Solaris10上配置log server

分别在log server和log client上安装syslog-ng.

log server示例配置（syslog-ng.conf）如下：

@version: 3.2
@include "scl.conf"
options { flush_lines (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          dir_owner(root);
          dir_group(root);
          dir_perm(0755);
          owner(root);
          group(root);
          perm(0644);
          keep_hostname (yes);
        };

source s_local {
        system();
        internal();
};

source s_network {
        udp();
};

destination l_cons { file("/dev/console"); };
destination l_mesg { file("/var/adm/messages"); };
destination l_mesg_all { file("/var/log/messages"); };
destination l_mail { file("/var/log/syslog"); };
destination l_auth { file("/var/log/authlog"); };
destination l_mlop { usertty("operator"); };
destination l_mlrt { usertty("root"); };
destination l_mlal { usertty("*"); };

destination r_mesg { file("/logcen/$YEAR/$MONTH/$HOST/messages"); };
destination r_mail { file("/logcen/$YEAR/$MONTH/$HOST/syslog"); };
destination r_auth { file("/logcen/$YEAR/$MONTH/$HOST/authlog"); };

filter f_filter1   { level(err) or
                     (level(notice) and facility (auth, kern)); };
filter f_filter2   { level(err) or
                     (facility(kern) and level(debug)) or
                     (facility(daemon) and level(notice)) or
                     (facility(mail) and level(crit)); };
filter f_filter3   { level(alert) or
                     (facility(kern) and level(err)) or
                     (facility(daemon) and level(err)); };
filter f_filter4   { level(alert); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(auth) and level(notice); };
filter f_filter7   { facility(mail) and level(debug); };
filter f_filter8   { facility(user) and level(err); };
filter f_filter9   { facility(user) and level(alert); };
filter f_filter10  { facility(user) and level(emerg); };

log { source(s_local); destination(l_mesg_all); };
log { source(s_local); filter(f_filter1); destination(l_cons); };
log { source(s_local); filter(f_filter2); destination(l_mesg); };
log { source(s_local); filter(f_filter3); destination(l_mlop); };
log { source(s_local); filter(f_filter4); destination(l_mlrt); };
log { source(s_local); filter(f_filter5); destination(l_mlal); };
log { source(s_local); filter(f_filter6); destination(l_auth); };
log { source(s_local); filter(f_filter7); destination(l_mail); };
log { source(s_local); filter(f_filter8); destination(l_cons);
                                        destination(l_mesg); };
log { source(s_local); filter(f_filter9); destination(l_mlop);
                                        destination(l_mlrt); };
log { source(s_local); filter(f_filter10); destination(l_mlal); };

log { source(s_local); source(s_network); filter(f_filter2); destination(r_mesg); };
log { source(s_local); source(s_network); filter(f_filter6); destination(r_auth); };
log { source(s_local); source(s_network); filter(f_filter7); destination(r_mail); };
log { source(s_local); source(s_network); filter(f_filter8); destination(r_mesg); };

log client示例配置（syslog-ng.conf）如下：

@version: 3.2
@include "scl.conf"
options { flush_lines (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          dir_owner(root);
          dir_group(root);
          dir_perm(0755);
          owner(root);
          group(root);
          perm(0644);
          keep_hostname (yes);
        };

source s_local {
        system();
        internal();
};

source s_network {
        udp();
};

destination l_cons { file("/dev/console"); };
destination l_mesg { file("/var/adm/messages"); };
destination l_mesg_all { file("/var/log/messages"); };
destination l_mail { file("/var/log/syslog"); };
destination l_auth { file("/var/log/authlog"); };
destination l_mlop { usertty("operator"); };
destination l_mlrt { usertty("root"); };
destination l_mlal { usertty("*"); };

destination d_udp { udp("10.0.2.71" port(514)); };

filter f_filter1   { level(err) or
                     (level(notice) and facility (auth, kern)); };
filter f_filter2   { level(err) or
                     (facility(kern) and level(debug)) or
                     (facility(daemon) and level(notice)) or
                     (facility(mail) and level(crit)); };
filter f_filter3   { level(alert) or
                     (facility(kern) and level(err)) or
                     (facility(daemon) and level(err)); };
filter f_filter4   { level(alert); };
filter f_filter5   { level(emerg); };
filter f_filter6   { facility(auth) and level(notice); };
filter f_filter7   { facility(mail) and level(debug); };
filter f_filter8   { facility(user) and level(err); };
filter f_filter9   { facility(user) and level(alert); };
filter f_filter10  { facility(user) and level(emerg); };

log { source(s_local); destination(l_mesg_all); };
log { source(s_local); filter(f_filter1); destination(l_cons); };
log { source(s_local); filter(f_filter2); destination(l_mesg); };
log { source(s_local); filter(f_filter3); destination(l_mlop); };
log { source(s_local); filter(f_filter4); destination(l_mlrt); };
log { source(s_local); filter(f_filter5); destination(l_mlal); };
log { source(s_local); filter(f_filter6); destination(l_auth); };
log { source(s_local); filter(f_filter7); destination(l_mail); };
log { source(s_local); filter(f_filter8); destination(l_cons);
                                        destination(l_mesg); };
log { source(s_local); filter(f_filter9); destination(l_mlop);
                                        destination(l_mlrt); };
log { source(s_local); filter(f_filter10); destination(l_mlal); };

log { source(s_local); filter(f_filter2); destination(d_udp); };
log { source(s_local); filter(f_filter6); destination(d_udp); };

log { source(s_local); filter(f_filter7); destination(d_udp); };
log { source(s_local); filter(f_filter8); destination(d_udp); };