¿Í»§¶ËÅäÖÃ
linuxʹÓõÄsyslog-ng
ÔÚÅäÖÃÎļþsyslog-ng.confÖмÓÈëÁ½ÐУº
destination d_udp { udp("log_server_ip" port(514)); };
log { source(src); destination(d_udp); };
ÖØÐÂÆô¶¯syslog-ng·þÎñ
#/etc/init.d/syslog-ng restart
 
winodws·þÎñÆ÷µÄÅäÖÃ
ÒòΪwindows·þÎñÆ÷²»Ö§³ÖÈÕÖ¾·þÎñÆ÷£¬Òò´ËÐèÒª°²×°Ò»¸öת»»Èí¼þ£º
ÏÂÔصØַΪ£ºhttps://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
¸ù¾ÝϵͳµÄ°æ±¾ÏÂÔØ32λºÍ64λµÄ³ÌÐò¡£
½âѹºóÊÇÁ½¸öÎļþevtsys.dllºÍevtsys.exe
°ÑÕâÁ½¸öÎļþ¿½±´µ½ c:\windows\system32Ŀ¼Ï¡£
´ò¿ªWindowsÃüÁîÌáʾ·û£¨¿ªÊ¼£­>ÔËÐÐ ÊäÈëCMD£©
C:\>evtsys ¨Ci ¨Ch log_server_ip   #£¨ÈÕÖ¾·þÎñÆ÷µÄIPµØÖ·£©
-i ±íʾ°²×°³Éϵͳ·þÎñ
-h Ö¸¶¨log·þÎñÆ÷µÄIPµØÖ·
Èç¹ûҪжÔØevtsys,Ôò£º
net stop evtsys
evtsys -u
Æô¶¯¸Ã·þÎñ:
C:\>net start evtsys
 ÅäÖÃÍê³É:)

syslog-ng¿ÉÒÔ½â¾ösyslog½ÓÊÜʱÎÞ·¨°Ñ¸÷»úÆ÷·¢Ë͹ýÀ´µÄlog·Ö¿ªµÄÎÊÌâ¡£ÊÊÓÃÓڽ϶àÉ豸ÈÕÖ¾¼Ç¼¡£
ºÜ¶àlinuxϵͳ×Ô´øsyslog-ngÕâÀï¾Í²»Ëµ°²×°ÁË¡£

·þÎñÆ÷ÅäÖãº
#cat /etc/syslog-ng/syslog-ng.conf
Ìí¼ÓÈçÏÂÄÚÈÝ
source s_remote {
   udp(ip(0.0.0.0) port(514));
};
destination d_separatedbyhosts {  file("/var/log/syslog-ng/$HOST/$FACILITY.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};

log { source(s_remote); destination(d_separatedbyhosts); };
ʹ¼Ç¼µÄÉ豸ÈÕÖ¾°´É豸IPºÍÉ豸ºÅ·Ö±ð±£´æ¡£

×¢Ô­ÎĵØÖ·£ºhttp://e1dzrh5b.blog.163.com/blog/static/34896635200882124866/