CSOS 帮助中心
技术支持 云市场镜像产品 其它镜像环境 下一代系统日志工具 Syslog - ng

下一代系统日志工具 Syslog - ng

操作系统: CentOs 6.5

软件明细: Syslog - ng

注:各个软件版本以云市场镜像中产品介绍为准。

因为 syslog-ng 服务 CentOS6.5 64 位 自带了,镜像环境里相应软件的安装,是基于yum安装的。

在镜像环境中,/alidata/install/ 有一个简易的安装、卸载镜像环境的脚本,您可以在 centos 6.5 系统中自行采用此脚本安装,安装后的环境跟镜像里初始化的环境一致。值得注意的是,如果采用此脚本安装镜像环境,只需执行 bash –x syslog-ng_install.sh 即可。

本软件采用 yum 方式安装到 linux 的默认路径下。 syslog-ng 配置文件目录:/etc/syslog-ng/syslog-ng.conf

具体可参考下图: 

/etc/init.d/syslog-ng start|stop|restart
Service syslog-ng start|stop|restart

如何卸载镜像环境中安装的软件,可以参考如下命令完成卸载:

cd /alidata/install/
bash syslog_unistall.sh

备注一 :执行以上卸载,会清理镜像环境的 syslog-ng 服务相关目录,请卸载前自行备份好相应数据。

cat /etc/syslog-ng/syslog-ng.conf

@version:3.2

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (1000);
    long_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};

source s_sys {
    file ("/proc/kmsg" program_override("kernel: "));
    unix-stream ("/dev/log");
    internal();
    # udp(ip(0.0.0.0) port(514));
};

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };

filter f_kernel     { facility(kern); };
filter f_default    { level(info..emerg) and
                        not (facility(mail)
                        or facility(authpriv) 
                        or facility(cron)); };
filter f_auth       { facility(authpriv); };
filter f_mail       { facility(mail); };
filter f_emergency  { level(emerg); };
filter f_news       { facility(uucp) or
                        (facility(news) 
                        and level(crit..emerg)); };
filter f_boot   { facility(local7); };
filter f_cron   { facility(cron); };

#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };

# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

syslog-ng 的配置文件组成

options: 定义全局设置

source: 定义消息源,可以是UDP/TCP端口,也可以是文件名

destination: 定义消息目标, 可以是UDP/TCP端口,也可以是文件名

filter: 定义过滤条件,支持facility,level过滤或者程序名/主机名正则匹配或者消息正文的正则匹配

log: 定义消息处理路径.

log { source S1; source S2; … filter F1; filter F2; … destination D1; destination D2; … }; 把消息源、过滤器、消息目的组合起来就形成一条完整的指令。日志路径中的成员是顺序执行的。凡是来源于指定的消息源,匹配所有指定的过滤器,并送到指定的地址。 注意:每条日志消息都会经过所有的消息路径,并不是匹配后就不再往下执行。


# log syslog-ng's own messages to /var/log/syslog-ng.log

options { long_hostnames(off); sync(0); };

source s_remote { udp(ip(0.0.0.0) port(514)); };

filter f_local2 { level(debug..emerg) and match("UP") or match("DOWN") or  match("up") or match("down") or match("Up") or match("Down"); };
filter f_local3 { level(info..emerg) and not match("UP") and not match("DOWN") and not match("up") and not match("down") and not match("Up") and not match("Down"); };
filter f_local4 { level(debug..emerg) and not match ("OID") and not match ("Trap") and not match ("TRAP") and not match ("SUPERLOGIN") and not match ("FIB/[0-9]/REFRESH"); };

destination d_local2 {file("/tmp/local2-log" owner("itfriend") group("itfriend") perm(0640));};
destination d_local3 {file("/tmp/local3-log" owner("itfriend") group("itfriend") perm(0640));};

log {source(s_remote);filter(f_local2);filter(f_local4);destination(d_local2);};
log {source(s_remote);filter(f_local3);destination(d_local3);};

source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); };
#
# Local filters examples
#
filter f_messages { level(info..emerg); };
filter f_cron { facility(cron); };
filter f_emerg { level(emerg); };

#
# Local destination examples
#
destination d_cron { file("/var/log/cron"); };
destination d_console { usertty("root"); };
destination d_messages {
       file("/var/log/messages" owner("root") group("adm") perm(0640));
};
destination d_aa {udp("192.168.1.1" port(514));};
destination d_bb {udp("192.168.2.2" port(514));};

#
# Local log examples - order DOES matter !
#
log { source(s_local); filter(f_emerg); destination(d_console); };
log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_local); filter(f_messages); destination(d_messages); };
log { source(s_local); filter(f_messages); destination(d_aa); };
log { source(s_local); filter(f_messages); destination(d_bb); };