2007-06-21 11:03 syslog-ng 教學

    Syslog-ng 教學

    壹、安裝

        # cd /usr/ports/sysutils/syslog-ng/;make install clean

          TCP_WRAPPERS可不選(若選取,則需至hosts.allow開啟syslog-ng這個daemon

        #vi /etc/rc.conf

         加入syslog_ng_enable="YES"

         加入syslogd_enable="NO"

        #top

         找到syslogd這支daemon,然後kill

    貳、設定

      目前只記錄message、ssh、mail的log

        ()server

        #vi /usr/local/etc/syslog-ng/syslog-ng.conf

    # syslog-ng server cofig

    # edit by shu yung zai

    # Central loghost syslog-ng configuration.

     

    options {

      log_fifo_size(8192);

      bad_hostname("gconfd");

      use_time_recvd(no);

      group(logs);

      create_dirs(yes);

      dir_group(logs);

      dir_perm(0750);

      perm(0640);

      chain_hostnames(no);

      keep_hostname(yes);

      stats(3600);

      use_fqdn(yes);

    };

    source local {

      unix-dgram("/var/run/log");

      unix-dgram("/var/run/logpriv" perm(0600));

      udp(ip(0.0.0.0) port(514));

      tcp(ip(0.0.0.0) port(5149) max-connections(333));

      internal();

    };

    filter emergency { level(emerg); };

    destination users { usertty("*"); };

    log { source(local); filter(emergency); destination(users); };

     

    ############  everthing log   ############

    filter f_1 {level(debug...emerg);};

     

    destination d_1 { file("/var/log/everything"

        template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSGn")

        template_escape(no) );};

    log { source(local); filter(f_1); destination(d_1); };

     

     

    ############  message log   ############

    filter f_2 { level(info...emerg);};

    filter f_3 { not facility(mail);};

    destination d_2 {

      file("/var/log/$HOST/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"

        template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSGn")

        template_escape(no) );};

    log { source(local); filter(f_2); filter(f_3); destination(d_2); };

     

    ############  everthing log   ############

     

    filter f_5 { facility(mail) and level(debug...emerg);};

    destination d_3 {

      file("/var/log/$HOST/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"

        template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSGn")

        template_escape(no)  );};

    log { source(local); filter(f_5); destination(d_3); };

     

     

    ############  sshd log   ############

    filter f_sshd {program("sshd"); };

    destination d_sshd { file("/var/log/$HOST/sshd/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };

    log { source(local); filter(f_sshd); destination(d_sshd); };

     

    ############  cron log   ############

    filter f_cron {program("CRON"); };

    destination d_cron { file("/var/log/$HOST/cron/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };

    log { source(local); filter(f_cron); destination(d_cron); };

     

        #/usr/local/etc/rc.d/syslog-ng start

     

     

        ()client

        #vi /usr/local/etc/syslog-ng/syslog-ng.conf

    # syslog-ng client cofig

    # edit by shu yung zai

    # Central loghost syslog-ng configuration.

     

    options {

      log_fifo_size(4096);

     

      group(logs);

      dir_group(logs);

     

      create_dirs(yes);

      dir_perm(0750);

      perm(0640);

      use_time_recvd(no);

     

      use_fqdn(yes);

      chain_hostnames(no);

      keep_hostname(yes);

     

      stats(3600);

    };

     

    source local {

      unix-dgram("/var/run/log");

      unix-dgram("/var/run/logpriv" perm(0600));

      udp(ip(127.0.0.1) port(514));

      internal();

    };

     

     

    ############  send log to server   ############

     

    # all logs to loghost via TCP

    filter notdebug { level(info...emerg); };

    destination loghost { tcp("XXX.XXX.XXX.XXX" port(5149)); };改成log server ip位置

    log { source(local); filter(notdebug); destination(loghost); };

     ############  message log   ############

     # alternate locations for other logs to avoid need to logrotate and HUP

    destination d_mesg {

      file( "/var/log/$HOST/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"

        template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSGn")

        template_escape(no));};

      filter f_filter1 { level(info...emerg) and not facility(mail); };

      log { source(local); filter(f_filter1); destination(d_mesg); };

     

    ############  mail log   ############

     destination d_mail {

      file( "/var/log/$HOST/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"

        template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSGn")

        template_escape(no)  ); };

      filter f_filter2 { facility(mail); };

      log { source(local); filter(f_filter2); destination(d_mail); };

     

    ############  alluser log   ############

     # emergency to more locations by default

    filter emergency { level(emerg); };

    destination allusers { usertty("*"); };

    log { source(local); filter(emergency); destination(allusers); };

    destination d_cons { file("/dev/console"); };

    log { source(local); filter(emergency); destination(d_cons); };

     

    ############  sshd log   ############

     destination d_sshd { file("/var/log/$HOST/sshd/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };

    filter f_sshd {program("sshd"); };

    log { source(local); filter(f_sshd); destination(d_sshd); };

      

    ############  cron log   ############

     destination d_cron { file("/var/log/$HOST/cron/$YEAR/$MONTH/$YEAR-$MONTH-$DAY"); };

    filter f_cron {program("CRON"); };

    log { source(local); filter(f_cron); destination(d_cron); };

     

        #/usr/local/etc/rc.d/syslog-ng start

     

     

     

     

     

     

     

    平均分數:0 顆星    投票人數:0
    我要評分:
    來自澎湖 / Xuite日誌 / 回應(1) / 引用(0) / 好文轉寄
    2007澎湖花火節part I|日誌首頁|月份別稱
    回應
    全部展開|全部收合
    幫火狐「3」熱...
    火狐鬥陣拼紀錄,有你一份!
    關鍵字
      沒有新回應!
    累積 | 今日
    loading......
    全部展開|全部收合