I. Overview
Syslog-ng is installed on both servers, one server and one client;
Server: 192.168.209.19
Client: 192.168.209.18
Ii. Installation
Run the following command to install Yum:
Yum-y install syslog-ng
After completion, restart the syslog-ng service and the service syslog-ng restart reports the following error:
Plugin module not found in 'module-path'; Module-Path = '/lib64/syslog-ng', module = 'afsql'
Solution:
Yum install-y syslog-ng-libdbi
The following two software packages are installed.
Libdbi-0.8.3-4.el6.x86_64
Syslog-ng-libdbi-3.2.5-4.el6.x86_64
3. Configuration File Modification
The server is as follows:
Options {
Flush_lines (0 );
Time_reopen (10 );
Log_1_o_size (1000 );
Long_hostnames (off );
Use_dns (NO );
Use_fqdn (NO );
Create_dirs (NO );
Keep_hostname (yes );
};
# Define source
Source s_network {
TCP/IP (IP (0.0.0.0) Port (514 ));
};
# Define filter rules
# Filter f_local0 {level (info .. emerg );};
# Define destination file path
Destination d_local0 {file ("/var/log/local0.log" perm (0755) dir_perm (0755) create_dirs (yes ));};
# Write to destination files
Log {source (s_network); destination (d_local0 );};
Simple Server Configuration, no filter defined, directly receives all logs;
The client is as follows:
Options {
Flush_lines (0 );
Time_reopen (10 );
Log_1_o_size (1000 );
Long_hostnames (off );
Use_dns (NO );
Use_fqdn (NO );
Create_dirs (NO );
Keep_hostname (yes );
};
Source s_sys {
Unix-stream ("/dev/log ");
Internal ();
};
Filter f_auth {facility (auth );};
Destination center_log_server {tcp ("192.168.209.19" port (514 ));};
Log {source (s_sys); filter (f_auth); destination (center_log_server );};
Simple Configuration:
Source informs the log source of/dev/log. Unix-stream opens the UNIX socket in the specified sock_stream mode and receives log messages and internal (syslog generates logs );
Define filter as auth policy;
Inform log server of 192.168.209.19, port 514, and TCP protocol.
Syslog-ng configuration (TCP protocol)