Syslog-ng+Rsyslog收集日志：Syslog-ng安装（一）

环境：

日志收集服务器：syslog-ng_V3.3.7

Tomcat客户端：syslog + tomcat

干扰：

1.为了方便调试将防火墙和SELinux关闭。

#service iptables stop     //停止防火墙#chkconfig iptables off    //开机不启动#service iptables status    //查看防火墙状态

防火墙停止运行了。

650) this.width=650;" src="/d/know/2023030409/0mpudnvj4fk.webp" title="1.webp" alt="wKioL1cVjtDhtxNSAAAU1tTy_lQ917.webp" data-src="http://s4.51cto.com/wyfs02/M01/7F/27/wKioL1cVjtDhtxNSAAAU1tTy_lQ917.webp">

2.将SELINUX=enforcing 改成 SELINUX=disabled

#vi /etc/selinux/config#setenforce 0    //临时关闭#/usr/sbin/sestatus -v    //查看seliux状态

已经关闭了

650) this.width=650;" src="/d/know/2023030409/0mpudnvj4fk.webp" title="syslog-ng+syslog收集Tomcat日-2.webp" alt="wKiom1cVkCvg45odAAAVEYn1HO8163.webp" data-src="http://s2.51cto.com/wyfs02/M02/7F/29/wKiom1cVkCvg45odAAAVEYn1HO8163.webp">

3.系统默认安装了rsyslog会有514端口冲突，卸载或停用，这里就停用。

# chkconfig rsyslog off    ///禁止开机启动# service rsyslog stop    ///停止rsyslog

安装syslog-ng:

方法一：直接用 yum

#yum install -y syslog-ng

全局配置的是在 /etc/syslog-ng/syslog-ng.conf 中.

不建议新手用方法一安装，因为你没有了解到过程。

方法二：手动安装（以下安装必须安装顺序执行，有依赖）

安装编译环境

#Yum install -y gcc gcc-c++ pcre libcurl libcurl-devel gmodule gthread glib2-devel

1、安装eventlog

#tar -zxvf eventlog_0.2.12.tar.gz#cd  eventlog-0.2.12#./configure --prefix=/usr/local/eventlog#make && make install

2、安装libol

#tar -zxvf libol-0.3.18.tar.gz#cd libol-0.3.18#./configure --prefix=/usr/local/libol#make && make install

3、安装syslog-ng

vi /etc/profile    //设置环境变量export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig/

//开始安装#tar -zxvf syslog-ng_3.3.7.tar.gz#cd syslog-ng-3.3.7#./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol/#make && make install

4、配置syslog-ng

说明：一条日志的处理流程大概是这样的,如下

首先是 "日志的来源 source s_name { ... };"

然后是 "过滤规则 filter f_name { ... };"

再然后是 "消息链（执行）log { source(s_name); filter(f_name); destination(d_name) };"

最后是 "目标动作 destination d_name { ... };"

声明过程如上，但是在配置文件中，“目标动作”在“消息链”前面。和编程中的声明一样。

全局配置的是在 /usr/local/syslog-ng/etc/syslog-ng.conf 中

@version:3.3.5options {       # 消息日志的最大值（bytes）       log_msg_size(8192);       #设置一次向目的地发送几行消息.如果设成0,一收到消息就发送       flush_lines(1);       # 输出队列的行数       log_fifo_size(20480);       # 对于死连接，到达多少秒，会重新连接       time_reopen(10);       # 是否打开DNS查询功能       use_dns(yes);       # 是否打开DNS缓存功能       dns_cache(yes);       # 是否使用完整的域名       use_fqdn(yes);       # 是否保留日志消息中保存的主机名称       keep_hostname(yes);       # 是否打开主机名链功能，打开后可在多网络段转发日志时有效       chain_hostnames(no);       # 当指定的目标目录不存在时，是否创建该目录       create_dirs(yes);       # 文件的权限，同样，使用八进制方式标注       perm(0644);       #两个状态消息（关于丢失日志消息的统计消息）       #消息之间间隔的时间（以秒为单位）.0表示禁用发送STATS消息.        stats_freq(43200);}; #syslog-ng 内部产生的消息source s_internal {        internal();}; source s_local {       unix-stream("/dev/log" max-connections(50));       file("/proc/kmsg" program_override("kernel: "));}; # 表示日志来源为本机udp和tcp的514端口source s_src {       tcp(ip(0.0.0.0) port(514));       udp(ip(0.0.0.0) port(514));}; filter f_cron { facility(cron); };filter f_console { facility(kern); };filter f_bootlog  {facility(local7); };filter f_messages { level(info) and not (facility(mail)or facility(authpriv) or facility(cron)); };filter f_secure { facility(authpriv); };filter f_spooler { facility(uucp) or (facility(news) andlevel(crit)); };filter f_local6 { facility(mail); };filter f_local4 { facility(local4); };filter f_catalina { facility(local5); }; destination d_syslognglog {       file("/var/log/syslog-ng.log");}; destination d_loc_messages {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/loc_messages"      owner("root") group("root")       perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_messages {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages"      owner("root") group("root")       perm(0640) dir_perm(0750)      create_dirs(yes));      };destination d_local7 {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/local7"      owner("root") group("root")       perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_localhost_access_log {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/tomcat-access"      owner("root") group("root")       perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_local6 {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/local6"      owner("root") group("root")       perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_console {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_secure {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_cron {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_spooler {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_bootlog {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_syslog {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/syslog"      owner("root")group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      };destination d_catalina {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/catalina.out"      owner("root") group("root")      perm(0640)dir_perm(0750)       create_dirs(yes));      };destination d_local4 {      file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/localhost.log"      owner("root") group("root")      perm(0640)dir_perm(0750)      create_dirs(yes));      }; log {source(s_internal); destination(d_syslognglog);};log {source(s_local); destination(d_loc_messages);};log {source(s_src);filter(f_messages);destination(d_messages);};log {source(s_src); filter(f_console);  destination(d_console); };log {source(s_src); filter(f_secure);  destination(d_secure);  };log {source(s_src); filter(f_cron);  destination(d_cron); };log {source(s_src); filter(f_spooler);destination(d_spooler); };log {source(s_src); filter(f_bootlog);destination(d_bootlog); };log {source(s_src); filter(f_bootlog); destination(d_local7);};log {source(s_src); filter(f_local6);destination(d_local6); };log {source(s_src); destination(d_localhost_access_log);};log {source(s_src); filter(f_catalina);destination(d_catalina); };log {source(s_src); filter(f_local4);destination(d_local4); };

5、添加为系统服务,

# vim /etc/init.d/syslog-ng #创建syslog-ng文件内容如下

#!/bin/bash #  # chkconfig:-  60 27 # description:syslog-ng SysV script.  ./etc/rc.d/init.d/functions  syslog_ng=/usr/local/syslog-ng/sbin/syslog-ngprog=syslog-ng pidfile=/usr/local/syslog-ng/var/syslog-ng.pidlockfile=/usr/local/syslog-ng/var/syslog-ng.lockRETVAL=0 STOP_TIMEOUT=${STOP_TIMEOUT-10} start() {         echo -n $"Starting $prog: "         daemon --pidfile=$pidfile $syslog_ng$OPTIONS         RETVAL=$?         echo         [ $RETVAL = 0 ] && touch${lockfile}         return $RETVAL }  stop() {     echo -n $"Stopping $prog: "     killproc -p $pidfile -d $STOP_TIMEOUT$syslog_ng     RETVAL=$?     echo     [ $RETVAL = 0 ] && rm -f $lockfile$pidfile }  case"$1" in   start)     start     ;;   stop)     stop     ;;   status)         status -p $pidfile $syslog_ng     RETVAL=$?     ;;   restart)     stop     start     ;;   *)     echo $"Usage: $prog {start|stop|restart|status}"    RETVAL=2 esac exit $RETVAL

加入开机启动：

# chmod a+x /etc/init.d/syslog-ng    //给syslong-ng执行权限# killall syslogd                    //关闭# chkconfig --add syslog-ng           # chkconfig syslog-ng on# service syslog-ng start    //启动 syslog-ng

参考文章：

http://blog.clanzx.net/2013/12/31/rsyslog.html

http://blogread.cn/it/article/4825?f=wb

http://www.liaohuqiu.net/cn/posts/log-center/

http://luyongxin88.blog.163.com/blog/static/925580720112275183903/

https://mos.meituan.com/library/5/how-to-config-rsyslog/

http://www.liaohuqiu.net/cn/posts/log-center/

http://www.tuicool.com/articles/Jv2eUvn

http://www.voidcn.com/article/p-pucrlcgk-bmp.html

http://blog.csdn.net/chenhao112358/article/details/40892239

http://my.oschina.net/0757/blog/198329?fromerr=wsJoMf7J

http://my.oschina.net/0757/blog/198329?fromerr=X23pzHkY

http://comments.gmane.org/gmane.comp.sysutils.rsyslog/9011

https://sourceforge.net/p/xcat/mailman/message/26333404/

http://comments.gmane.org/gmane.comp.sysutils.rsyslog/17495

http://www.rsyslog.com/doc/v8-stable/configuration/templates.html#legacy-format

http://ubuntuforums.org/archive/index.php/t-1690234.html

https://logtrust.atlassian.net/wiki/display/LD/File+monitoring+via+rsyslog

http://www.voidcn.com/article/p-ujjyyjdi-beo.html

http://www.voidcn.com/article/p-pucrlcgk-bmp.html

http://www.cnblogs.com/tobeseeker/archive/2013/03/10/2953250.html

http://kubiops.com/2015/10/01/rsyslog模板/

http://www.rsyslog.com/article317/

http://www.rsyslog.com/doc/v8-stable/configuration/property_replacer.html

http://itindex.net/detail/41541-linux-日志-管理

http://bguncle.blog.51cto.com/3184079/957315/

标签：安装日志技巧 Syslog ng

免责声明：本网信息来自于互联网，目的在于传递更多信息，并不代表本网赞同其观点。其原创性以及文中陈述文字和内容未经本站证实，对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺，并请自行核实相关内容。本站不承担此类作品侵权行为的直接责任及连带责任。如若本网有任何内容侵犯您的权益，请及时联系我们，本站将会在24小时内处理完毕。