【个人笔记】syslog-ng接收远端syslog数据
来源:互联网 发布:反洗钱可以怎么优化 编辑:程序博客网 时间:2024/05/19 02:02
要求使用syslog-ng记录信息,花了
更改1:/etc/sysconfig/rsyslog
我看到一篇博客【1】写如何改系统自带的syslog,这是平常非红帽家族常见的老syslog。当时觉得红帽虽然自带的不是syslog而是更syslog-ng一样的、新一代的rsyslog。
但是仍然是要禁用的。
摘选修改部分:
So first, will need to edit /etc/sysconfig/syslog and change the following 2 lines:
SYSLOGD_PARAMS="-r"
SYSLOG_DAEMON="syslog-ng"
The 1st option (-r ) tells the Daemon to be in passive mode - act like a logging server.
The 2nd option tells syslog Daemon to use syslog-ng as the system default logging scheme.
然后就可以改主文件了:/etc/syslog-ng/syslog-ng.conf
其实按理来说这样一改这个.conf文件就可以了。不过在此之前我做了太多的改动。所以记录一下出现过的错误
常见错误:
1. 没有声明全局变量
先是安装:
更改2
我是按照这篇博客:http://blog.csdn.net/jsjwk/article/details/7942096
1.加了几行代码在脚本文件
2.修改了/usr/local/syslog-ng/etc/patterndb.d 下的syslog-ng.conf,然而并不是主配置文件,无影响。
[root@server2 ~]# cd /usr/local/src/tarbag/ [root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/eventlog/0.2/eventlog_0.2.12.tar.gz [root@server2 tarbag]# tar -zxvf eventlog_0.2.12.tar.gz -C ../software/ [root@server2 tarbag]# cd ../software/eventlog-0.2.12/ [root@server2 eventlog-0.2.9]# ./configure --prefix=/usr/local/eventlog && make && make install [root@server2 eventlog-0.2.9]# ls /usr/local/eventlog/ include lib [root@server2 syslog-ng-3.0.5]# cd - /usr/local/src/tarbag [root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/libol/0.3/libol-0.3.15.tar.gz [root@server2 tarbag]# tar -zxvf libol-0.3.15.tar.gz -C ../software/ [root@server2 tarbag]# cd ../software/libol-0.3.15/ [root@server2 libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install [root@server2 libol-0.3.9]# ls /usr/local/libol/ bin include lib [root@server2 libol-0.3.9]# cd - [root@server2 tarbag]# wget http://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.3.5/source/syslog-ng_3.3.5.tar.gz [root@server2 tarbag]# tar -zxvf syslog-ng_3.3.5.tar.gz -C ../software/ [root@server2 tarbag]# cd ../software/syslog-ng-3.3.5/ [root@server2 syslog-ng-3.0.5]# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig [root@server2 syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make install configure: error: Cannot find eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好) [root@server2 syslog-ng-3.0.5]# ls /usr/local/syslog-ng/ bin libexec sbin share [root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc [root@server2 syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var [root@server2 syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat /usr/local/syslog-ng/etc/ [root@server2 syslog-ng-3.0.5]# cp modules.conf scl.conf /usr/local/syslog-ng/etc/ [root@server2 syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng [root@server2 syslog-ng-3.0.5]# cd /usr/local/syslog-ng/etc/ [root@server2 etc]# mv syslog-ng.conf.RedHat syslog-ng.conf [root@server2 etc]# cat syslog-ng.conf @version:3.0 options { long_hostnames(off); log_msg_size(8192); flush_lines(1); log_fifo_size(20480); time_reopen(10); use_dns(yes); dns_cache(yes); use_fqdn(yes); keep_hostname(yes); chain_hostnames(no); perm(0644); stats_freq(43200); }; source s_internal { internal(); }; destination d_syslognglog { file("/var/log/syslog-ng.log"); }; log { source(s_internal); destination(d_syslognglog); }; source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); }; filter f_messages { level(info..emerg); }; //定义7种日志类型 filter f_secure { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_emerg { level(emerg); }; filter f_spooler { level(crit..emerg) and facility(uucp, news); }; filter f_local7 { facility(local7); }; destination d_messages { file("/var/log/messages"); }; //定义7种类型日志在客户端的位置 destination d_secure { file("/var/log/secure"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_cron { file("/var/log/cron"); }; destination d_console { usertty("root"); }; destination d_spooler { file("/var/log/spooler"); }; destination d_bootlog { file("/var/log/dmesg"); }; log { source(s_local); filter(f_emerg); destination(d_console); }; log { source(s_local); filter(f_secure); destination(d_secure); flags(final); }; log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); }; log { source(s_local); filter(f_cron); destination(d_cron); flags(final); }; log { source(s_local); filter(f_spooler); destination(d_spooler); }; log { source(s_local); filter(f_local7); destination(d_bootlog); }; log { source(s_local); filter(f_messages); destination(d_messages); }; # Remote logging //定义监听的端口 source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; //定义客户端日志在服务器上保存的格式,位置和权限等 destination r_console {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; destination r_secure {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; destination r_cron {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; destination r_spooler {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; destination r_bootlog {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; destination r_messages {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));}; log { source(s_remote); filter(f_emerg); destination(r_console); }; log { source(s_remote); filter(f_secure); destination(r_secure); flags(final); }; log { source(s_remote); filter(f_cron); destination(r_cron); flags(final); }; log { source(s_remote); filter(f_spooler); destination(r_spooler); }; log { source(s_remote); filter(f_local7); destination(r_bootlog); }; log { source(s_remote); filter(f_messages); destination(r_messages); }; [root@server2 etc]# chmod +x /etc/init.d/syslog-ng [root@server2 etc]# chkconfig --add syslog-ng service syslog-ng does not support chkconfig(若出现该错误,请修改该脚本前四行如下) [root@server2 etc]# head -4 /etc/init.d/syslog-ng #!/bin/bash #chkconifg: --add syslog-ng #chkconfig: 2345 12 88 #Description: syslog-ng 该脚本还需要修改下面的三个位置 [root@server2 etc]# grep ‘PATH‘ /etc/init.d/syslog-ng PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin [root@server2 etc]# grep 'INIT' /etc/init.d/syslog-ng |head -2 INIT_PROG="/usr/local/syslog-ng/sbin/syslog-ng" # Full path to daemon INIT_OPTS="-f /usr/local/syslog-ng/etc/syslog-ng.conf" # options passed to daemon [root@server2 etc]# service syslog-ng start Starting syslog-ng: /usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libevtlog.so.0: cannot open shared object file: No such file or directory Starting Kernel Logger: 出现此错误是因为共享库链接没做好 [root@server2 etc]# ln -s /usr/local/eventlog/lib/* /lib/ ln -s /usr/local/eventlog/lib/* /lib64/ 出现下面的问题是因为主配置文件中缺少:@version:3.0这行 Starting syslog-ng: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file; [root@server2 ~]# service syslog-ng start Starting Kernel Logger: [ OK ] [root@server2 etc]# cat /var/log/syslog-ng.log Jan 28 03:59:07 server2.yang.com syslog-ng[20225]: syslog-ng starting up; version='3.0.5'
- export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
- ./configure --prefix=/usr/local/syslog-ng
- #!/bin/bash
- #
- # chkconfig: - 60 27
- # description: syslog-ng SysV script.
- . /etc/rc.d/init.d/functions
- #!/bin/bash
- #
- # chkconfig: - 60 27
- # description: syslog-ng SysV script.
- . /etc/rc.d/init.d/functions
问题:
1.修改.conf后无法启动syslog-ng服务
显示错误:
/etc/syslog-ng/syslog-ng.conf
@version:3.5
@include "scl.conf"
optional {
sync(0);
flush_line (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_hostname (yes);
};
source s_sys {
system();
internal();
udp(ip(0.0.0.0) port(514));
};
destination d_file { file{"/var/log/excute_log/grandstream.log" create_dirs(yes)); };
log { source(s_sys); destination(d_file); };
job for syslog-ng.service failed
在修改syslog-ng.conf 后常见syslog-deamon start failed syslog-ng.service start failed. 通常是配置中有错误。当然也要注意依赖是否安装正确。
REFERENCE
[1] : http://www.linuxidc.com/Linux/2013-11/92691p2.htm
[2] : http://blog.csdn.net/jsjwk/article/details/7942096
- 【个人笔记】syslog-ng接收远端syslog数据
- syslog-ng
- syslog-ng
- syslog-ng
- syslog及syslog-ng详解
- syslog及syslog-ng详解
- syslog和syslog-ng详解
- 【个人笔记】syslog-ng(下一代系统日志工具)的一些笔记
- syslog-ng 安装配置
- syslog-ng 系统配置
- syslog-ng 与 logrotate
- syslog-ng filters(过滤器)
- syslog-ng.conf sample
- syslog-ng 安装配置
- syslog-ng配置说明
- syslog-ng简介
- syslog-ng日志集中
- syslog-ng基础
- java 大数值BigInteger与BigDecimal
- 启动/关闭MySQL服务
- FFmpeg与libx264 x264接口对应关系源代码分析
- 微信小程序-开发入门
- Android Butterknife 8.4.0 使用方法总结
- 【个人笔记】syslog-ng接收远端syslog数据
- 什么是智能云打印机?云打印机如何连接无线WiFi
- wkwebview 切换夜间模式的时候会闪白一下怎么办?
- 考前定位(下)
- 安装myeclipse
- Apache Spark 2.0: 机器学习模型持久化
- Linux常用命令 Xshell常用命令摘记
- JS中this关键字详解
- LaTeX如何生成没有缩进的数字列表项