一、软件:
wget http://www.balabit.com/downloads/files/syslog-ng/sources/stable/src/syslog-ng-2.0.5.tar.gz
wget http://nchc.dl.sourceforge.net/sourceforge/php-syslog-ng/php-syslog-ng-2.9.1r10.tar.gz
wget http://www.mirrors.wiretapped.net/security/host-security/syslog-ng/libol/0.2/libol-0.2.24.tar.gz
wget http://ftp.uk.debian.org/debian/pool/main/e/eventlog/eventlog_0.2.5.orig.tar.gz
二、安装:
tar -zxvf eventlog_0.2.5.orig.tar.gz
cd eventlog-0.2.5
./configure
make && make install
tar -zxvf libol-0.2.24.tar.gz
cd libol-0.2.24
./configure
make && make install
tar -zxvf syslog-ng-2.0.5.tar.gz
cd syslog-ng-2.0.5
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
./configure
make && make install
tar -zxvf php-syslog-ng-2.9.1r10.tar.gz
cd html/scripts/
vi syslog2mysql.sh
#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
/usr/local/mysql/bin/mysql -u dbuser --password=dbpass dbname < /var/log/mysql.pipe >/dev/null
done
将表结构导入数据库:
#nohup ./syslog2mysql.sh &
服务器端:
vi /usr/local/etc/syslog-ng.conf
内容如下:http://www.joecen.com/blog/files/syslog-ng.conf
略....
vi /etc/init.d/syslog-ng
------------------------------------------------------
################################################################################
#
# Program: syslog-ng init script for Red Hat
#
################################################################################
# the following information is for use by chkconfig
# if you are want to manage this through chkconfig (as you should), you must
# first must add syslog-ng to chkconfig's list of startup scripts it
# manages by typing:
#
# chkconfig --add syslog-ng
#
# DO NOT CHANGE THESE LINES (unless you know what you are doing)
# chkconfig: 2345 12 88
# description: syslog-ng is the next generation of the syslog daemon. \
# syslog-ng gives you the flexibility of logging not only by facility and \
# severity, but also by host, message content, date, etc. it can also replace \
# klogd's function of logging kernel messages
#
# This following block of lines is correct, do not change! (for more info, see
# http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/facilname.html)
### BEGIN INIT INFO
# Provides: $syslog
### END INIT INFO
################################################################################
#
# This is an init script for syslog-ng on the Linux platform.
#
# It totally relies on the Redhat function library and works the same
# way as other typical Redhat init scripts.
#
#
# Platforms (tested): Linux (Redhat 7.3)
#
#
# Author: Gregor Binder
# Changed: October 10, 2000
#
# Last Changed: September 27, 2002
# Updated by: Diane Davidowicz
# changes: Brought the start script up to snuff as far as compliance
# with managing the startup script through chkconfig;
# added PATH variable ability to hook in path to syslog-ng (if
# its necessary); converted init script format to the
# standard init script format in Red Hat (7.3 to be exact)
# including using the /etc/sysconfig/syslog-ng file to
# managed the arguments to syslog-ng without changing this
# script, and disabled klogd but noted where and under what
# conditions it should be enabled. HAPPY LOGGING.
#
# Copyright (c) 2000 by sysfive.com GmbH, All rights reserved.
#
#
################################################################################
#
# configuration
#
INIT_PROG="/usr/local/sbin/syslog-ng" # Full path to daemon
INIT_OPTS="" # options passed to daemon
#
# Source Redhat function library.
#
. /etc/rc.d/init.d/functions
# Tack on path to syslog-ng if not already in PATH
SYSLOGNG_PATH=":/usr/local/sbin"
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
INIT_NAME=`basename "$INIT_PROG"`
# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.
# Source config
if [ -f /etc/sysconfig/syslog-ng ] ; then
. /etc/sysconfig/syslog-ng
else
SYSLOGNG_OPTIONS=
fi
RETVAL=0
umask 077
ulimit -c 0
# See how we were called.
start() {
echo -n "Starting $INIT_PROG: "
#daemon $INIT_PROG $SYSLOGNG_OPTIONS
daemon --check $INIT_PROG "$INIT_PROG $INIT_OPTS"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
stop() {
echo -n "Stopping $INIT_PROG: "
killproc $INIT_PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
rhstatus() {
status $INIT_PROG
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/syslog-ng ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $?
------------------------------------------------------
chmod ugo+x /etc/init.d/syslog-ng
chkconfig --add syslog-ng
#service syslog-ng start
客户端:
vi /etc/syslog.conf
*.notice;cron.none;authpriv.* @19.2.169.41
或者直接:
echo "*.notice;cron.none;authpriv.* @19.2.169.41" >> /etc/syslog.conf
/etc/init.d/syslog restart
注:如果无法获取客户端日志,试试修改服务器如下文件。
vi /etc/sysconfig/syslo
SYSLOGD_OPTIONS="-m 0 -r"
wget http://www.balabit.com/downloads/files/syslog-ng/sources/stable/src/syslog-ng-2.0.5.tar.gz
wget http://nchc.dl.sourceforge.net/sourceforge/php-syslog-ng/php-syslog-ng-2.9.1r10.tar.gz
wget http://www.mirrors.wiretapped.net/security/host-security/syslog-ng/libol/0.2/libol-0.2.24.tar.gz
wget http://ftp.uk.debian.org/debian/pool/main/e/eventlog/eventlog_0.2.5.orig.tar.gz
二、安装:
引用
tar -zxvf eventlog_0.2.5.orig.tar.gz
cd eventlog-0.2.5
./configure
make && make install
tar -zxvf libol-0.2.24.tar.gz
cd libol-0.2.24
./configure
make && make install
tar -zxvf syslog-ng-2.0.5.tar.gz
cd syslog-ng-2.0.5
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
./configure
make && make install
tar -zxvf php-syslog-ng-2.9.1r10.tar.gz
cd html/scripts/
vi syslog2mysql.sh
#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
/usr/local/mysql/bin/mysql -u dbuser --password=dbpass dbname < /var/log/mysql.pipe >/dev/null
done
将表结构导入数据库:
#nohup ./syslog2mysql.sh &
服务器端:
引用
vi /usr/local/etc/syslog-ng.conf
内容如下:http://www.joecen.com/blog/files/syslog-ng.conf
略....
vi /etc/init.d/syslog-ng
------------------------------------------------------
################################################################################
#
# Program: syslog-ng init script for Red Hat
#
################################################################################
# the following information is for use by chkconfig
# if you are want to manage this through chkconfig (as you should), you must
# first must add syslog-ng to chkconfig's list of startup scripts it
# manages by typing:
#
# chkconfig --add syslog-ng
#
# DO NOT CHANGE THESE LINES (unless you know what you are doing)
# chkconfig: 2345 12 88
# description: syslog-ng is the next generation of the syslog daemon. \
# syslog-ng gives you the flexibility of logging not only by facility and \
# severity, but also by host, message content, date, etc. it can also replace \
# klogd's function of logging kernel messages
#
# This following block of lines is correct, do not change! (for more info, see
# http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/facilname.html)
### BEGIN INIT INFO
# Provides: $syslog
### END INIT INFO
################################################################################
#
# This is an init script for syslog-ng on the Linux platform.
#
# It totally relies on the Redhat function library and works the same
# way as other typical Redhat init scripts.
#
#
# Platforms (tested): Linux (Redhat 7.3)
#
#
# Author: Gregor Binder
# Changed: October 10, 2000
#
# Last Changed: September 27, 2002
# Updated by: Diane Davidowicz
# changes: Brought the start script up to snuff as far as compliance
# with managing the startup script through chkconfig;
# added PATH variable ability to hook in path to syslog-ng (if
# its necessary); converted init script format to the
# standard init script format in Red Hat (7.3 to be exact)
# including using the /etc/sysconfig/syslog-ng file to
# managed the arguments to syslog-ng without changing this
# script, and disabled klogd but noted where and under what
# conditions it should be enabled. HAPPY LOGGING.
#
# Copyright (c) 2000 by sysfive.com GmbH, All rights reserved.
#
#
################################################################################
#
# configuration
#
INIT_PROG="/usr/local/sbin/syslog-ng" # Full path to daemon
INIT_OPTS="" # options passed to daemon
#
# Source Redhat function library.
#
. /etc/rc.d/init.d/functions
# Tack on path to syslog-ng if not already in PATH
SYSLOGNG_PATH=":/usr/local/sbin"
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
INIT_NAME=`basename "$INIT_PROG"`
# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.
# Source config
if [ -f /etc/sysconfig/syslog-ng ] ; then
. /etc/sysconfig/syslog-ng
else
SYSLOGNG_OPTIONS=
fi
RETVAL=0
umask 077
ulimit -c 0
# See how we were called.
start() {
echo -n "Starting $INIT_PROG: "
#daemon $INIT_PROG $SYSLOGNG_OPTIONS
daemon --check $INIT_PROG "$INIT_PROG $INIT_OPTS"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
stop() {
echo -n "Stopping $INIT_PROG: "
killproc $INIT_PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
rhstatus() {
status $INIT_PROG
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/syslog-ng ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $?
------------------------------------------------------
chmod ugo+x /etc/init.d/syslog-ng
chkconfig --add syslog-ng
#service syslog-ng start
客户端:
vi /etc/syslog.conf
*.notice;cron.none;authpriv.* @19.2.169.41
或者直接:
echo "*.notice;cron.none;authpriv.* @19.2.169.41" >> /etc/syslog.conf
/etc/init.d/syslog restart
注:如果无法获取客户端日志,试试修改服务器如下文件。
vi /etc/sysconfig/syslo
SYSLOGD_OPTIONS="-m 0 -r"
需要加强掌握的vi命令
Linux DIALOG
