分别在log server和log client上安装syslog-ng.
log server示例配置(syslog-ng.conf)如下:
@version: 3.2
@include "scl.conf"
options { flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
dir_owner(root);
dir_group(root);
dir_perm(0755);
owner(root);
group(root);
perm(0644);
keep_hostname (yes);
};source s_local {
system();
internal();
};source s_network {
udp();
};destination l_cons { file("/dev/console"); };
destination l_mesg { file("/var/adm/messages"); };
destination l_mesg_all { file("/var/log/messages"); };
destination l_mail { file("/var/log/syslog"); };
destination l_auth { file("/var/log/authlog"); };
destination l_mlop { usertty("operator"); };
destination l_mlrt { usertty("root"); };
destination l_mlal { usertty("*"); };destination r_mesg { file("/logcen/$YEAR/$MONTH/$HOST/messages"); };
destination r_mail { file("/logcen/$YEAR/$MONTH/$HOST/syslog"); };
destination r_auth { file("/logcen/$YEAR/$MONTH/$HOST/authlog"); };filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(debug)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(auth) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
filter f_filter10 { facility(user) and level(emerg); };log { source(s_local); destination(l_mesg_all); };
log { source(s_local); filter(f_filter1); destination(l_cons); };
log { source(s_local); filter(f_filter2); destination(l_mesg); };
log { source(s_local); filter(f_filter3); destination(l_mlop); };
log { source(s_local); filter(f_filter4); destination(l_mlrt); };
log { source(s_local); filter(f_filter5); destination(l_mlal); };
log { source(s_local); filter(f_filter6); destination(l_auth); };
log { source(s_local); filter(f_filter7); destination(l_mail); };
log { source(s_local); filter(f_filter8); destination(l_cons);
destination(l_mesg); };
log { source(s_local); filter(f_filter9); destination(l_mlop);
destination(l_mlrt); };
log { source(s_local); filter(f_filter10); destination(l_mlal); };log { source(s_local); source(s_network); filter(f_filter2); destination(r_mesg); };
log { source(s_local); source(s_network); filter(f_filter6); destination(r_auth); };
log { source(s_local); source(s_network); filter(f_filter7); destination(r_mail); };
log { source(s_local); source(s_network); filter(f_filter8); destination(r_mesg); };
log client示例配置(syslog-ng.conf)如下:
@version: 3.2
@include "scl.conf"
options { flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
dir_owner(root);
dir_group(root);
dir_perm(0755);
owner(root);
group(root);
perm(0644);
keep_hostname (yes);
};source s_local {
system();
internal();
};source s_network {
udp();
};destination l_cons { file("/dev/console"); };
destination l_mesg { file("/var/adm/messages"); };
destination l_mesg_all { file("/var/log/messages"); };
destination l_mail { file("/var/log/syslog"); };
destination l_auth { file("/var/log/authlog"); };
destination l_mlop { usertty("operator"); };
destination l_mlrt { usertty("root"); };
destination l_mlal { usertty("*"); };destination d_udp { udp("10.0.2.71" port(514)); };
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(debug)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(auth) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
filter f_filter10 { facility(user) and level(emerg); };log { source(s_local); destination(l_mesg_all); };
log { source(s_local); filter(f_filter1); destination(l_cons); };
log { source(s_local); filter(f_filter2); destination(l_mesg); };
log { source(s_local); filter(f_filter3); destination(l_mlop); };
log { source(s_local); filter(f_filter4); destination(l_mlrt); };
log { source(s_local); filter(f_filter5); destination(l_mlal); };
log { source(s_local); filter(f_filter6); destination(l_auth); };
log { source(s_local); filter(f_filter7); destination(l_mail); };
log { source(s_local); filter(f_filter8); destination(l_cons);
destination(l_mesg); };
log { source(s_local); filter(f_filter9); destination(l_mlop);
destination(l_mlrt); };
log { source(s_local); filter(f_filter10); destination(l_mlal); };log { source(s_local); filter(f_filter2); destination(d_udp); };
log { source(s_local); filter(f_filter6); destination(d_udp); };log { source(s_local); filter(f_filter7); destination(d_udp); };
log { source(s_local); filter(f_filter8); destination(d_udp); };