可以转载，转载请著名作者和出处，谢谢，特别鄙视转载后扣上自己名字的哥们

(1)service syslog stop

chkconfig --level 2345 syslog off
(2) tar zxvf libol.tar.gz

cd lobol

./configure

Make

Make install

(3)tar zxvf libnet.tar.gz

Cd libnet

./configure

Make

Make install

Cp libnet-config /usr/sbin /usr/bin

(4)tar zxvf eventlog.tar.gz

Cd eventlog

./configure

Make

Make install

(5) tar zxvf syslog-ng-2.0.6.tar.gz

Cd syslog-ng

./configure

Make

Make install

(6)tar zxvf eventlog.tar.gz

Cd eventlog

./configure

Make

Make install

(6)touch /usr/local/etc/syslog-ng.conf

Vi /usr/local/etc/syslog-ng.conf

options { sync (0);

          time_reopen (10);

          log_fifo_size (1000);

          long_hostnames (off);

          use_dns (no);

          use_fqdn (no);

          create_dirs (yes);

          keep_hostname (yes);

        };

source net{ unix-stream("/dev/log"); internal();pipe("/proc/kmsg" log_prefix("kernel: ")); udp(ip(0.0.0.0) port(514));  };

destination d_mysql {

   pipe("/var/log/mysql.pipe"

      template("INSERT INTO logs

      (host, facility, priority, level, tag, datetime, program, msg)

      VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',

      '$PROGRAM', '$MSG' );\n") template-escape(yes));

};

log { source(net);

source(net);  destination(d_mysql); };

(7)touch /etc/rc.d/init.d/syslog-ng

vi /etc/rc.d/init.d/syslog-ng

INIT_PROG="/usr/local/sbin/syslog-ng"

#

# Source Redhat function library.

#

. /etc/rc.d/init.d/functions

# Tack on path to syslog-ng if not already in PATH

SYSLOGNG_PATH=":/usr/local/sbin"

PATH=$PATH$SYSLOGNG_PATH

export PATH

# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.

# Source config

if [ -f /etc/sysconfig/syslog-ng ] ; then

        . /etc/sysconfig/syslog-ng

else

        SYSLOGNG_OPTIONS=

fi

RETVAL=0

umask 077

ulimit -c 0

# See how we were called.

start() {

        echo -n "Starting $INIT_PROG: "

        daemon $INIT_PROG $SYSLOGNG_OPTIONS

        RETVAL=$?

        echo

        # syslog-ng can handle kernel messages. If you do this, don't

        # run klogd. Consult the following FAQ question to find out why.

        #

        #

        #

        # If you still prefer to run klogd without syslog-ng handling

        # kernel messages, uncomment the following block of lines

        #echo -n $"Starting kernel logger: "

Chmod 755 /etc/rc.d/init.d/syslog-ng

（8）/etc/rc.d/init.d/syslog-ng start

没有问题的话这时候就可以启动了

/etc/rc.d/init.d/syslog-ng stop

(9)cd /usr/local/apache2/htdocs

Rz php-syslog-ng-2.9.1r10.tar.gz

Tar zxvf php-syslog-ng-2.9.1r10.tar.gz

Mv php-syslog-ng-2.9.1r10.tar.gz php-syslog

Chown –R root:root php-syslog

Chmod –R 777 php-syslog

Vi /usr/local/apache2/conf/http.conf

DocumentRoot "/usr/local/apache2/htdocs/php-syslog"

(10)reboot

(11)远程机器浏览器

按照web提示下一步下一步下一步

(12)cd ~

Touch syslog2mysql.sh

Vi

#!/bin/bash

if [ ! -e /var/log/mysql.pipe ]

then

        mkfifo /var/log/mysql.pipe

fi

while [ -e /var/log/mysql.pipe ]

do

        mysql -umysqluser -ppassword syslog < /var/log/mysql.pipe >/dev/null

done

(13)

/etc/rc.d/init.d/syslog-ng start

Sh syslog2mysql.sh &