Install syslog-ng management logs

Source: Internet
Author: User
Tags rsyslog

Syslog-ng is installed to manage server logs in a unified manner. The installation method is found online. Some problems need to be solved now;

1. The log server can synchronize the log files on a daily basis, but the log files you want cannot be synchronized to the server because you need to customize the log files. Now, I have posted the configuration documents and hope to learn from them.


Install syslog-ng


Service installation:

Yum install GCC *

CD/usr/src

Wget http://www.balabit.com/downloads/files/syslog-ng/sources/3.2.4/source/eventlog_0.2.12.tar.gz

Wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.3.5/source/syslog-ng_3.3.5.tar.gz

Tar xvf eventlog_0.2.12.tar.gz

CD eventlog-0.2.12

./Configure -- prefix =/usr/local/EventLog

Make

Make install

 

CD/usr/src

Tar xvf syslog-ng_3.3.5.tar.gz

CD syslog-ng-3.3.5

Export pkg_config_path =/usr/local/EventLog/lib/pkgconfig

./Configure -- prefix =/usr/local/syslog-ng

Make

Make install

 

 

Add syslog-ng as a system service,

Vim/etc/init. d/syslog-ng # The content is as follows:

#! /Bin/bash

#

# Chkconfig:-60 27

# Description: syslog-ng sysv script.

./Etc/rc. d/init. d/functions

 

Syslog_ng =/usr/local/syslog-ng/sbin/syslog-ng

Prog = syslog-ng

Pidfile =/usr/local/syslog-ng/var/syslog-ng.pid.

Lockfile =/usr/local/syslog-ng/var/syslog-ng.lock

Retval = 0

Stop_timeout =$ {STOP_TIMEOUT-10}

 

Start (){

Echo-N $ "Starting $ prog :"

Daemon -- pidfile = $ pidfile $ syslog_ng $ options

Retval =$?

Echo

[$ Retval = 0] & touch $ {lockfile}

Return $ retval

}

 

Stop (){

Echo-N $ "Stopping $ prog :"

Killproc-p $ pidfile-d $ stop_timeout $ syslog_ng

Retval =$?

Echo

[$ Retval = 0] & Rm-F $ lockfile $ pidfile

}

 

Case "$1" in

Start)

Start

;;

Stop)

Stop

;;

Status)

Status-p $ pidfile $ syslog_ng

Retval =$?

;;

Restart)

Stop

Start

;;

*)

Echo $ "Usage: $ prog {START | stop | restart | status }"

Retval = 2

Esac

Exit $ retval

------------------------------------------------------------

Chmod A + x/etc/init. d/syslog-ng

Killall syslogd

Chkconfig -- add syslog-ng

Chkconfig syslog-ng on

Service syslog-ng start


Configuration File/usr/local/syslog-ng/etc/syslog-ng.conf

# The complete configuration file is shown below. Note:


@ Version: 3.3.5

@ Include "SCL. conf"

Options {

# Long_hostnames (off );

Log_msg_size (8192 );

Flush_lines (1 );

Log_1_o_size (20480 );

Time_reopen (10 );

Use_dns (yes );

Dns_cache (yes );

Use_fqdn (yes );

Keep_hostname (yes );

Chain_hostnames (NO );

# Chain_hostnames (off );

Perm (0644 );

Stats_freq (43200 );

};

Source s_internal {internal ();};

Destination d_syslognglog {file ("/var/log/syslog-ng.log ");};

Log {source (s_internal); destination (d_syslognglog );};

Source s_local {

Unix-dgram ("/dev/log ");

File ("/proc/kmsg" program_override ("kernel :"));

};

# Define 7 log types

Filter f_messages {level (info .. emerg );};

Filter f_secure {facility (authpriv );};

Filter f_mail {facility (Mail );};

Filter f_cron {facility (cron );};

Filter f_emerg {level (emerg );};

Filter f_spooler {level (CRIT .. emerg) and facility (uucp, News );};

Filter f_local7 {facility (local7 );};

Filter f_local4 {facility (local4 );};

# Define the location of seven types of logs on the client

Destination d_messages {file ("/var/log/messages ");};

Destination d_secure {file ("/var/log/secure ");};

Destination d_maillog {file ("/var/log/maillog ");};

Destination d_cron {file ("/var/log/cron ");};

Destination d_console {usertty ("root ");};

Destination d_spooler {file ("/var/log/Spooler ");};

Destination d_bootlog {file ("/var/log/dmesg ");};

Destination d_usercmd {file ("/var/log/usercmd. log ");};

Log {source (s_local); filter (f_emerg); destination (d_console );};

Log {source (s_local); filter (f_secure); destination (d_secure); flags (final );};

Log {source (s_local); filter (f_mail); destination (d_maillog); flags (final );};

Log {source (s_local); filter (f_cron); destination (d_cron); flags (final );};

Log {source (s_local); filter (f_spooler); destination (d_spooler );};

Log {source (s_local); filter (f_local7); destination (d_bootlog );};

Log {source (s_local); filter (f_messages); destination (d_messages );};

Log {source (s_local); filter (f_local4); destination (d_usercmd );};

# Define the listening port

# Remote logging

Source s_remote {

TCP/IP (IP (0.0.0.0) Port (514 ));

UDP (IP (0.0.0.0) Port (514 ));

};


# Define the format, location, and permissions of client logs stored on the server

Destination r_console {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/console" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_secure {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/secure" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_cron {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/cron" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_spooler {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/Spooler" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_bootlog {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/bootlog" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_messages {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/messages" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_usercmd {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/usercmd" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_maillog {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/maillog" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Log {source (s_remote); filter (f_emerg); destination (r_console );};

Log {source (s_remote); filter (f_secure); destination (r_secure); flags (final );};

Log {source (s_remote); filter (f_cron); destination (r_cron); flags (final );};

Log {source (s_remote); filter (f_spooler); destination (r_spooler );};

Log {source (s_remote); filter (f_local7); destination (r_bootlog );};

Log {source (s_remote); filter (f_messages); destination (r_messages );};

Log {source (s_remote); filter (f_local4); destination (r_usercmd );};

Log {source (s_remote); filter (f_mail); destination (r_usercmd );};



######################################## ##### 3


Note: If you want to add a new monitoring service log, you need to add a few places: the configuration file marked as red

Add to client

Local4. */var/log/usercmd. Log



#/Usr/local/syslog-ng/sbin/syslog-ng-e-f-D-V

Test whether the syslog-ng configuration file is correct.


On the client side, we use the rsyslog system's built-in log collection service.

VI/etc/rsyslog. conf

Add a row at the bottom

*. Info @ 10.0.11.53




VI/etc/syslog. conf

Add as follows:

*. Info; mail. None; news. None; authpriv. None; cron. None @ service IP


Install syslog-ng management logs

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.