syslog-ng安装和使用
概述
syslog-ng常用于接收交换机、LINUX SERVER等程序发出的log信息。
安装
yum install syslog-ng
本文安装的是syslog-ng-3.0.5
配置
/etc/syslog-ng/syslog-ng.conf
// 在最后加上:
#aliswich syslog
#定义一个source,表示哪里是log的源,下面的为不限IP,接收
514
端口报文。
source s_remote {
tcp(ip(
0.0
.
0.0
) port(
514
));
udp(ip(
0.0
.
0.0
) port(
514
));
};
# 定义一个存放log的目的位置
destination d_networkdevice { file(
"/var/log/test_syslog.log"
owner(
"root"
) group(
"root"
) perm(
0640
) dir_perm(
0750
) create_dirs(yes)); };
# 多个设备指定同一个server时,日志最好按IP分开存放。
destination d_separatedbyhosts {
file(
"/var/log/syslog-ng/$HOST/$MONTH$DAY.log"
owner(
"root"
) group(
"root"
) perm(
0640
) dir_perm(
0750
) create_dirs(yes));};
# 也可以定义显示的内容
destination d_separatedbyhosts {
file(
"/var/log/syslog-ng/$HOST/$MONTH$DAY.log"
template("$FACILITY $LEVEL $PRIORITY $DATE $HOST $PROGRAM $MSGHDR$M
SG\n
") owner("
root
") group("
root") perm(
0640
) dir_perm(
0750
) create_dirs(yes));
};
#一个log存储规则的定义,还可以定义filter
log { source(s_remote); destination(d_networkdevice); };
重启syslog-ng
service syslog-ng restart
附录
变量名
#
# Name Description
# ---------------- ----------------------------------------------
# DATE Date of the transaction.
# DAY The day of month the message was sent.
# FACILITY The name of the facility, the message is tagged
# as coming from.
# FULLDATE Long form of the date of the transaction.
# FULLHOST Full hostname of the system that sent the log.
# HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
# HOUR The hour of day the message was sent.
# ISODATE Date in ISO format.
# MIN The minute the message was sent.
# MONTH The month the message was sent.
# MSG or MESSAGE Message contents.
# PRIORITY or LEVEL The priority of the message.
# PROGRAM The name of the program the message was sent by.
# SEC The second the message was sent.
# TAG The priority and facility encoded as a 2 digit
# hexadecimal number.
# TZ The time zone or name or abbreviation. e.g. 'PDT'
# TZOFFSET The time-zone as hour offset from GMT. e.g.
# '-0700'
# WEEKDAY The 3-letter name of the day of week the
# message was sent, e.g. 'Thu'.
# YEAR The year the message was sent. Time expansion
# macros can either use the time specified in
# the log message, e.g. the time the log message
# is sent, or the time the message was received
# by the log server. This is controlled by the
# use_time_recvd() option.#
# Name Description
# ---------------- ----------------------------------------------
# DATE Date of the transaction.
# DAY The day of month the message was sent.
# FACILITY The name of the facility, the message is tagged
# as coming from.
# FULLDATE Long form of the date of the transaction.
# FULLHOST Full hostname of the system that sent the log.
# HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
# HOUR The hour of day the message was sent.
# ISODATE Date in ISO format.
# MIN The minute the message was sent.
# MONTH The month the message was sent.
# MSG or MESSAGE Message contents.
# PRIORITY or LEVEL The priority of the message.
# PROGRAM The name of the program the message was sent by.
# SEC The second the message was sent.
# TAG The priority and facility encoded as a 2 digit
# hexadecimal number.
# TZ The time zone or name or abbreviation. e.g. 'PDT'
# TZOFFSET The time-zone as hour offset from GMT. e.g.
# '-0700'
# WEEKDAY The 3-letter name of the day of week the
# message was sent, e.g. 'Thu'.
# YEAR The year the message was sent. Time expansion
# macros can either use the time specified in
# the log message, e.g. the time the log message
# is sent, or the time the message was received
# by the log server. This is controlled by the
# use_time_recvd() option.
概述
syslog-ng常用于接收交换机、LINUX SERVER等程序发出的log信息。
安装
yum install syslog-ng
本文安装的是syslog-ng-3.0.5
配置
// 在最后加上:
#aliswich syslog
#定义一个source,表示哪里是log的源,下面的为不限IP,接收
514
端口报文。
source s_remote {
tcp(ip(
0.0
.
0.0
) port(
514
));
udp(ip(
0.0
.
0.0
) port(
514
));
};
# 定义一个存放log的目的位置
destination d_networkdevice { file(
"/var/log/test_syslog.log"
owner(
"root"
) group(
"root"
) perm(
0640
) dir_perm(
0750
) create_dirs(yes)); };
# 多个设备指定同一个server时,日志最好按IP分开存放。
destination d_separatedbyhosts {
file(
"/var/log/syslog-ng/$HOST/$MONTH$DAY.log"
owner(
"root"
) group(
"root"
) perm(
0640
) dir_perm(
0750
) create_dirs(yes));};
# 也可以定义显示的内容
destination d_separatedbyhosts {
file(
"/var/log/syslog-ng/$HOST/$MONTH$DAY.log"
template("$FACILITY $LEVEL $PRIORITY $DATE $HOST $PROGRAM $MSGHDR$M
SG\n
") owner("
root
") group("
root") perm(
0640
) dir_perm(
0750
) create_dirs(yes));
};
#一个log存储规则的定义,还可以定义filter
log { source(s_remote); destination(d_networkdevice); };
|
重启syslog-ng
service syslog-ng restart
附录
变量名
#
# Name Description
# ---------------- ----------------------------------------------
# DATE Date of the transaction.
# DAY The day of month the message was sent.
# FACILITY The name of the facility, the message is tagged
# as coming from.
# FULLDATE Long form of the date of the transaction.
# FULLHOST Full hostname of the system that sent the log.
# HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
# HOUR The hour of day the message was sent.
# ISODATE Date in ISO format.
# MIN The minute the message was sent.
# MONTH The month the message was sent.
# MSG or MESSAGE Message contents.
# PRIORITY or LEVEL The priority of the message.
# PROGRAM The name of the program the message was sent by.
# SEC The second the message was sent.
# TAG The priority and facility encoded as a 2 digit
# hexadecimal number.
# TZ The time zone or name or abbreviation. e.g. 'PDT'
# TZOFFSET The time-zone as hour offset from GMT. e.g.
# '-0700'
# WEEKDAY The 3-letter name of the day of week the
# message was sent, e.g. 'Thu'.
# YEAR The year the message was sent. Time expansion
# macros can either use the time specified in
# the log message, e.g. the time the log message
# is sent, or the time the message was received
# by the log server. This is controlled by the
# use_time_recvd() option.#
# Name Description
# ---------------- ----------------------------------------------
# DATE Date of the transaction.
# DAY The day of month the message was sent.
# FACILITY The name of the facility, the message is tagged
# as coming from.
# FULLDATE Long form of the date of the transaction.
# FULLHOST Full hostname of the system that sent the log.
# HOST The name of the source host where the message
# is originated from. If the message traverses
# several hosts, and chain_hostnames() is on,
# the first one is used.
# HOUR The hour of day the message was sent.
# ISODATE Date in ISO format.
# MIN The minute the message was sent.
# MONTH The month the message was sent.
# MSG or MESSAGE Message contents.
# PRIORITY or LEVEL The priority of the message.
# PROGRAM The name of the program the message was sent by.
# SEC The second the message was sent.
# TAG The priority and facility encoded as a 2 digit
# hexadecimal number.
# TZ The time zone or name or abbreviation. e.g. 'PDT'
# TZOFFSET The time-zone as hour offset from GMT. e.g.
# '-0700'
# WEEKDAY The 3-letter name of the day of week the
# message was sent, e.g. 'Thu'.
# YEAR The year the message was sent. Time expansion
# macros can either use the time specified in
# the log message, e.g. the time the log message
# is sent, or the time the message was received
# by the log server. This is controlled by the
# use_time_recvd() option.