Centos 5.3下安装syslog-ng server

Mon, 15 Mar 2010 09:32:55 +0000

   syslog-ng是用带代替syslog的log server。功能对syslog有很大的提高。支持tcp,支持buffer(商业版中支持，如果remote log server 死掉的话，可以先把log存放到本地的buffer中,等到remote log server 恢复的时候,然后再将本地的log server中buffer中的内容重新发送给 remote log server).
   本实例的目的是配置两台syslog-ng,一台clinet一台server。server端主要是对client日志的收集,然后我们就可以在服务器端统一分析了。
   本人公司的应用是把log4j的日志通过syslog-ng client 发送到server端，然后通过python脚本分析写入数据库。然后再通过open flash chart画出图表出来，不多说了直接贴安装方法和具体的配置。

pre-acquire
eventlog-0.2.5.tar.gz
libnet
glib-java.x86_64
glib-java-devel.x86_64
glib2-devel

step 1:install  syslog-ng

tar xzvf syslog-ng-2.0.7.tar.gz
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
./configure --prefix=/usr/local/syslogng --enable-tcp-wrapper  --sysconfdir=/etc
make && make install

step 2:initiate

1:create syslog-ng.conf in /etc/ directory
2:create service lsb script in /etc/init.d directory
cp init.d.RedHat-7.3 /etc/init.d/syslogng and modify PATH   environment

3:create logs group and logs user

step 3:configuration

client side:
# $Id: client-syslog-ng.conf,v 1.4 2005/10/23 18:36:10 jmates Exp $
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost. Listens only on localhost interface;
# requires "logs" user and group on system.
#
# Local logs are stored under /var/log/archive in a syslog-ng specific
# format that includes facility, priority, and a timestamp that includes
# the year.

options {
  log_fifo_size(4096);

  group(logs);
  dir_group(logs);

  create_dirs(yes);
  dir_perm(0750);
  perm(0640);
  use_time_recvd(no);

  use_fqdn(yes);
  chain_hostnames(no);
  keep_hostname(yes);

  stats(3600);
};

source local {
  unix-stream("/dev/log" max_connections(150));
  udp(ip(127.0.0.1) port(514));
  internal();
};

# all logs to loghost via TCP
filter notdebug { level(info...emerg); };
destination loghost { tcp("192.168.1.7" port(5149)); };
log { source(local); filter(notdebug); destination(loghost); };

# emergency to more locations by default
filter emergency { level(emerg); };
destination allusers { usertty("*"); };
log { source(local); filter(emergency); destination(allusers); };

destination d_cons { file("/dev/console"); };
log { source(local); filter(emergency); destination(d_cons); };

# alternate locations for other logs to avoid need to logrotate and HUP
destination d_mesg {
  file( "/logs/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};
destination d_mail {
  file( "/logs/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};

#filter f_e {
#not(facility(cron) and priority(info));
#};

filter f_filter1 { level(info...emerg) and not facility(mail) and not facility(user); };
filter f_filter3 { facility(user); };
filter f_filter2 { facility(mail); };

log { source(local); filter(f_filter1); destination(d_mesg); };
log { source(local); filter(f_filter2); destination(d_mail); };

server side:

[root@monitserver etc]# more syslog-ng.conf
# $Id: server-syslog-ng.conf,v 1.4 2005/10/23 18:31:57 jmates Exp $
#
# Central loghost syslog-ng configuration.

options {
  log_fifo_size(8192);

  # garden gnomes shouldn't log (Gnome has a buggy log implementation)
  # needs to be set on client systems, too...
  bad_hostname("gconfd");

  use_time_recvd(no);

  group(logs);
  create_dirs(yes);
  dir_group(logs);
  dir_perm(0750);
  perm(0640);
  chain_hostnames(no);
  keep_hostname(yes);
  stats(3600);
  use_fqdn(yes);
};

# TODO look into enabling 'keep-alive' or 'tcp-keep-alive' on both
# client and server systems to avoid prior connections lingering?
source local {
  unix-stream("/dev/log");
  udp(ip(0.0.0.0) port(514));
  tcp(ip(0.0.0.0) port(5149) max-connections(333));
  internal();
};

filter emergency { level(emerg); };
destination users { usertty("*"); };
log { source(local); filter(emergency); destination(users); };

filter f_1 {
  level(debug...emerg);
};

destination d_1 {
  file("/var/log/everything"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};
log { source(local); filter(f_1); destination(d_1); };
# Windows logs to custom location (via Snare Agent, see [GS #1518])
filter windows {
  program(MSWinEventLog);
};
destination windows {
  file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};
log {
  source(local); filter(windows); destination(windows);
  flags(final);
};

filter f_2 {
  level(info...emerg);
};

filter f_3 {
  not facility(mail);
};
filter f_10 {
  not facility(user);
};
destination d_2 {
  file("/var/log/archive/messages/$R_YEAR/$R_MONTH/message.$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE  <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};

log { source(local); filter(f_2); filter(f_3);filter(f_10); destination(d_2); };

filter f_5 {
  facility(mail) and level(debug...emerg);
};
filter f_6 {
  facility(user) and level(debug...emerg);
};
filter f_7 {
  facility(user) and level(debug...emerg) and match("wadetest.track");
};

filter f_8 {
  facility(user) and level(debug...emerg) and match("wadetest.secretcrush");
};

filter f_9 {
  facility(user) and level(err);
};
filter f_10 {
  facility(user) and level(debug...emerg) and match("wadetest.track");
};
filter f_11 {
  facility(user) and level(debug...emerg) and match("wadetest.advertise");
};

destination d_3 {
  file("/var/log/archive/mail/$R_YEAR/$R_MONTH/total.$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE $HOST_FROM <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};

destination d_11{
    pipe("/data/trackpipe");
};
log { source(local); filter(f_5); destination(d_3); };
log { source(local); filter(f_9); destination(d_9); };
log { source(local); filter(f_11); destination(d_11); };

step 4:start syslog-ng

service syslogng start

来源：
http://blog.sina.com.cn/s/blog_4d8a2c970100f2qz.html

[评论] Centos 5.3下安装syslog-ng server

Thu, 01 Jan 1970 00:00:00 +0000

向东博客 专注WEB应用 构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除

Centos 5.3下安装syslog-ng server

[评论] Centos 5.3下安装syslog-ng server

向东博客专注WEB应用构架之美 --- 构架之美，在于尽态极妍 | 应用之美，在于药到病除