当前位置: 首页 > 工具软件 > Syslog-ng > 使用案例 >

syslog-ng配置方式

冷浩瀚
2023-12-01

nginx目前的日志存储方式是通过syslog发送到日志服务器,日志服务器上使用的程序是syslog-ng。

配置文件路径:/etc/syslog-ng/syslog-ng.conf

// options是日志的一些基本选项

options {

        flush_lines (0);

        time_reopen (10);

        log_fifo_size (1024);

        long_hostnames (off);

        owner (root);

        group (root);

        perm (0600);

        dir_perm (0700);

        use_dns (no);

        dns_cache (no);

        use_fqdn (no);

        create_dirs (yes);

        keep_hostname (no);

        chain_hostnames (off);

};

// source是控制来源的ip和port

source net {

        udp(ip(0.0.0.0) port(514));

};

// destination 是目的文件

destination http_acc {

        file("/var/log/nginx/olwaf-$HOST-acc.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));

};

destination http_err {

        file("/var/log/nginx/olwaf-$HOST-err.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));

};

// filter是过滤规则

filter f_http_acc {

        facility(local3) and level(info);

};

filter f_http_err {

        facility(local3) and level(warn..emerg);

};

// log将这三个组合,构成记录方式

log {

        source(net); filter(f_http_acc); destination(http_acc);

};

log {

        source(net); filter(f_http_err); destination(http_err);

};

nginx.conf中使用的syslog作为access log的变量

access_log syslog:facility=local3,severity=info,server=127.0.0.1:514,tag=tag_127_0_0_3_82 proxyformat;

facility:Sets facility of syslog messages, as defined in RFC 3164. Facility can be one of “kern”, “user”, “mail”, “daemon”, “auth”, “intern”, “lpr”, “news”, “uucp”, “clock”, “authpriv”, “ftp”, “ntp”, “audit”, “alert”, “cron”, “local0”..“local7”. Default is “local7

server:指定的机器

tag:打在日志的标签

日志格式:

Jan 15 14:54:35 netproxy090050.olwaf.com tag_127_0_0_3_82: 2019-01-15T14:54:35+08:00 127.0.0.3:45483 127.0.0.3:82 - 0.000 - 200 - 156 8 "GET http://127.0.0.3:82/ HTTP/1.1" "-" "curl/1.0

(curl 7.19.7) (x86_64-unknown-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3"

Jan 15 14:54:35 netproxy090050.olwaf.com tag_127_0_0_3_82: 2019-01-15T14:54:35+08:00 127.0.0.3:45484 127.0.0.3:82 - 0.000 - 200 - 156 8 "GET http://127.0.0.3:82/ HTTP/1.1" "-" "curl/1.0

(curl 7.19.7) (x86_64-unknown-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3"

syslog-ng中可以使用的变量:

$HOST:netproxy090050.olwaf.com

$SOURCE:s_sys

$HOST_FROM:127.0.0.1

$LEGACY_MSGHDR:tag_127_0_0_3_82\:\ 

要想使用这个作为文件名的话,需要处理一下最后的":"和空格。

 类似资料: