syslog-ng

RHEL
回覆文章
schumi
Site Admin
文章: 696
註冊時間: 2004-04-15 14:30:34

syslog-ng

文章 schumi »

適用於 RHEL 6 x86_64 且有安裝預設的GUI

http://forum.icst.org.tw/phpbb/viewtopic.php?t=348
http://swampcritter.drupalgardens.com/c ... -enabled-0
http://wiki.engardelinux.org/index.php/ ... _syslog-ng

yum install gcc
yum install glib2-devel

wget http://dl.fedoraproject.org/pub/epel/6/ ... x86_64.rpm
wget http://dl.fedoraproject.org/pub/epel/6/ ... x86_64.rpm

wget http://www.balabit.com/downloads/files? ... 3.5.tar.gz

rpm -Uvh eventlog-0.2.12-1.el6.x86_64.rpm
rpm -Uvh eventlog-devel-0.2.12-1.el6.x86_64.rpm

tar -zxvf syslog-ng_3.3.5.tar.gz

cd syslog-ng-3.3.5

sh configure
make
make install

chkconfig --level 2345 rsyslog off

cp contrib/init.d.RedHat-7.3 /etc/init.d/syslog-ng
chmod 755 /etc/init.d/syslog-ng

cd /etc/init.d/
chkconfig --level 2345 syslog-ng on

cp /opt/syslog-ng-3.3.5/syslog-ng/.deps /usr/local/sbin/
cp /opt/syslog-ng-3.3.5/syslog-ng/.libs /usr/local/sbin/

cd /bin
ln -s /usr/local/sbin/syslog-ng syslog-ng

/etc/init.d/syslog-ng start
schumi
Site Admin
文章: 696
註冊時間: 2004-04-15 14:30:34

Re: syslog-ng

文章 schumi »

適用於 RHEL 5 i386 且無GUI

yum install gcc glib2-devel

rpm -Uvh eventlog-0.2.12-1.el5.i386.rpm
rpm -Uvh eventlog-devel-0.2.12-1.el5.i386.rpm

需要 syslog-ng, libnet.so.1

wget ftp://ftp.pbone.net/mirror/dl.iuscommun ... 5.i386.rpm
wget ftp://ftp.pbone.net/mirror/ftp.pramberg ... p.i386.rpm

rpm -ivh libnet-1.1.6-1.el5.pp.i386.rpm
rpm -ivh syslog-ng3-3.2.2-1.ius.el5.i386.rpm

然後改config
vi /etc/syslog-ng/syslog-ng.conf

啟動syslog-ng
/etc/init.d/syslog-ng start
schumi
Site Admin
文章: 696
註冊時間: 2004-04-15 14:30:34

syslog-ng+MySQL+php-syslog-ng

文章 schumi »

http://en.gentoo-wiki.com/wiki/Syslog-n ... y_to_MySQL

create DB_Schema

代碼: 選擇全部

CREATE TABLE logs (
	id bigint unsigned NOT NULL AUTO_INCREMENT,
	host varchar(128) default NULL,
	facility varchar(10) default NULL,
	priority varchar(10) default NULL,
	level varchar(10) default NULL,
	tag varchar(10) default NULL,
	datetime datetime default NULL,
	program varchar(15) default NULL,
	msg text,
	seq bigint unsigned NOT NULL default '0',
	counter int(11) NOT NULL default '1',
	fo datetime default NULL,
	lo datetime default NULL,
	PRIMARY KEY  (id),
	KEY datetime (datetime),
	KEY sequence (seq),
	KEY priority (priority),
	KEY facility (facility),
	KEY program (program),
	KEY host (host)
) ENGINE=MyISAM;


CREATE TABLE users (
username varchar(32) default NULL,
pwhash char(40) default NULL,
sessionid char(32) default NULL,
exptime datetime default NULL,
PRIMARY KEY (username)
) TYPE=MyISAM;

CREATE TABLE search_cache (
tablename varchar(32) DEFAULT NULL,
type ENUM('HOST','FACILITY','PROGRAM','LPD'),
value varchar(128) DEFAULT NULL,
updatetime datetime DEFAULT NULL,
INDEX type_name (type, tablename)
) TYPE=MEMORY;

CREATE TABLE user_access (
username varchar(32) DEFAULT NULL,
actionname varchar(32) DEFAULT NULL,
access ENUM('TRUE','FALSE'),
INDEX user_action (username, actionname)
) TYPE=MyISAM;

INSERT INTO user_access VALUES ('admin','add_user','TRUE'),('admin','edit_user','TRUE'),('admin','reload_cache','TRUE'),('admin','edit_acl','TRUE'),('admin','add_server','TRUE'),('admin','chg_auth','TRUE'),('admin','del_server','TRUE'); 

CREATE TABLE actions (
actionname varchar(32) NOT NULL,
actiondescr varchar(64) DEFAULT NULL,
defaultaccess ENUM('TRUE','FALSE'),
PRIMARY KEY (actionname)
) TYPE=MyISAM;
--
-- Table structure for table cemdb
--

CREATE TABLE cemdb (
id int(5) unsigned NOT NULL auto_increment,
name varchar(128) NOT NULL default '',
message text,
explanation text,
action text,
datetime datetime default NULL,
PRIMARY KEY  (id),
UNIQUE KEY name (name)
) ENGINE=MyISAM  COMMENT='Cisco Error Message Database';

INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('add_user', 'Add users', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_user', 'Edit users (delete and change password)', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('reload_cache', 'Reload search cache', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_acl', 'Edit access control settings', 'TRUE');
config syslog-ng.conf

代碼: 選擇全部

@version: 3.0

options {
        stats_freq(3600);
        keep_hostname(yes);
        flush_lines(16);
        log_fifo_size(16384);
};

source s_src {
        unix-stream("/dev/log");
        file("/proc/kmsg");
        internal();
};

destination d_mysql {
        sql(type(mysql)
        host("localhost") username("syslogwriter") password("syslogwriter-password")
        database("syslog")
        table("logs")
        columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg")
        values("$HOST_FROM", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG")
        indexes("host", "facility", "priority", "datetime", "program"));
};

log { source(s_src); destination(d_mysql); };
回覆文章

回到「Red Hat Enterprise Linux」