Chinaunix首页 | 论坛 | 博客
  • 博客访问: 517334
  • 博文数量: 240
  • 博客积分: 791
  • 博客等级: 军士长
  • 技术积分: 1694
  • 用 户 组: 普通用户
  • 注册时间: 2011-08-23 18:21
文章分类

全部博文(240)

文章存档

2013年(21)

2012年(219)

我的朋友

分类:

2012-05-28 09:22:24

今天为淘立方实现日志集中管理

1.程序下载 
  wget
  wget
  wget
 2.安装eventlog
  tar -zxvf eventlog_0.2.12.tar.gz
  cd eventlog-0.2.12/
  ./configure --prefix=/usr/local/eventlog
  make && make install
 3.安装libol 
  tar zxvf libol-0.3.18.tar.gz
  cd libol-0.3.18
  ./configure --prefix=/usr/local/libol-0.3.9
  make && make install
  报错configure: error: C++ preprocessor "/lib/cpp" fails sanity check       安装gcc-c++    yum install -y gcc-c++
 4.安装syslog-ng
   
  tar zxvf syslog-ng_3.3.5.tar.gz
  cd syslog-ng-3.3.5/
  export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig/ (若出现configure: error: Cannot find eventlog version >= 0.2: is pkg-config in path?基本上是由于PKG_CONFIG_PATH变量没指定好)
              错误 :No package 'glib-2.0' found  解决: 
   ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol-0.3.9  
  make && make install
  cp contrib/syslog-ng.conf.RedHat /usr/local/syslog-ng/etc/syslog-ng.conf
  cp contrib/init.d.RedHat /etc/init.d/syslog-ng
  vi   /etc/init.d/syslog-ng 添加
   #!/bin/bash
   #chkconifg: --add syslog-ng
   #chkconfig: 2345 12 88
   #Description: syslog-ng
   修改如下三行
   INIT_PROG="/usr/local/syslog-ng/sbin/syslog-ng"    # Full path to daemon
   INIT_OPTS="-f /usr/local/syslog-ng/etc/syslog-ng.conf"                      # options passed to daemon
   PATH=/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin:/bin:/sbin:/usr/bin:/usr/sbin
  chkconfig --add syslog-ng
  chkconfig syslog-ng on
  chmod +x /etc/init.d/syslog-ng
  /etc/init.d/syslog-ng  start
   报错:1.Starting syslog-ng: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file; 
     在配置文件开头添加:@version:3.3
  2:Your configuration file uses an obsoleted keyword, please update your configuration; keyword='sync', change='flush_lines'
    Your configuration file uses an obsoleted keyword, please update your configuration; keyword='long_hostnames', change='chain_hostnames' 
   配置文件关键字过时  改为新关键字 sync改为flush_lines  long_hostnames改为chain_hostnames
  3.Starting syslog-ng: /usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libevtlog.so.0: cannot open shared object file: No such file or directory
   Starting Kernel Logger: 出现此错误是因为共享库链接没做好
   [root@server2 etc]# ln -s /usr/local/eventlog/lib/* /lib/
   
 5.syslog-ng.conf配置
  @version:3.3
  
  options { flush_lines (0);
     time_reopen (10);
     log_fifo_size (1000);
     chain_hostnames (off);
     use_dns (no);
     use_fqdn (no);
     create_dirs (no);
     keep_hostname (yes);
   };

  source s_sys { file ("/proc/kmsg" program_override("kernel")); unix-stream ("/dev/log"); internal(); };
  source r_remote {
   tcp (ip(0.0.0.0) port(514) );
   udp (ip(0.0.0.0) port(514) );
  };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination r_cons {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_mesg {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_auth {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_spol {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_boot {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_cron {file("/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};


filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
   not (facility(mail)
   or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
   (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(r_remote); filter(f_filter1); destination(r_cons); };
log { source(r_remote); filter(f_filter2); destination(r_mesg); };
log { source(r_remote); filter(f_filter3); destination(r_auth); };
log { source(r_remote); filter(f_filter6); destination(r_spol); };
log { source(r_remote); filter(f_filter7); destination(r_boot); };
log { source(r_remote); filter(f_filter8); destination(r_cron); }; 

 6.客户端配置  
  vi  /etc/syslog.conf 
   在开头加 *.* @192.168.177.3 (192.168.177.3是syslog-ng SERVER的IP)  
   /etc/init.d/syslog restart
 7.测试
  [root@client ~]# logger -i just one test
  [root@client ~]# tail -1 /var/log/messages
  Jan 27 22:12:02 client root[2861]: just one test
  [root@server2 ~]# cat /var/log/syslog-ng/192.168.177.2/20120514/messages
  Jan 28 04:24:32 192.168.90.10 root[2861]: just one test

  [root@server2 ~]# cat /var/log/syslog-ng/192.168.177.2/20120514/secure
  Jan 28 04:01:04 192.168.90.10 sshd[2832]: Accepted publickey for root from 192.168.90.1 port 48834 ssh2
  Jan 28 04:01:04 192.168.90.10 sshd[2832]: pam_unix(sshd:session): session opened for user root by (uid=0)

阅读(1240) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~