1. install syslog-ng

 

2. vi syslog-ng.sql

#
# Table structure for table `logs`
#
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq),
KEY host (host),
KEY seq (seq),
KEY program (program),
KEY time (time),
KEY date (date),
KEY priority (priority),
KEY facility (facility)
) TYPE=MyISAM;

匯入資料庫

mysql -u root –password=syslog < syslog-ng.sql

 

使用pipe驅動器將訊息寫入/tmp/mysql.pipe

mkfifo /tmp/mysql.pipe       

 

3. 編輯加入

vi /etc/syslog-ng/syslog-ng.conf

## Log syslog-ng to mysql database
##
destination d_mysql {
      pipe("/tmp/mysql.pipe"
      template("INSERT INTO logs (host, facility, priority, level, tag, date,
      time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG',
      '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' ); ") template-escape(yes));
       };
log { source(s_sys); destination(d_mysql);
};

啟動服務

/etc/init.d/syslog-ng restart

 

4. 將記錄寫入資料庫

nohup mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe &

 

5. 寫個script,開機時啟動

vi /path/syslog-ng_mysql.sh

#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
   mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe
else
   mkfifo /tmp/mysql.pipe
   mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe
fi

chmod u+x /path/syslog-ng_mysql.sh

 

vi /etc/rc.local

/path/syslog-ng_mysql.sh

6. 下載 php-syslog-ng.tar.gz

 

tar zxvf php-syslog-ng.tar.gz

 

vi php-syslog-ng/web/include/db_fns.php

$result = mysql_pconnect("localhost", "syslog", "syslog"); 

瀏覽 http://ip/php-syslog-ng/web

 

syslog-ng + remote

client端

vi /etc/syslog-ng/syslog-ng.conf

destination d_logserver { udp("192.168.1.100");};

# 或使用tcp port

#destination d_logserver { tcp("192.168.1.100")port(10514);};

server端

vi /etc/syslog-ng/syslog-ng.conf

source s_net {tcp(ip(0.0.0.0) port(10514); udp();};

log {source(s_sys); source(s_net); destination(d_mysql);};

ref: http://samlin2004.myweb.hinet.net/docs/log/syslog-ngInstallationGuide.htm

http://phorum.study-area.org/viewtopic.php?t=26137&highlight=syslog-ng

Related posts 相關文章
logger 指令測試丟訊息到~遠端的 rsyslog server 上
More...
讓 SNMP 減少記錄於 syslog 裡
More...
將windows的事件檢視記錄到linux的syslog
More...
用rsyslog架設log server收集個主機的記錄
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。