{"id":599,"date":"2011-01-15T14:12:00","date_gmt":"2011-01-15T06:12:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=599"},"modified":"2023-11-04T14:24:36","modified_gmt":"2023-11-04T06:24:36","slug":"syslog-ng","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/599","title":{"rendered":"syslog-ng"},"content":{"rendered":"\n<p><strong>syslog-ng<\/strong><br>http:\/\/www.balabit.com\/<br>\u53ef\u4f9dlog\u5167\u5bb9\u4ee5regular expression\u81ea\u8a02\u5206\u985e\u53ca\u8655\u7406\u65b9\u5f0f<br>\u652f\u63f4tcp\/udp\u5c07log\u9001\u5230\u9060\u7aefserver<br>\u53ef\u5373\u6642\u901a\u77e5\u5728\u7dda\u4e0a\u7684\u7cfb\u7d71\u7ba1\u7406\u8005<br>\u53ef\u5c07log\u503c\u7576\u6210\u67d0\u500bprogram\u7684\u6a19\u6e96\u8f38\u5165\u5b57\u4e32\uff0c\u76f4\u63a5\u5c07log\u4f5c\u52a0\u5de5\u53ca\u5206\u6790<\/p>\n\n\n\n<p>syslog-ng\u4e0b\u8f09\u4f4d\u7f6e<br>http:\/\/www.balabit.com\/downloads\/files\/syslog-ng\/sources\/<\/p>\n\n\n\n<p><strong>\u5b89\u88ddsyslog-ng\u4e4b\u524d\u7684\u6e96\u5099<\/strong><br>\u5fc5\u88dd\u7684\u6709:<br>libol http:\/\/www.balabit.com\/downloads\/files\/libol<br>eventlog http:\/\/www.balabit.com\/downloads\/files\/eventlog<\/p>\n\n\n\n<p>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;.<\/p>\n\n\n\n<p><br><strong>\u5b89\u88ddlibol<\/strong><br>#tar -zxvf libol-&lt; version &gt;.tar.gz<br>#cd libol-&lt; version &gt;<br>#.\/configure &#8211;prefix=\/usr\/local\/libol &#8211;enable-shared<br>#make<br>#make install<\/p>\n\n\n\n<p><strong>\u5b89\u88ddeventlog<\/strong><br>#tar -zxvf eventlog-&lt; version &gt;.tar.gz<br>#cd eventlog-&lt; version &gt;<br>#.\/configure &#8211;prefix=\/usr\/local\/eventlog<br>#make<br>#make install<\/p>\n\n\n\n<p><strong>\u5b89\u88ddsyslog-ng<\/strong><br>#tar -zxvf syslog-ng-&lt; version &gt;.tar.gz<br>#cd syslog-ng-&lt; version &gt;<br>#export PKG_CONFIG_PATH=\/usr\/local\/eventlog\/lib\/pkgconfig\/<br>#.\/configure &#8211;prefix=\/usr\/local\/syslog-ng &#8211;with-libol=\/usr\/local\/libol<br>#make<br>#make install<br>\u3000<br><strong>\u6e2c\u8a66<\/strong><br>\u555f\u52d5syslog-ng<br>#\/usr\/local\/syslog-ng\/sbin\/syslog-ng -f &lt; syslog-ng.conf path&gt;<\/p>\n\n\n\n<p>ps:<br>\u63a5\u6536\u5916\u90e8\u4e3b\u6a5flog<br>\u9700\u5728syslog-ng.conf\u4e2d\u8a2d\u5b9a\u5982\u4e0b<br>source s_network { udp(); }; #\u52a0\u5165\u8a72\u884c\u4ee5\u63a5\u6536udp port514<br>destination d_local { file(&#8220;\/var\/log\/messages&#8221;);}; #\u9019\u884c\u9810\u8a2d\u6703\u6709<br>log{source(s_network);destination(d_local);}; #\u52a0\u5165\u8a72\u884c\u8b93\u4f86\u6e90\u5beb\u5165\u76ee\u5730messages<br>ps:\u8a73\u7d30\u8acb\u770bsyslog-ng.conf\u88dc\u5145<\/p>\n\n\n\n<p>##########################################################&nbsp;<\/p>\n\n\n\n<p><strong>syslog-ng.conf<\/strong><br>\u7d50\u69cb\u5982\u4e0b<\/p>\n\n\n\n<p><strong>\u8a2d\u5b9a\u5168\u57df\u53c3\u6578,<\/strong><br>\u683c\u5f0f\u70baoptions { function1() [;function2(),&#8230;] };<br>\u5e38\u898b\u7684function\u6709<br>chain_hostnames(no);<br>create_dirs (no);<br>dir_perm(0755);<br>dns_cache(yes);<br>keep_hostname(yes);<br>log_fifo_size(2048);<br>log_msg_size(8192);<br>long_hostnames(on);<br>perm(0644);<br>stats(3600);<br>sync(0);<br>time_reopen (10);<br>use_dns(yes);<br>use_fqdn(yes);<br>create_dirs(yes); #\u82e5\u76ee\u9304\u4e0d\u5b58\u5728\u5247\u5efa\u7acb<br>owner(root); #\u6307\u5b9a\u5efa\u7acb\u6a94\u6848\u64c1\u6709\u8005<br>group(root); #\u6307\u5b9a\u5efa\u7acb\u6a94\u6848\u7684\u7fa4\u7d44<br>perm(0600); #\u6307\u5b9a\u5efa\u7acb\u6a94\u6848\u7684\u6b0a\u9650<br>dir_perm(0700); #\u6307\u5b9a\u76ee\u9304\u6b0a\u9650<\/p>\n\n\n\n<p><strong>\u8a2d\u5b9ainput\u4f86\u6e90,<\/strong><br>\u683c\u5f0f\u70basource source_ name { function1() [;function2(),&#8230;] };<br>\u5e38\u898b\u7684function\u6709<br>internal()\u8868\u6240\u6709\u672c\u6a5f\u7522\u751f\u7684log<br>unix-stream(&#8220;\/dev\/log&#8221;)\u8868\u4f86\u81ea\u672c\u6a5f\u7684log\u6a94,\u672c\u6a5f\u662fLinux<br>file(&#8220;\/proc\/kmsg&#8221;); \u8868\u793a\u6838\u5fc3log<br>tcp();\u5f9etcp\u63a5\u6536log<br>udp();\u5f9eudp\u63a5\u6536log<br>ex:<br>source src {<br>\u3000unix-stream(&#8220;\/dev\/log&#8221;); # local system logs<br>\u3000internal(); # internal syslog-ng logs<br>\u3000file(&#8220;\/proc\/kmsg&#8221;); # local kernel logs<br>};<br>source remote { tcp(ip(&#8220;127.0.0.1&#8221;) port(514) keep-alive(yes)); }; #\u76e3\u807dtcp port514\u63a5\u6536log<br>source remote { udp(); }; #\u76e3\u807dudp,\u9810\u8a2d514port\u63a5\u6536log<\/p>\n\n\n\n<p><strong>\u8a2d\u5b9aoutput\u76ee\u7684\u5730,<\/strong><br>\u683c\u5f0f\u70badestination destination_ name {function1() [;function2(),&#8230;] };<br>\u5e38\u898b\u7684function\u6709<br>file(&#8220;path&#8221;):\u4ee5\u6a94\u6848\u7684\u65b9\u5f0f\u5b58\u5728local\u7aef<br>usertty(&#8220;user_name&#8221;):\u5373\u6642\u901a\u77e5\u7279\u5b9a\u7684\u7dda\u4e0a\u7684\u4f7f\u7528\u8005<br>unix-dgram &lt; filename&gt;:writes messages to the given AF_UNIX, SOCK_DGRAM socket (BSDi style)<br>unix-stream &lt; filename&gt;:writes messages to the given AF_UNIX, SOCK_STREAM socket (Linux style)<br>udp &lt; ip&gt;,&lt; port&gt;:network destination using the UDP protocol<br>tcp &lt; ip&gt;,&lt; port&gt;:network destination using the TCP protocol<br>ex:<br>destination lpr { file(&#8220;\/var\/log\/lpr.log&#8221;); };&nbsp;<br>destination mail { file(&#8220;\/var\/log\/mail.log&#8221;); };&nbsp;<br>destination messages { file(&#8220;\/var\/log\/messages&#8221;); };&nbsp;<br>destination console { usertty(&#8220;root&#8221;); };<\/p>\n\n\n\n<p><strong>\u8a2d\u5b9afilter\u689d\u4ef6<\/strong><br>\u683c\u5f0f\u70bafilter filter_name{function1() [;function2(),&#8230;] };<br>#facility(string1,string2):\u7be9\u9078\u51fa\u5305\u542bstring1\u6216string2\u5176\u4e2d\u4e4b\u4e00\u500b\u5b57\u4e32\u7684log.<br>#level(S1..S2..S3) or priority(S1..S2..S3),\u7be9\u9078\u51fa\u5305\u542b\u5176\u4e2d\u4e4b\u4e00level\u7684log<\/p>\n\n\n\n<p><strong>\u5c07\u8a2d\u5b9a\u597d\u7684source,filter,destination\u4f9d\u9700\u6c42\u4f5c\u7d44\u5408<\/strong><br>\u683c\u5f0f\u70balog { source_name( ); [ filter_name(f_emergency);] destination_name( ); };<br>ex:<br>log { source(src); filter(f_lpr); destination(lpr); };<br>log { source(src); filter(f_mail); destination(mail); };<br>log { source(src); filter(f_messages); destination(messages); };<br>log { source(src); filter(f_emergency); destination(console); };<\/p>\n\n\n\n<p>##########################################################&nbsp;<\/p>\n\n\n\n<p><strong>\u5c07log\u532f\u5165\u8cc7\u6599\u5eab\u4e26\u900f\u904e\u7db2\u9801\u6aa2\u7d22<\/strong><br>\u5fc5\u88dd\u7684\u6709:<br>php-syslog-ng http:\/\/sourceforge.net\/projects\/php-syslog-ng\/<br>php,apache,mysql<\/p>\n\n\n\n<p>\u5b89\u88dd\u6b65\u9a5f\u5982\u4e0b<br><strong>1<br>php-syslog-ng<\/strong><br>\u89e3\u58d3\u7e2e\u5f8c\u79fb\u5230\u7db2\u9801\u76ee\u9304\u4e0b,\u4e26\u958b\u555f\u6307\u5b9a\u7684\u7db2\u9801,\u4f9d\u7167\u6307\u793a\u5b8c\u6210\u5b89\u88dd<br>http:\/\/\/syslogng\/install\/index.php<br>\u5b89\u88dd\u5b8c\u5f8c\u6703\u6709\u4ee5\u4e0b<br>1php-syslog-ng\u7ba1\u7406\u76f8\u95dc\u8cc7\u6599<br>2\u5efa\u7acb\u6307\u5b9a\u7684database<br>3\u5efa\u7acb\u5177\u540d\u7ba1\u7dda\u5728\/var\/log\/mysql.pipe<br>\u82e5\u6c92\u5efa\u53ef\u81ea\u884c\u624b\u52d5\u5efa:mkfifo \/var\/log\/mysql.pipe<\/p>\n\n\n\n<p><strong>2<br>\u8a2d\u5b9a\u5177\u540d\u7ba1\u7dda(\u6b64\u90e8\u4efd\u5728\u6bcf\u6b21\u91cd\u958b\u6a5f\u6642\u90fd\u8981\u57f7\u884c)<br><\/strong>#mysql -u syslogfeeder &#8211;password=&lt; pass &gt; &lt; database &gt; &nbsp;&lt; \/tmp\/mysql.pipe &gt;\/dev\/null &amp;<br>\u8f38\u5165\u5f9ephpsyslog\u5b89\u88dd\u6642\u5e33\u6236syslogfeeder\u7684&lt; pass &gt;\u548c\u6307\u5b9a\u7684&lt; database&gt;<\/p>\n\n\n\n<p><strong>3<br>\u4fee\u6539syslog-ng.conf\u5f8c\u91cd\u555fsyslog-ng<\/strong><br>destination d_mysql {<br>pipe(&#8220;\/var\/log\/mysql.pipe&#8221;<br>template(&#8220;INSERT INTO logs<br>(host, facility, priority, level, tag, datetime, program, msg)<br>VALUES ( &#8216;$HOST&#8217;, &#8216;$FACILITY&#8217;, &#8216;$PRIORITY&#8217;, &#8216;$LEVEL&#8217;, &#8216;$TAG&#8217;, &#8216;$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC&#8217;,<br>&#8216;$PROGRAM&#8217;, &#8216;$MSG&#8217; );n&#8221;) template-escape(yes));<br>};<br>log { source(net); destination(d_mysql);};<\/p>\n\n\n\n<p>&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;<\/p>\n\n\n\n<p>\u53c3\u8003\u8cc7\u6599<br>http:\/\/wangchengtai.blog.hexun.com.tw\/24382350_d.html<br>http:\/\/zoukejian.blog.51cto.com\/131276\/56828<br>http:\/\/samlin2004.myweb.hinet.net\/docs\/log\/syslog-ngInstallationGuide.htm<br>http:\/\/ssorc.tw\/rewrite.php\/read-203.html<br>http:\/\/forum.icst.org.tw\/phpbb\/viewtopic.php?t=348<br>http:\/\/blog.xuite.net\/lianyijyi\/it\/27833426<\/p>\n","protected":false},"excerpt":{"rendered":"<p>syslog-nghttp:\/\/www.balabit.co &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[17],"tags":[],"class_list":["post-599","post","type-post","status-publish","format-standard","hentry","category-systemtool"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=599"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/599\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}