安装syslog-ng:
   
下载 eventlog, libol,    syslog-ng .
   安装eventlog:   # ./configure 
                  # make
                  #  make install
   安装 libol:      #./configure
                   # make
                   # make install
   安装 syslog-ng:  # export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
                      (PKG_CONFIG_PATH路径一定要正确,否则编译syslog-ng会提示找不到路么的问题而无法编译过去)   
                 
      # ./configure –prefix=/usr/local/syslog-ng 
                           # make
                           # make install
在服务器和客户端都要装上syslog-ng
2.服务器端
          默认情况下/usr/local/syslog-ng/ 下缺少配置文件,所以要新建所需的文件夹
       
#  mkdir /usr/local/syslog-ng/etc
vi /usr/local/syslog-ng/etc/syslog-ng.conf
_____________________
#
# configuration file for syslog-ng, customized for remote logging
#
options {
        use_fqdn(yes);
        chain_hostnames(off);
        keep_hostname(off);
        sync(0);
        # The default action of syslog-ng 1.6.0 is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats(43200);
        create_dirs(yes);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_rsync { file("/var/log/rsync"); };
destination d_mlal { usertty("*"); };
filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail)
                        or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(daemon); };
filter f_filter10     { facility(local6); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
# Remote logging
source s_remote {
        udp(ip(0.0.0.0) port(514));
};

destination r_mesg { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_auth { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_mail { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/maillog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_spol { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_boot { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/boot.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_cron { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_daemon { file("/var/log/syslog-ng/$YEAR/$MONTH/$HOST/daemon" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_local6 { file("/var/log/syslog-ng/$YEAR/$MONTH/network/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
#destination d_separatedbyhosts {
#       file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
#};
#log { source(s_remote); destination(d_separatedbyhosts); };
log { source(s_remote); filter(f_filter2); destination(r_mesg); };
log { source(s_remote); filter(f_filter3); destination(r_auth); };
log { source(s_remote); filter(f_filter4); destination(r_mail); };
log { source(s_remote); filter(f_filter6); destination(r_spol); };
log { source(s_remote); filter(f_filter7); destination(r_boot); };
log { source(s_remote); filter(f_filter8); destination(r_cron); };
log { source(s_remote); filter(f_filter9); destination(r_daemon); };
log { source(s_remote); filter(f_filter10); destination(r_local6); };

3.客户端配置
cp ~/syslog-ng/doc/syslog-ng.conf.example(copy安装文档下的配置文件到安装文档路径)
/usr/loca/syslog-ng/etc/syslog-ng.conf
在配置文件syslog-ng.conf中加入两行:
destination d_udp { udp("loghost" port(514)); };
log { source(src); destination(d_udp); };

4.关闭服务器与客户端的syslog服务,开启syslog-ng服务
/etc/init.d/syslog stop
/usr/local/syslog-ng/sbin/syslog-ng


阅读(1962) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~