適用於 RHEL 6 x86_64 且有安裝預設的GUI
http://forum.icst.org.tw/phpbb/viewtopic.php?t=348
http://swampcritter.drupalgardens.com/c ... -enabled-0
http://wiki.engardelinux.org/index.php/ ... _syslog-ng
yum install gcc
yum install glib2-devel
wget http://dl.fedoraproject.org/pub/epel/6/ ... x86_64.rpm
wget http://dl.fedoraproject.org/pub/epel/6/ ... x86_64.rpm
wget http://www.balabit.com/downloads/files? ... 3.5.tar.gz
rpm -Uvh eventlog-0.2.12-1.el6.x86_64.rpm
rpm -Uvh eventlog-devel-0.2.12-1.el6.x86_64.rpm
tar -zxvf syslog-ng_3.3.5.tar.gz
cd syslog-ng-3.3.5
sh configure
make
make install
chkconfig --level 2345 rsyslog off
cp contrib/init.d.RedHat-7.3 /etc/init.d/syslog-ng
chmod 755 /etc/init.d/syslog-ng
cd /etc/init.d/
chkconfig --level 2345 syslog-ng on
cp /opt/syslog-ng-3.3.5/syslog-ng/.deps /usr/local/sbin/
cp /opt/syslog-ng-3.3.5/syslog-ng/.libs /usr/local/sbin/
cd /bin
ln -s /usr/local/sbin/syslog-ng syslog-ng
/etc/init.d/syslog-ng start
syslog-ng
Re: syslog-ng
適用於 RHEL 5 i386 且無GUI
yum install gcc glib2-devel
rpm -Uvh eventlog-0.2.12-1.el5.i386.rpm
rpm -Uvh eventlog-devel-0.2.12-1.el5.i386.rpm
需要 syslog-ng, libnet.so.1
wget ftp://ftp.pbone.net/mirror/dl.iuscommun ... 5.i386.rpm
wget ftp://ftp.pbone.net/mirror/ftp.pramberg ... p.i386.rpm
rpm -ivh libnet-1.1.6-1.el5.pp.i386.rpm
rpm -ivh syslog-ng3-3.2.2-1.ius.el5.i386.rpm
然後改config
vi /etc/syslog-ng/syslog-ng.conf
啟動syslog-ng
/etc/init.d/syslog-ng start
yum install gcc glib2-devel
rpm -Uvh eventlog-0.2.12-1.el5.i386.rpm
rpm -Uvh eventlog-devel-0.2.12-1.el5.i386.rpm
需要 syslog-ng, libnet.so.1
wget ftp://ftp.pbone.net/mirror/dl.iuscommun ... 5.i386.rpm
wget ftp://ftp.pbone.net/mirror/ftp.pramberg ... p.i386.rpm
rpm -ivh libnet-1.1.6-1.el5.pp.i386.rpm
rpm -ivh syslog-ng3-3.2.2-1.ius.el5.i386.rpm
然後改config
vi /etc/syslog-ng/syslog-ng.conf
啟動syslog-ng
/etc/init.d/syslog-ng start
syslog-ng+MySQL+php-syslog-ng
http://en.gentoo-wiki.com/wiki/Syslog-n ... y_to_MySQL
create DB_Schema
config syslog-ng.conf
create DB_Schema
代碼: 選擇全部
CREATE TABLE logs (
id bigint unsigned NOT NULL AUTO_INCREMENT,
host varchar(128) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
datetime datetime default NULL,
program varchar(15) default NULL,
msg text,
seq bigint unsigned NOT NULL default '0',
counter int(11) NOT NULL default '1',
fo datetime default NULL,
lo datetime default NULL,
PRIMARY KEY (id),
KEY datetime (datetime),
KEY sequence (seq),
KEY priority (priority),
KEY facility (facility),
KEY program (program),
KEY host (host)
) ENGINE=MyISAM;
CREATE TABLE users (
username varchar(32) default NULL,
pwhash char(40) default NULL,
sessionid char(32) default NULL,
exptime datetime default NULL,
PRIMARY KEY (username)
) TYPE=MyISAM;
CREATE TABLE search_cache (
tablename varchar(32) DEFAULT NULL,
type ENUM('HOST','FACILITY','PROGRAM','LPD'),
value varchar(128) DEFAULT NULL,
updatetime datetime DEFAULT NULL,
INDEX type_name (type, tablename)
) TYPE=MEMORY;
CREATE TABLE user_access (
username varchar(32) DEFAULT NULL,
actionname varchar(32) DEFAULT NULL,
access ENUM('TRUE','FALSE'),
INDEX user_action (username, actionname)
) TYPE=MyISAM;
INSERT INTO user_access VALUES ('admin','add_user','TRUE'),('admin','edit_user','TRUE'),('admin','reload_cache','TRUE'),('admin','edit_acl','TRUE'),('admin','add_server','TRUE'),('admin','chg_auth','TRUE'),('admin','del_server','TRUE');
CREATE TABLE actions (
actionname varchar(32) NOT NULL,
actiondescr varchar(64) DEFAULT NULL,
defaultaccess ENUM('TRUE','FALSE'),
PRIMARY KEY (actionname)
) TYPE=MyISAM;
--
-- Table structure for table cemdb
--
CREATE TABLE cemdb (
id int(5) unsigned NOT NULL auto_increment,
name varchar(128) NOT NULL default '',
message text,
explanation text,
action text,
datetime datetime default NULL,
PRIMARY KEY (id),
UNIQUE KEY name (name)
) ENGINE=MyISAM COMMENT='Cisco Error Message Database';
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('add_user', 'Add users', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_user', 'Edit users (delete and change password)', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('reload_cache', 'Reload search cache', 'TRUE');
INSERT INTO actions (actionname, actiondescr, defaultaccess) VALUES ('edit_acl', 'Edit access control settings', 'TRUE');
代碼: 選擇全部
@version: 3.0
options {
stats_freq(3600);
keep_hostname(yes);
flush_lines(16);
log_fifo_size(16384);
};
source s_src {
unix-stream("/dev/log");
file("/proc/kmsg");
internal();
};
destination d_mysql {
sql(type(mysql)
host("localhost") username("syslogwriter") password("syslogwriter-password")
database("syslog")
table("logs")
columns("host", "facility", "priority", "level", "tag", "datetime", "program", "msg")
values("$HOST_FROM", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG", "$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG")
indexes("host", "facility", "priority", "datetime", "program"));
};
log { source(s_src); destination(d_mysql); };