系統記錄工具 – Log + syslog-ng + mysql + php-syslog-ng

1. install syslog-ng

2. vi syslog-ng.sql

#
# Table structure for table `logs`
#
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq),
KEY host (host),
KEY seq (seq),
KEY program (program),
KEY time (time),
KEY date (date),
KEY priority (priority),
KEY facility (facility)
) TYPE=MyISAM;

匯入資料庫

mysql -u root –password=syslog < syslog-ng.sql

使用pipe驅動器將訊息寫入/tmp/mysql.pipe

mkfifo /tmp/mysql.pipe       

3. 編輯加入

vi /etc/syslog-ng/syslog-ng.conf

## Log syslog-ng to mysql database
##
destination d_mysql {
      pipe("/tmp/mysql.pipe"
      template("INSERT INTO logs (host, facility, priority, level, tag, date,
      time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG',
      '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' ); ") template-escape(yes));
       };
log { source(s_sys); destination(d_mysql);
};

啟動服務

/etc/init.d/syslog-ng restart

4. 將記錄寫入資料庫

nohup mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe &

5. 寫個script，開機時啟動

vi /path/syslog-ng_mysql.sh

#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
   mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe
else
   mkfifo /tmp/mysql.pipe
   mysql -u syslog –password=syslog syslog < /tmp/mysql.pipe
fi

chmod u+x /path/syslog-ng_mysql.sh

vi /etc/rc.local

/path/syslog-ng_mysql.sh

6. 下載 php-syslog-ng.tar.gz

tar zxvf php-syslog-ng.tar.gz

vi php-syslog-ng/web/include/db_fns.php

$result = mysql_pconnect("localhost", "syslog", "syslog");　

瀏覽 http://ip/php-syslog-ng/web

syslog-ng + remote

client端

vi /etc/syslog-ng/syslog-ng.conf

destination d_logserver { udp("192.168.1.100");};

# 或使用tcp port

#destination d_logserver { tcp("192.168.1.100")port(10514);};

server端

vi /etc/syslog-ng/syslog-ng.conf

source s_net {tcp(ip(0.0.0.0) port(10514); udp();};

log {source(s_sys); source(s_net); destination(d_mysql);};

ref: http://samlin2004.myweb.hinet.net/docs/log/syslog-ngInstallationGuide.htm

http://phorum.study-area.org/viewtopic.php?t=26137&highlight=syslog-ng