syslog-ng安装测试记录

来源：互联网发布：找不到网络上的打印机编辑：程序博客网时间：2024/05/22 14:15

1 下载syslog-ng(当前使用的是3.3.4) 当然也要下载eventlog (官方的是在一起提供下载的)

2 安装：(使用最简安装没有添加对json，sql等得支持)
1)因为syslog-ng安装需要eventlog的支持需要先安装eventlog的支持
a eventlog的的作用( 这里把eventlog的英文注释拿过来了偷懒了)
The EventLog library aims to be a replacement of the simple syslog() API
provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages.
Where you had a simple non-structrured string in syslog() you have acombination of description and tag/value pairs.
EventLog provides an interface to build, format and output an event record.The exact format and output method can be customized by the administrator via a configuration file.

Installation
------------

Installing this library is quite straightforward as it does not depend on anything but libc.

First grab your copy of the library. It is a tarball named
eventlog-x.x.x.x.tar.gz where x.x.x.x is the library revision.

tar xvfz eventlog-x.x.x.x.tar.gz
cd eventlog-x.x.x.x
./configure
make && make install

If you want to package the library or move the binaries to another system,
you can use the DESTDIR argument to 'make install' like this:

make DESTDIR=/tmp/staging install

which will use the /tmp/staging directory as root and copy all files beneath
as it were a real system.

Copyright
---------

EventLog is distributed under the terms of a BSD style license, for details
see the file COPYING.
b eventlog安装脚本：

cd eventlog-0.2.12
./configure --prefix=/data/workspace/eventlog
make
make install
2)安装好eventlog后，就可以进行syslog-ng的步骤了：
a 安装脚本：
cd syslog-ng-3.3.4
export EVTLOG_CFLAGS="-I/data/workspace/eventlog/include/eventlog/"
export EVTLOG_LIBS="-levtlog -L/data/workspace/eventlog/lib"
./configure CFLAGS="-I/data/workspace/eventlog/include/eventlog/" LDFLAGS="-L/data/workspace/eventlog/lib " --prefix=/data/workspace/syslog-ng
make
make install

3 经过上面两个步骤安装好，就可以进行测试了
1)修改syslog的配置文件 (关于配置选项的说明后面会有)：

#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages.
#

@version: 3.3
@include "scl.conf"

source s_local {
system(); #记录系统一些操作
internal(); #记录syslog自己操作
#file("/proc/kmsg" program_override("kernel"));
file("/home/guoxian1/test.log"); #监控文件的增长
};

source s_network {
udp();
};

destination d_local { #日志写入的目的地
file("/var/log/test1messages");
};

log { #包含 source 和 dest 我的理解相当于一个模块
source(s_local);

# uncomment this line to open port 514 to receive messages
#source(s_network);
destination(d_local);
};
2) 启动syslog-ng(/data/workspace/syslog-ng/sbin/syslog-ng)
3) 向 /home/guoxian1/test.log 写入一些数据:
运行三次 echo "hello world test guoxain1" >>/home/guoxian1/test.log
4) 查看配置的日志dest:
Apr 6 14:21:58 aer213130 hello world test guoxain1
Apr 6 14:21:59 aer213130 hello world test guoxain1
Apr 6 14:21:59 aer213130 hello world test guoxain1
5) 清空 /home/guoxian1/test.log并在此写入三条：
运行 >/home/guoxian1/test.log
运行三次 echo "hello world test guoxain1" >>/home/guoxian1/test.log
查看/var/log/test1messages
Apr 6 14:26:02 aer213130 hello world test1 guoxain1
Apr 6 14:26:03 aer213130 hello world test1 guoxain1
Apr 6 14:26:04 aer213130 hello world test1 guoxain1
小结论：说明syslog-ng在日志内容发生回滚的时候挺健壮的(不过在发送应用日志的时候需要继续测试)
2) 配置文件修改(/data/workspace/syslog-ng/etc/syslog-ng.conf )这个配置已经通过(128的接受端是syslogd ，能够进行接受),测试步骤与上一个测试差不多就不做具体书写了(发现一个现象，syslogd一样的信息好像就不进行接受了)

@version: 3.3
@include "scl.conf"

source s_local {
system();
internal();
#file("/proc/kmsg" program_override("kernel"));
file("/home/guoxian1/test.log");
};

source s_network {
udp();
};

destination d_local { #配置本地的写目录
file("/var/log/test1messages");
};

destination d_remote_hostport{ #配置远程的写目录
udp("10.210.213.128" port(514));
};

log { #配置log目录，同时写本地与远程
source(s_local);

# uncomment this line to open port 514 to receive messages
#source(s_network);
destination(d_local);
destination(d_remote_hostport);
};

4 关于syslog-ng配置选项的讲解说明：
详情请见syslog-ng的配置及架构讲解(里面有一些网上的资料)