一、概况
两台服务器,都安装syslog-ng,一台服务端,一台客户端;
server:192.168.209.19
client:192.168.209.18
二、安装
采用yum安装,执行:
yum -y install syslog-ng
完成之后,重启syslog-ng服务,service syslog-ng restart报错:
Plugin module not found in ‘module-path‘; module-path=‘/lib64/syslog-ng‘, module=‘afsql‘
解决方法:
yum install -y syslog-ng-libdbi
会安装以下两个软件包
libdbi-0.8.3-4.el6.x86_64
syslog-ng-libdbi-3.2.5-4.el6.x86_64
三、配置文件修改
服务端如下:
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
#Define source
source s_network {
tcp(ip(0.0.0.0) port(514));
};
#Define filter rules
#filter f_local0 { level(info..emerg); };
#Define destination file path
destination d_local0 { file("/var/log/local0.log" perm(0755) dir_perm(0755) create_dirs(yes)); };
# Write to destination files
log { source(s_network); destination(d_local0); };
简单的服务端配置,没有定义filter,直接接收所有的日志;
客户端如下:
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
unix-stream ("/dev/log");
internal();
};
filter f_auth { facility(auth); };
destination center_log_server { tcp("192.168.209.19" port(514)); };
log { source(s_sys); filter(f_auth); destination(center_log_server); };
简单配置:
source告知日志来源于/dev/log,unix-stream 打开指定的SOCK_STREAM模式的unix套接字,接收日志消息和internal(syslog本身产生日志);
定义filter为auth策略;
告知日志服务器为192.168.209.19,端口为514,tcp协议。