syslog logzilla
一.部署LAMP平台(略)
二.安装软件包:
#yum install libdbi* libnet
#cpan Date::Calc Text::LevenshteinXS String::CRC32
#cpan -i Digest::SHA1
#cpan -i Net::MySQL
三、下载相关包
#cd /home/install
#mkdir logzilla;cd logzilla
#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm (或者 syslog-ng-2.1.4-9.el5.x86_64)
#wget http://lwlp.googlecode.com/files/logzilla_v2.9.9o.tgz
四、开始安装
# cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
# tar zxvf eventlog_0.2.9.tar.gz
# cd eventlog-0.2.9/
# cp ../eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/eventlog_0.2.9.tar.gz
# rpmbuild --ba eventlog.spec.bb
# cd /usr/src/redhat/RPMS/x86_64
# rpm -Uvh libevtlog*
#cd /home/install/logzilla
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
五、安装logzilla
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz (http://blog.liuts.com/post/209/)
#tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
六、配置Mysql
# mysql -u -p
mysql> SELECT @@event_scheduler;
+-------------------+
| @@event_scheduler |
+-------------------+
| OFF |
+-------------------+
1 row in set (0.00 sec)
低于Mysql5.1版本会提示如下,如不打算升级到logzilla3.0,没有关系,可以略过此步骤。
mysql> SELECT @@event_scheduler;
ERROR 1193 (HY000): Unknown system variable 'event_scheduler'
激活event_scheduler
mysql> SET GLOBAL event_scheduler = 1;
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT @@event_scheduler;
+-------------------+
| @@event_scheduler |
+-------------------+
| ON |
+-------------------+
1 row in set (0.00 sec)
mysql> quit;
七、修改Syslog-ng配置
#vi /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
source s_local {
udp(ip(0.0.0.0) port(514));
};
# destinations
destination d_messages { file("/var/log/client.logs"); };
options {
long_hostnames(off);
# doesn't actually help on Solaris, log(3) truncates at 1024 chars
log_msg_size(8192);
# buffer just a little for performance
# sync(1); <- Deprecated - use flush_lines() instead
flush_lines(1);
# memory is cheap, buffer messages unable to write (like to loghost)
log_fifo_size(16384);
# Hosts we don't want syslog from
#bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished (seconds)
time_reopen(10);
#Use DNS so that our good names are used, not hostnames
use_dns(yes);
dns_cache(yes);
#Use the whole DNS name
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
#Read permission for everyone
perm(0644);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# # how many messages syslog-ng missed (0).
# stats(43200);
};
destination d_logzilla {
program("/opt/web/phplog/php-syslog-ng/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
template_escape(yes)
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_local);
destination(d_logzilla);
};
八、修改apache配置
#vi httpd.conf
view plainprint?
<VirtualHost *:80>
ServerAdmin liutiansi@gmail.com
DocumentRoot /www/webroot/php-syslog-ng/html/
ServerName syslog.com.cn
ErrorLog logs/syslog.com.cn-error_log
CustomLog logs/syslog.com.cn-access_log common
# LogZilla
Alias /logs "/www/webroot/php-syslog-ng/html/"
<Directory "/www/webroot/php-syslog-ng/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
重启apache服务:/etc/init.d/apache2 restart
九、修改php.ini
Vi /usr/local/php/lib/php.ini
1. memory_limit = 128M
2. max_execution_time = 300
3. /etc/init.d/apache2 restart
十、配置日志分隔
cp /www/webroot/php-syslog-ng/scripts/contrib/system_configs/logrotate.d /etc/logrotate.d/logzilla
十一、添加作业
@daily /usr/local/php/bin/php /www/webroot/php-syslog-ng/scripts/logrotate.php >> /var/log/php-syslog-ng/logrotate.log
@daily /usr/bin/find /www/webroot/php-syslog-ng/html/jpcache/ -atime 1 -exec rm -f '{}' ';'
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/php/bin/php /www/webroot/php-syslog-ng/scripts/reloadcache.php >> /var/log/php-syslog-ng/reloadcache.log
注意:新的版本安装需要清空:/opt/web/phplog/html/config/config.php
转载于:https://blog.51cto.com/tonyzeng/1268598