Home > Others

Install syslog-ng management logs

Source: Internet
Author: User
Tags rsyslog
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Syslog-ng is installed to manage server logs in a unified manner. The installation method is found online. Some problems need to be solved now;

1. The log server can synchronize the log files on a daily basis, but the log files you want cannot be synchronized to the server because you need to customize the log files. Now, I have posted the configuration documents and hope to learn from them.


Install syslog-ng


Service installation:

Yum install GCC *

CD/usr/src

Wget http://www.balabit.com/downloads/files/syslog-ng/sources/3.2.4/source/eventlog_0.2.12.tar.gz

Wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.3.5/source/syslog-ng_3.3.5.tar.gz

Tar xvf eventlog_0.2.12.tar.gz

CD eventlog-0.2.12

./Configure -- prefix =/usr/local/EventLog

Make

Make install

 

CD/usr/src

Tar xvf syslog-ng_3.3.5.tar.gz

CD syslog-ng-3.3.5

Export pkg_config_path =/usr/local/EventLog/lib/pkgconfig

./Configure -- prefix =/usr/local/syslog-ng

Make

Make install

 

 

Add syslog-ng as a system service,

Vim/etc/init. d/syslog-ng # The content is as follows:

#! /Bin/bash

#

# Chkconfig:-60 27

# Description: syslog-ng sysv script.

./Etc/rc. d/init. d/functions

 

Syslog_ng =/usr/local/syslog-ng/sbin/syslog-ng

Prog = syslog-ng

Pidfile =/usr/local/syslog-ng/var/syslog-ng.pid.

Lockfile =/usr/local/syslog-ng/var/syslog-ng.lock

Retval = 0

Stop_timeout =$ {STOP_TIMEOUT-10}

 

Start (){

Echo-N $ "Starting $ prog :"

Daemon -- pidfile = $ pidfile $ syslog_ng $ options

Retval =$?

Echo

[$ Retval = 0] & touch $ {lockfile}

Return $ retval

}

 

Stop (){

Echo-N $ "Stopping $ prog :"

Killproc-p $ pidfile-d $ stop_timeout $ syslog_ng

Retval =$?

Echo

[$ Retval = 0] & Rm-F $ lockfile $ pidfile

}

 

Case "$1" in

Start)

Start

;;

Stop)

Stop

;;

Status)

Status-p $ pidfile $ syslog_ng

Retval =$?

;;

Restart)

Stop

Start

;;

*)

Echo $ "Usage: $ prog {START | stop | restart | status }"

Retval = 2

Esac

Exit $ retval

------------------------------------------------------------

Chmod A + x/etc/init. d/syslog-ng

Killall syslogd

Chkconfig -- add syslog-ng

Chkconfig syslog-ng on

Service syslog-ng start


Configuration File/usr/local/syslog-ng/etc/syslog-ng.conf

# The complete configuration file is shown below. Note:


@ Version: 3.3.5

@ Include "SCL. conf"

Options {

# Long_hostnames (off );

Log_msg_size (8192 );

Flush_lines (1 );

Log_1_o_size (20480 );

Time_reopen (10 );

Use_dns (yes );

Dns_cache (yes );

Use_fqdn (yes );

Keep_hostname (yes );

Chain_hostnames (NO );

# Chain_hostnames (off );

Perm (0644 );

Stats_freq (43200 );

};

Source s_internal {internal ();};

Destination d_syslognglog {file ("/var/log/syslog-ng.log ");};

Log {source (s_internal); destination (d_syslognglog );};

Source s_local {

Unix-dgram ("/dev/log ");

File ("/proc/kmsg" program_override ("kernel :"));

};

# Define 7 log types

Filter f_messages {level (info .. emerg );};

Filter f_secure {facility (authpriv );};

Filter f_mail {facility (Mail );};

Filter f_cron {facility (cron );};

Filter f_emerg {level (emerg );};

Filter f_spooler {level (CRIT .. emerg) and facility (uucp, News );};

Filter f_local7 {facility (local7 );};

Filter f_local4 {facility (local4 );};

# Define the location of seven types of logs on the client

Destination d_messages {file ("/var/log/messages ");};

Destination d_secure {file ("/var/log/secure ");};

Destination d_maillog {file ("/var/log/maillog ");};

Destination d_cron {file ("/var/log/cron ");};

Destination d_console {usertty ("root ");};

Destination d_spooler {file ("/var/log/Spooler ");};

Destination d_bootlog {file ("/var/log/dmesg ");};

Destination d_usercmd {file ("/var/log/usercmd. log ");};

Log {source (s_local); filter (f_emerg); destination (d_console );};

Log {source (s_local); filter (f_secure); destination (d_secure); flags (final );};

Log {source (s_local); filter (f_mail); destination (d_maillog); flags (final );};

Log {source (s_local); filter (f_cron); destination (d_cron); flags (final );};

Log {source (s_local); filter (f_spooler); destination (d_spooler );};

Log {source (s_local); filter (f_local7); destination (d_bootlog );};

Log {source (s_local); filter (f_messages); destination (d_messages );};

Log {source (s_local); filter (f_local4); destination (d_usercmd );};

# Define the listening port

# Remote logging

Source s_remote {

TCP/IP (IP (0.0.0.0) Port (514 ));

UDP (IP (0.0.0.0) Port (514 ));

};


# Define the format, location, and permissions of client logs stored on the server

Destination r_console {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/console" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_secure {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/secure" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_cron {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/cron" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_spooler {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/Spooler" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_bootlog {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/bootlog" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_messages {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/messages" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_usercmd {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/usercmd" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Destination r_maillog {file ("/var/log/syslog-ng/$ year $ month $ day/$ host/maillog" Owner ("root") group ("root ") perm (0640) dir_perm (0750) create_dirs (yes ));};

Log {source (s_remote); filter (f_emerg); destination (r_console );};

Log {source (s_remote); filter (f_secure); destination (r_secure); flags (final );};

Log {source (s_remote); filter (f_cron); destination (r_cron); flags (final );};

Log {source (s_remote); filter (f_spooler); destination (r_spooler );};

Log {source (s_remote); filter (f_local7); destination (r_bootlog );};

Log {source (s_remote); filter (f_messages); destination (r_messages );};

Log {source (s_remote); filter (f_local4); destination (r_usercmd );};

Log {source (s_remote); filter (f_mail); destination (r_usercmd );};



######################################## ##### 3


Note: If you want to add a new monitoring service log, you need to add a few places: the configuration file marked as red

Add to client

Local4. */var/log/usercmd. Log



#/Usr/local/syslog-ng/sbin/syslog-ng-e-f-D-V

Test whether the syslog-ng configuration file is correct.


On the client side, we use the rsyslog system's built-in log collection service.

VI/etc/rsyslog. conf

Add a row at the bottom

*. Info @ 10.0.11.53




VI/etc/syslog. conf

Add as follows:

*. Info; mail. None; news. None; authpriv. None; cron. None @ service IP


Install syslog-ng management logs

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
forward windows event logs to syslog server kiwi syslog server windows event logs man syslog ng syslog ng documentation syslog ng server syslog ng configuration guide splunk syslog ng

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More