syslog-ng和logzilla实现日志集中管理
2011-02-18 12:53
344 查看
1、安装syslog-ng
#cd /root/pkgs
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm #wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
#cd /usr/src/redhat/SOURCES/
#tar zxvf eventlog_0.2.9.tar.gz
#cd eventlog-0.2.9/
#rpmbuild --ba eventlog.spec.bb
#cd /usr/src/redhat/RPMS/x86_64
#rpm -Uvh libevtlog*
#cd /root/pkgs/
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
sysllog-ng软件会安装到/opt/syslog-ng/目录下
2、安装logzilla
#cd /root/pkgs/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz #tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
3、修改syslog-ng的配置
#cd /opt/syslog-ng/
#vi etc/syslog-ng.conf
@version: 3.0
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
source s_local {
udp(ip(0.0.0.0) port(514));
};
# destinations
destination d_messages { file("/var/log/syslog-ng/$HOST"); };
###########################################################################################
# Clay's LogZilla config below
###########################################################################################
# Last updated on 2010-06-15
###########################################################################################
options {
long_hostnames(off);
# doesn't actually help on Solaris, log(3) truncates at 1024 chars
log_msg_size(8192);
# buffer just a little for performance
# sync(1); <- Deprecated - use flush_lines() instead
flush_lines(1);
# memory is cheap, buffer messages unable to write (like to loghost)
log_fifo_size(16384);
# Hosts we don't want syslog from
#bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished (seconds)
time_reopen(10);
#Use DNS so that our good names are used, not hostnames
use_dns(yes);
dns_cache(yes);
#Use the whole DNS name
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
#Read permission for everyone
perm(0644);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# # how many messages syslog-ng missed (0).
# stats(43200);
};
destination d_logzilla {
program("/www/webroot/php-syslog-ng/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
template_escape(yes)
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_local);
destination(d_logzilla);
destination(d_messages);
};
具体配置文件选项请参考: http://www.balabit.com/sites/default/files/documents/syslog-ng-v3.0-guide-admin-en.html/chapter_configuration.html 或者 http://www.linuxfly.org/post/171/1/1/
4、安装logzilla
a、安装logzilla所需的web基础环境(本文使用lamp,具体安装略)
b、解压logzilla包,并配置Apache
#mkdir -p /www/webroot/
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz #tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
修改Apache配置
<VirtualHost *:80>
ServerAdmin junleeee@163.com
DocumentRoot /www/webroot/php-syslog-ng/html/
ServerName 192.168.1.10
ErrorLog logs/error_log
CustomLog logs/access_log common
# LogZilla
Alias /logs "/www/webroot/php-syslog-ng/html/"
<Directory "/www/webroot/php-syslog-ng/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
c、web界面安装logzilla1)浏览http://192.168.1.10/logs进入安装界面:
注:如在改页面出现红色提示,可以调整相应文件和文件夹的权限,以及php的配置。
这样就安装完成了。
#cd /root/pkgs
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm #wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
#cd /usr/src/redhat/SOURCES/
#tar zxvf eventlog_0.2.9.tar.gz
#cd eventlog-0.2.9/
#rpmbuild --ba eventlog.spec.bb
#cd /usr/src/redhat/RPMS/x86_64
#rpm -Uvh libevtlog*
#cd /root/pkgs/
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
sysllog-ng软件会安装到/opt/syslog-ng/目录下
2、安装logzilla
#cd /root/pkgs/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz #tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
3、修改syslog-ng的配置
#cd /opt/syslog-ng/
#vi etc/syslog-ng.conf
@version: 3.0
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
source s_local {
udp(ip(0.0.0.0) port(514));
};
# destinations
destination d_messages { file("/var/log/syslog-ng/$HOST"); };
###########################################################################################
# Clay's LogZilla config below
###########################################################################################
# Last updated on 2010-06-15
###########################################################################################
options {
long_hostnames(off);
# doesn't actually help on Solaris, log(3) truncates at 1024 chars
log_msg_size(8192);
# buffer just a little for performance
# sync(1); <- Deprecated - use flush_lines() instead
flush_lines(1);
# memory is cheap, buffer messages unable to write (like to loghost)
log_fifo_size(16384);
# Hosts we don't want syslog from
#bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished (seconds)
time_reopen(10);
#Use DNS so that our good names are used, not hostnames
use_dns(yes);
dns_cache(yes);
#Use the whole DNS name
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
#Read permission for everyone
perm(0644);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# # how many messages syslog-ng missed (0).
# stats(43200);
};
destination d_logzilla {
program("/www/webroot/php-syslog-ng/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
template_escape(yes)
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_local);
destination(d_logzilla);
destination(d_messages);
};
具体配置文件选项请参考: http://www.balabit.com/sites/default/files/documents/syslog-ng-v3.0-guide-admin-en.html/chapter_configuration.html 或者 http://www.linuxfly.org/post/171/1/1/
4、安装logzilla
a、安装logzilla所需的web基础环境(本文使用lamp,具体安装略)
b、解压logzilla包,并配置Apache
#mkdir -p /www/webroot/
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz #tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
修改Apache配置
<VirtualHost *:80>
ServerAdmin junleeee@163.com
DocumentRoot /www/webroot/php-syslog-ng/html/
ServerName 192.168.1.10
ErrorLog logs/error_log
CustomLog logs/access_log common
# LogZilla
Alias /logs "/www/webroot/php-syslog-ng/html/"
<Directory "/www/webroot/php-syslog-ng/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
c、web界面安装logzilla1)浏览http://192.168.1.10/logs进入安装界面:
注:如在改页面出现红色提示,可以调整相应文件和文件夹的权限,以及php的配置。
这样就安装完成了。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- LAMP+logzilla2.9.9+syslog-ng实现集中日志管理(第二版)
- LAMP+logzilla2.9.9+syslog-ng实现集中日志管理(第二版)
- logzilla2.9.9+syslog-ng实现集中日志管理
- syslog-ng (日志集中管理)
- graylog2+syslog-ng+mongodb构建集中管理日志服务器 --转载
- 开源分布式搜索平台ELK+REDIS+SYSLOG-NG实现日志实时搜索(转载)
- CENTOS下用syslog-ng集中管理日志并压缩保存
- 开源分布式搜索平台ELK(Elasticsearch+Logstash+Kibana)+Redis+Syslog-ng实现日志实时搜索
- 巧用syslog-ng集中管理日志
- [Web] 日志服务器的搭建(logzilla+syslog-ng+lamp)
- CentOS 5.8搭建日志管理服务器(syslog-ng+logzilla)
- CentOS 5.8搭建日志管理服务器(syslog-ng+logzilla)续:添加syslog-ng自启动脚本
- CentOS 5.8搭建日志管理服务器(syslog-ng+logzilla)
- 开源分布式搜索平台ELK+Redis+Syslog-ng实现日志实时搜索
- 开源分布式搜索平台ELK+Redis+Syslog-ng实现日志实时搜索
- graylog2+syslog-ng+mongodb构建集中管理日志服务器 推荐
- 使用LogMaster4Net实现应用程序日志的集中管理
- 编译bash实现history的syslog日志记录
- Syslog-ng+Rsyslog收集日志:Syslog-ng安装(一)
- SYSLOG日志数据采集实现