苦逼房奴一枚
全部博文(65)
分类: LINUX
2008-08-21 11:02:04
可以转载,转载请著名作者和出处,谢谢,特别鄙视转载后扣上自己名字的哥们
(1)首先,請先關掉syslog避免他再重新開機時自動啟動造成衝突。
chkconfig --level 2345 syslog off
(2)安裝libol,依序下configure、make、make install指令
(3)解壓縮、安裝syslog-ng,依序下configure、make、make install指令
(4)安裝config scripts及設定系統
cp contrib/init.d.RedHat7.3 /etc/rc.d/init.d/syslog-ng
還有修改syslog-ng
INIT_PROG="/usr/local/sbin/syslog-ng"
#
# Source Redhat function library.
#
. /etc/rc.d/init.d/functions
# Tack on path to syslog-ng if not already in PATH
SYSLOGNG_PATH=":/usr/local/sbin"
PATH=$PATH$SYSLOGNG_PATH
export PATH
# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.
# Source config
if [ -f /etc/sysconfig/syslog-ng ] ; then
. /etc/sysconfig/syslog-ng
else
SYSLOGNG_OPTIONS=
fi
RETVAL=0
umask 077
ulimit -c 0
# See how we were called.
start() {
echo -n "Starting $INIT_PROG: "
daemon $INIT_PROG $SYSLOGNG_OPTIONS
RETVAL=$?
echo
# syslog-ng can handle kernel messages. If you do this, don't
# run klogd. Consult the following FAQ question to find out why.
#
#
#
# If you still prefer to run klogd without syslog-ng handling
# kernel messages, uncomment the following block of lines
#echo -n $"Starting kernel logger: "
#daemon klogd $KLOGD_OPTIONS
#echo
[ $RETVAL -eq 0 ] && touch "/${INIT_PROG}"
return $RETVAL
}
stop() {
# Same here concerning klogd. Uncomment the following block of
# code if you are needing to run it
#echo -n $"Shutting down kernel logger: "
#killproc klogd
#echo
echo -n "Stopping $INIT_PROG: "
killproc $INIT_PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "/var/lock/subsys/${INIT_PROG}"
return $RETVAL
}
rhstatus() {
status $INIT_PROG
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/syslog-ng ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $?
(5)在/usr/local/etc新建syslog-ng目录,下面新建syslog-ng.conf
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_stream
{ unix-stream("/dev/log"); };
source s_internal
{ internal(); };
source s_kernel
{ pipe("/proc/kmsg" log_prefix("kernel: ")); };
source remote { tcp(ip("
source net { udp(); };
destination lpr { file("/var/log/lpr.log"); };
destination mail { file("/var/log/mail.log"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination mslog { file("/var/log/mslog.log");};
destination d_cisco { file("/var/log/cisco.log");};
#filter f_lpr { facility(lpr); };
#filter f_mail { facility(mail); };
#filter f_messages { level(info..emerg) and not facility(mail,lpr); };
#filter f_emergency { level(emerg); };
filter f_winauth { facility(local0); };
filter f_admin { match ("admin|Admin"); };
filter f_cisco { facility(local1); };
#log { source(src); filter(f_lpr); destination(lpr); };
#log { source(src); filter(f_mail); destination(mail); };
#log { source(src); filter(f_messages); destination(messages); };
#log { source(src); filter(f_emergency); destination(console); };
log { source(net); filter(f_winauth); filter (f_admin); destination(mslog);};
log { source(net); filter(f_winauth); destination(d_mysql);};
log { source(net); filter(f_cisco); destination(d_cisco);};
log { source(net); filter(f_cisco); destination(d_mysql);};
destination hosts { file("/var/log/HOSTS/$HOST/$FACILITY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
log { source(remote); destination(hosts); };
destination d_mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log { source(s_stream);
source(s_internal);
source(s_kernel);
source(remote);
source(net);
destination(d_mysql); };
(6)新建syslog-ng.sql
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq),
KEY host (host),
KEY seq (seq),
KEY program (program),
KEY time (time),
KEY date (date),
KEY priority (priority),
KEY facility (facility)
) TYPE=MyISAM;
mysql -u root -p < syslog.sql。
touch syslog2mysql.sh
vi syslog2mysql.sh
if [ ! -e /tmp/mysql.pipe ]
then
mkfifo /tmp/mysql.pipe
fi
while [ -e /tmp/mysql.pipe ]
do
mysql –umysqluser -ppassword syslog < /var/log/mysql.pipe >/dev/null
done
sh syslog2mysql.sh &
(7)在apache的安装目录下面(默认是/usr/local/apache2/htdocs/)新建includes文件夹,创建db_fns.php
function db_connect_syslog()
{
$result = mysql_pconnect("loghost", "mysqluser", "password");
if (!$result)
return false;
if (!mysql_select_db("syslog"))
return false;
return $result;
}
?>
(8)解压php-syslog-ng-
修改cache_index.php,index.php,results.php里面的include
重启apache
重启syslog-ng
BTW
Syslog-ng.conf典型配置
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source net{ unix-stream("/dev/log"); internal();pipe("/proc/kmsg" log_prefix("kernel: ")); udp(ip(
destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
log { source(net);
source(net); destination(database); };
