syslog-ng是用带代替syslog的log server。功能对syslog有很大的提高。支持tcp,支持buffer(商业版中支持,如果remote log server 死掉的话,可以先把log存放到本地的buffer中,等到remote log server 恢复的时候,然后再将本地的log server中buffer中的内容重新发送给 remote log server).
本实例的目的是配置两台syslog-ng,一台clinet一台server。server端主要是对client日志的收集,然后我们就可以在服务器端统一分析了。
本人公司的应用是把log4j的日志通过syslog-ng client 发送到server端,然后通过python脚本分析写入数据库。然后再通过open flash chart画出图表出来,不多说了直接贴安装方法和具体的配置。
pre-acquire
eventlog-0.2.5.tar.gz
libnet
glib-java.x86_64
glib-java-devel.x86_64
glib2-devel
step 1:install syslog-ng
tar xzvf syslog-ng-2.0.7.tar.gz
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
./configure --prefix=/usr/local/syslogng --enable-tcp-wrapper --sysconfdir=/etc
make && make install
step 2:initiate
1:create syslog-ng.conf in /etc/ directory
2:create service lsb script in /etc/init.d directory
cp init.d.RedHat-7.3 /etc/init.d/syslogng and modify PATH environment
3:create logs group and logs user
step 3:configuration
client side:
# $Id: client-syslog-ng.conf,v 1.4 2005/10/23 18:36:10 jmates Exp $
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost. Listens only on localhost interface;
# requires "logs" user and group on system.
#
# Local logs are stored under /var/log/archive in a syslog-ng specific
# format that includes facility, priority, and a timestamp that includes
# the year.
options {
log_fifo_size(4096);
group(logs);
dir_group(logs);
create_dirs(yes);
dir_perm(0750);
perm(0640);
use_time_recvd(no);
use_fqdn(yes);
chain_hostnames(no);
keep_hostname(yes);
stats(3600);
};
source local {
unix-stream("/dev/log" max_connections(150));
udp(ip(127.0.0.1) port(514));
internal();
};
# all logs to loghost via TCP
filter notdebug { level(info...emerg); };
destination loghost { tcp("192.168.1.7" port(5149)); };
log { source(local); filter(notdebug); destination(loghost); };
# emergency to more locations by default
filter emergency { level(emerg); };
destination allusers { usertty("*"); };
log { source(local); filter(emergency); destination(allusers); };
destination d_cons { file("/dev/console"); };
log { source(local); filter(emergency); destination(d_cons); };
# alternate locations for other logs to avoid need to logrotate and HUP
destination d_mesg {
file( "/logs/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
destination d_mail {
file( "/logs/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
#filter f_e {
#not(facility(cron) and priority(info));
#};
filter f_filter1 { level(info...emerg) and not facility(mail) and not facility(user); };
filter f_filter3 { facility(user); };
filter f_filter2 { facility(mail); };
log { source(local); filter(f_filter1); destination(d_mesg); };
log { source(local); filter(f_filter2); destination(d_mail); };
server side:
[root@monitserver etc]# more syslog-ng.conf
# $Id: server-syslog-ng.conf,v 1.4 2005/10/23 18:31:57 jmates Exp $
#
# Central loghost syslog-ng configuration.
options {
log_fifo_size(8192);
# garden gnomes shouldn't log (Gnome has a buggy log implementation)
# needs to be set on client systems, too...
bad_hostname("gconfd");
use_time_recvd(no);
group(logs);
create_dirs(yes);
dir_group(logs);
dir_perm(0750);
perm(0640);
chain_hostnames(no);
keep_hostname(yes);
stats(3600);
use_fqdn(yes);
};
# TODO look into enabling 'keep-alive' or 'tcp-keep-alive' on both
# client and server systems to avoid prior connections lingering?
source local {
unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(5149) max-connections(333));
internal();
};
filter emergency { level(emerg); };
destination users { usertty("*"); };
log { source(local); filter(emergency); destination(users); };
filter f_1 {
level(debug...emerg);
};
destination d_1 {
file("/var/log/everything"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log { source(local); filter(f_1); destination(d_1); };
# Windows logs to custom location (via Snare Agent, see [GS #1518])
filter windows {
program(MSWinEventLog);
};
destination windows {
file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log {
source(local); filter(windows); destination(windows);
flags(final);
};
filter f_2 {
level(info...emerg);
};
filter f_3 {
not facility(mail);
};
filter f_10 {
not facility(user);
};
destination d_2 {
file("/var/log/archive/messages/$R_YEAR/$R_MONTH/message.$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log { source(local); filter(f_2); filter(f_3);filter(f_10); destination(d_2); };
filter f_5 {
facility(mail) and level(debug...emerg);
};
filter f_6 {
facility(user) and level(debug...emerg);
};
filter f_7 {
facility(user) and level(debug...emerg) and match("wadetest.track");
};
filter f_8 {
facility(user) and level(debug...emerg) and match("wadetest.secretcrush");
};
filter f_9 {
facility(user) and level(err);
};
filter f_10 {
facility(user) and level(debug...emerg) and match("wadetest.track");
};
filter f_11 {
facility(user) and level(debug...emerg) and match("wadetest.advertise");
};
destination d_3 {
file("/var/log/archive/mail/$R_YEAR/$R_MONTH/total.$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE $HOST_FROM <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
destination d_11{
pipe("/data/trackpipe");
};
log { source(local); filter(f_5); destination(d_3); };
log { source(local); filter(f_9); destination(d_9); };
log { source(local); filter(f_11); destination(d_11); };
step 4:start syslog-ng
service syslogng start
来源:
http://blog.sina.com.cn/s/blog_4d8a2c970100f2qz.html
本实例的目的是配置两台syslog-ng,一台clinet一台server。server端主要是对client日志的收集,然后我们就可以在服务器端统一分析了。
本人公司的应用是把log4j的日志通过syslog-ng client 发送到server端,然后通过python脚本分析写入数据库。然后再通过open flash chart画出图表出来,不多说了直接贴安装方法和具体的配置。
pre-acquire
eventlog-0.2.5.tar.gz
libnet
glib-java.x86_64
glib-java-devel.x86_64
glib2-devel
step 1:install syslog-ng
tar xzvf syslog-ng-2.0.7.tar.gz
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
./configure --prefix=/usr/local/syslogng --enable-tcp-wrapper --sysconfdir=/etc
make && make install
step 2:initiate
1:create syslog-ng.conf in /etc/ directory
2:create service lsb script in /etc/init.d directory
cp init.d.RedHat-7.3 /etc/init.d/syslogng and modify PATH environment
3:create logs group and logs user
step 3:configuration
client side:
# $Id: client-syslog-ng.conf,v 1.4 2005/10/23 18:36:10 jmates Exp $
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost. Listens only on localhost interface;
# requires "logs" user and group on system.
#
# Local logs are stored under /var/log/archive in a syslog-ng specific
# format that includes facility, priority, and a timestamp that includes
# the year.
options {
log_fifo_size(4096);
group(logs);
dir_group(logs);
create_dirs(yes);
dir_perm(0750);
perm(0640);
use_time_recvd(no);
use_fqdn(yes);
chain_hostnames(no);
keep_hostname(yes);
stats(3600);
};
source local {
unix-stream("/dev/log" max_connections(150));
udp(ip(127.0.0.1) port(514));
internal();
};
# all logs to loghost via TCP
filter notdebug { level(info...emerg); };
destination loghost { tcp("192.168.1.7" port(5149)); };
log { source(local); filter(notdebug); destination(loghost); };
# emergency to more locations by default
filter emergency { level(emerg); };
destination allusers { usertty("*"); };
log { source(local); filter(emergency); destination(allusers); };
destination d_cons { file("/dev/console"); };
log { source(local); filter(emergency); destination(d_cons); };
# alternate locations for other logs to avoid need to logrotate and HUP
destination d_mesg {
file( "/logs/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
destination d_mail {
file( "/logs/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
#filter f_e {
#not(facility(cron) and priority(info));
#};
filter f_filter1 { level(info...emerg) and not facility(mail) and not facility(user); };
filter f_filter3 { facility(user); };
filter f_filter2 { facility(mail); };
log { source(local); filter(f_filter1); destination(d_mesg); };
log { source(local); filter(f_filter2); destination(d_mail); };
server side:
[root@monitserver etc]# more syslog-ng.conf
# $Id: server-syslog-ng.conf,v 1.4 2005/10/23 18:31:57 jmates Exp $
#
# Central loghost syslog-ng configuration.
options {
log_fifo_size(8192);
# garden gnomes shouldn't log (Gnome has a buggy log implementation)
# needs to be set on client systems, too...
bad_hostname("gconfd");
use_time_recvd(no);
group(logs);
create_dirs(yes);
dir_group(logs);
dir_perm(0750);
perm(0640);
chain_hostnames(no);
keep_hostname(yes);
stats(3600);
use_fqdn(yes);
};
# TODO look into enabling 'keep-alive' or 'tcp-keep-alive' on both
# client and server systems to avoid prior connections lingering?
source local {
unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(5149) max-connections(333));
internal();
};
filter emergency { level(emerg); };
destination users { usertty("*"); };
log { source(local); filter(emergency); destination(users); };
filter f_1 {
level(debug...emerg);
};
destination d_1 {
file("/var/log/everything"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log { source(local); filter(f_1); destination(d_1); };
# Windows logs to custom location (via Snare Agent, see [GS #1518])
filter windows {
program(MSWinEventLog);
};
destination windows {
file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log {
source(local); filter(windows); destination(windows);
flags(final);
};
filter f_2 {
level(info...emerg);
};
filter f_3 {
not facility(mail);
};
filter f_10 {
not facility(user);
};
destination d_2 {
file("/var/log/archive/messages/$R_YEAR/$R_MONTH/message.$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
log { source(local); filter(f_2); filter(f_3);filter(f_10); destination(d_2); };
filter f_5 {
facility(mail) and level(debug...emerg);
};
filter f_6 {
facility(user) and level(debug...emerg);
};
filter f_7 {
facility(user) and level(debug...emerg) and match("wadetest.track");
};
filter f_8 {
facility(user) and level(debug...emerg) and match("wadetest.secretcrush");
};
filter f_9 {
facility(user) and level(err);
};
filter f_10 {
facility(user) and level(debug...emerg) and match("wadetest.track");
};
filter f_11 {
facility(user) and level(debug...emerg) and match("wadetest.advertise");
};
destination d_3 {
file("/var/log/archive/mail/$R_YEAR/$R_MONTH/total.$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE $HOST_FROM <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
);
};
destination d_11{
pipe("/data/trackpipe");
};
log { source(local); filter(f_5); destination(d_3); };
log { source(local); filter(f_9); destination(d_9); };
log { source(local); filter(f_11); destination(d_11); };
step 4:start syslog-ng
service syslogng start
来源:
http://blog.sina.com.cn/s/blog_4d8a2c970100f2qz.html
作者:jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除
地址:https://jackxiang.com/post/2817/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!
php sprintf()函数让你的sql操作更安全,printf直接输
PHP中readfile()的理解评论列表
