当前位置:金沙js333娱乐场 > 网络频道 > 金沙js333娱乐场syslog-ng详细安装配置

金沙js333娱乐场syslog-ng详细安装配置

文章作者:网络频道 上传时间:2019-10-15

在生产环境中,存在一台日志服务器,专门用来记录其他服务器的日志信息是个很好的主意,不过用红帽自带的syslog,配置虽然简单,但是日志却没有办法分离,默认都堆在/var/log/message文件里面,用来超不爽,下面来介绍下用syslog-ng来构建日志服务器,这个还支持将日志导入数据库和通过网页来发布日志,听起来功能相当的强大,接下来要好好的研究下咯……

最近的一个sendcloud项目中需要使用到syslog-ng收集日志。原理是多台生产机部署不同的模块,包括nodeJs、java等等,各个生产机根据一定的规则产生日志。一般我们的生产机RedHat默认采用syslogd记录日志,可以使用syslogd将日志通过网络发送到指定的日志收集机器,统一分析。

环境介绍
日志服务器IP:192.168.90.20;客户端IP:192.168.90.10
系统:RHEL5.4
实现目标:将客户端的日志自动保存在服务器端的相应目录,并根据日期,IP地址和日志类型进行分开保存
备注:由于在虚拟机环境下操作,服务器于客户端时间未同步,所以会存在记录日志时间不一致的现象;

CentOS 5.8搭建日志管理服务器(Syslog-ng+logzilla) http://www.linuxidc.com/Linux/2012-06/62198.htm

[root@server2 ~]# cd /usr/local/src/tarbag/
[root@server2 tarbag]# wget http://www.linuxidc.com/system/systembak/syslogfile/eventlog/0.2/eventlog_0.2.9.tar.gz
[root@server2 tarbag]# tar -zxvf eventlog_0.2.9.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/eventlog-0.2.9/
[root@server2 eventlog-0.2.9]# ./configure   --prefix=/usr/local/eventlog && make && make install
[root@server2 eventlog-0.2.9]# ls /usr/local/eventlog/
include   lib

关于Linux中 Syslog-ng 如何在转发时修改其facility以及level http://www.linuxidc.com/Linux/2012-02/53941.htm

[root@server2 syslog-ng-3.0.5]# cd -
/usr/local/src/tarbag
[root@server2 tarbag]# wget http://www.linuxidc.com/system/systembak/syslogfile/libol/0.3/libol-0.3.9.tar.gz
[root@server2 tarbag]# tar -zxvf libol-0.3.9.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/libol-0.3.9/
[root@server2 libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install
[root@server2 libol-0.3.9]# ls /usr/local/libol/
bin   include   lib

RHEL5 下使用Syslog-ng构建集中型日志服务器 http://www.linuxidc.com/Linux/2010-03/25170.htm

[root@server2 tarbag]# wget http://www.linuxidc.com/system/systembak/syslogfile/syslog-ng/syslog-ng_3.0.5.tar.gz
[root@server2 tarbag]# tar -zxvf syslog-ng_3.0.5.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/syslog-ng-3.0.5/
[root@server2 syslog-ng-3.0.5]#   export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
[root@server2 syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make install
configure: error: Cannot find eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好)
[root@server2 syslog-ng-3.0.5]# ls /usr/local/syslog-ng/
bin   libexec   sbin   share
[root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc
[root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var
[root@server2 syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat   /usr/local/syslog-ng/etc/
[root@server2 syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng

这台日志收集机器安装的就是syslog-ng,下面讲解一下syslog-ng的安装和配置步骤:

[root@server2 syslog-ng-3.0.5]# cd /usr/local/syslog-ng/etc/
[root@server2 etc]# mv syslog-ng.conf.RedHat syslog-ng.conf
[root@server2 etc]# cat syslog-ng.conf
@version:3.0
options {
long_hostnames(off);
log_msg_size(8192);
flush_lines(1);
log_fifo_size(20480);
time_reopen(10);
use_dns(yes);
dns_cache(yes);
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
perm(0644);
stats_freq(43200);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };

[root@server2 ~]# cd /usr/local/src/tarbag/
[root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/eventlog/0.2/eventlog_0.2.12.tar.gz
[root@server2 tarbag]# tar -zxvf eventlog_0.2.12.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/eventlog-0.2.12/
[root@server2 eventlog-0.2.9]# ./configure  --prefix=/usr/local/eventlog && make && make install
[root@server2 eventlog-0.2.9]# ls /usr/local/eventlog/
include  lib
 
[root@server2 syslog-ng-3.0.5]# cd -
/usr/local/src/tarbag
[root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/libol/0.3/libol-0.3.15.tar.gz
[root@server2 tarbag]# tar -zxvf libol-0.3.15.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/libol-0.3.15/
[root@server2 libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install
[root@server2 libol-0.3.9]# ls /usr/local/libol/
bin  include  lib
[root@server2 libol-0.3.9]# cd -
[root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.3.5/source/syslog-ng_3.3.5.tar.gz
[root@server2 tarbag]# tar -zxvf syslog-ng_3.3.5.tar.gz -C ../software/
[root@server2 tarbag]# cd ../software/syslog-ng-3.3.5/
[root@server2 syslog-ng-3.0.5]#  export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
[root@server2 syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make install
configure: error: Cannot find eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好)
[root@server2 syslog-ng-3.0.5]# ls /usr/local/syslog-ng/
bin  libexec  sbin  share
[root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc
[root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var
[root@server2 syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat  /usr/local/syslog-ng/etc/
[root@server2 syslog-ng-3.0.5]# cp modules.conf scl.conf /usr/local/syslog-ng/etc/
[root@server2 syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng
 
[root@server2 syslog-ng-3.0.5]# cd /usr/local/syslog-ng/etc/
[root@server2 etc]# mv syslog-ng.conf.RedHat syslog-ng.conf
[root@server2 etc]# cat syslog-ng.conf
@version:3.0
options {
long_hostnames(off);
log_msg_size(8192);
flush_lines(1);
log_fifo_size(20480);
time_reopen(10);
use_dns(yes);
dns_cache(yes);
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
perm(0644);
stats_freq(43200);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
 
source s_local {
        unix-dgram("/dev/log");
        file("/proc/kmsg" program_override("kernel:"));
};

source s_local {
         unix-dgram("/dev/log");
         file("/proc/kmsg" program_override("kernel:"));
};

filter f_messages { level(info..emerg); };  //定义7种日志类型
filter f_secure { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_emerg { level(emerg); };
filter f_spooler { level(crit..emerg) and facility(uucp, news); };
filter f_local7 { facility(local7); };
destination d_messages { file("/var/log/messages"); };  //定义7种类型日志在客户端的位置
destination d_secure { file("/var/log/secure"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_cron { file("/var/log/cron"); };
destination d_console { usertty("root"); };
destination d_spooler { file("/var/log/spooler"); };
destination d_bootlog { file("/var/log/dmesg"); };
log { source(s_local); filter(f_emerg); destination(d_console); };
log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };
log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_local); filter(f_spooler); destination(d_spooler); };
log { source(s_local); filter(f_local7); destination(d_bootlog); };
log { source(s_local); filter(f_messages); destination(d_messages); };
 
# Remote logging  //定义监听的端口
source s_remote {
        tcp(ip(0.0.0.0) port(514));
        udp(ip(0.0.0.0) port(514));
};
//定义客户端日志在服务器上保存的格式,位置和权限等
destination r_console {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_secure {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_cron {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_spooler {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_bootlog {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_messages {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
log { source(s_remote); filter(f_emerg); destination(r_console); };
log { source(s_remote); filter(f_secure); destination(r_secure); flags(final); };
log { source(s_remote); filter(f_cron); destination(r_cron); flags(final); };
log { source(s_remote); filter(f_spooler); destination(r_spooler); };
log { source(s_remote); filter(f_local7); destination(r_bootlog); };
log { source(s_remote); filter(f_messages); destination(r_messages); };
 
[root@server2 etc]# chmod +x /etc/init.d/syslog-ng
[root@server2 etc]# chkconfig --add syslog-ng
service syslog-ng does not support chkconfig(若出现该错误,请修改该脚本前四行如下)
[root@server2 etc]# head -4 /etc/init.d/syslog-ng
#!/bin/bash
#chkconifg: --add syslog-ng
#chkconfig: 2345 12 88
#Description: syslog-ng

filter f_messages { level(info..emerg); };   //定义7种日志类型
filter f_secure { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_emerg { level(emerg); };
filter f_spooler { level(crit..emerg) and facility(uucp, news); };
filter f_local7 { facility(local7); };
destination d_messages { file("/var/log/messages"); };   //定义7种类型日志在客户端的位置
destination d_secure { file("/var/log/secure"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_cron { file("/var/log/cron"); };
destination d_console { usertty("root"); };
destination d_spooler { file("/var/log/spooler"); };
destination d_bootlog { file("/var/log/dmesg"); };
log { source(s_local); filter(f_emerg); destination(d_console); };
log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };
log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_local); filter(f_spooler); destination(d_spooler); };
log { source(s_local); filter(f_local7); destination(d_bootlog); };
log { source(s_local); filter(f_messages); destination(d_messages); };

该脚本还需要修改下面的三个位置
[root@server2 etc]# grep ‘PATH‘ /etc/init.d/syslog-ng
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin
[root@server2 etc]# grep 'INIT' /etc/init.d/syslog-ng |head -2

本文由金沙js333娱乐场发布于网络频道,转载请注明出处:金沙js333娱乐场syslog-ng详细安装配置

关键词: