syslog-ng的强大功能在此呈现
首先切换到/etc目录
cd /etc
vi log.profile
- #日志存放路径
- PT=/var/log/ipwall/
-
- #客户端白名单(以逗号分割)
- IP=192.168.2.1,192.168.2.30
-
- #磁盘剩余空间大小(单位GB)
- SP=10
-
- #日志转储切割大小(单位MB)
- SZ=50
vi syslog-ng.example
- @version: 3.2
- #版本号具体数值参考 /etc/syslog-ng/syslog-ng.conf 文件第一行
-
- options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
- owner("root"); group("adm"); perm(0640); stats_freq(0);
- bad_hostname("^gconfd$");
- };
-
- source s_net { udp(ip(0.0.0.0) port(514)); };
-
- destination d_session { file("__PATH__/$HOST/session/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_url { file("__PATH__/$HOST/url/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_qq { file("__PATH__/$HOST/QQ/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_msn { file("__PATH__/$HOST/msn/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_alipay { file("__PATH__/$HOST/alipay/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_dns { file("__PATH__/$HOST/dns/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_pop3 { file("__PATH__/$HOST/pop3/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
- destination d_others { file("__PATH__/$HOST/others/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
- filter f_local3 { level(info) and facility(local3); };
- filter f_host { host("__IP__"); };
- filter f_session { level(info) and facility(local1) and filter(f_host); };
- filter f_url { level(info) and facility(local2) and filter(f_host); };
- filter f_qq { filter(f_local3) and message(^qq) and filter(f_host); };
- filter f_msn { filter(f_local3) and message(^msn) and filter(f_host); };
- filter f_alipay { filter(f_local3) and message(^alipay) and filter(f_host); };
- filter f_dns { filter(f_local3) and message(^dns) and filter(f_host); };
- filter f_pop3 { filter(f_local3) and message(^pop3) and filter(f_host); };
- filter f_others { not facility(local1, local2, local3) and filter(f_host); };
-
- log { source(s_net); filter(f_session); destination(d_session); };
- log { source(s_net); filter(f_url); destination(d_url); };
- log { source(s_net); filter(f_qq); destination(d_qq); };
- log { source(s_net); filter(f_msn); destination(d_msn); };
- log { source(s_net); filter(f_alipay); destination(d_alipay); };
- log { source(s_net); filter(f_dns); destination(d_dns); };
- log { source(s_net); filter(f_pop3); destination(d_pop3); };
- log { source(s_net); filter(f_others); destination(d_others); };
vi logrotate.example
- __PATH__/__IP__/session/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/url/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/QQ/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/msn/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/alipay/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/dns/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/pop3/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
-
- __PATH__/__IP__/others/messages.log {
- missingok
- rotate 65535
- create 0777 syslog adm
- compress
- size __SZ__M
- dateext
- dateformat .%s
- postrotate
- /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
- endscript
- }
vi syslog.install
- #/bin/bash
-
- . /etc/log.profile
- cd /etc
- rm -f /etc/logrotate.d/ipwall
- PT=${PT%%/}
- [ -d $PT ] || mkdir -p $PT
- NUM=$(awk -vRS=, 'END{print NR}' <<<$IP)
- CRON=/var/spool/cron/crontabs/root
- SED_F(){
- sed "s,__PATH__,$PT,;s,__IP__,$1,;s,__SZ__,$SZ," logrotate.example >> /etc/logrotate.d/ipwall
- }
-
- if [[ $NUM == 1 ]];then
- NIP=$(sed 's/.*/^&$/' <<<$IP)
- SED_F $IP
- else
- NIP=$(sed 's/.*/^&$/;s/,/$\\\\|^/g' <<<$IP)
- awk -vRS=",|\n" '1' <<<$IP | while read LINE;do SED_F $LINE;done
- fi
-
- sed "s,__PATH__,$PT,;s,__IP__,$NIP," syslog-ng.example > /etc/syslog-ng/syslog-ng.conf
-
- service syslog-ng restart 1>/dev/null
-
- chmod 755 /etc/rotate /etc/monipartition
- [ -f $CRON ] && sed -i '/rotate\|monipartition/d' /var/spool/cron/crontabs/root
- echo -e "* * * * * /etc/rotate\n10 0 * * * /etc/monipartition" >> /var/spool/cron/crontabs/root
-
- exit 0
vi rotate
- #!/bin/bash
-
- . /etc/log.profile
-
- MOVE_F(){
- cd $1
- ls *.gz 2>/dev/null|/usr/bin/awk -F"_" 'NR==1{i=$1;system("mkdir -p "i"")}{if($1==i)system("mv "$0" "i"")}'
- }
-
- /usr/sbin/logrotate /etc/logrotate.conf
-
- /usr/bin/find $PT -name "messages.log.*.gz" | /usr/bin/awk -F'messages\\.log\\.' '{split($NF,a,".");system("mv "$0" "$1"`date -d \"@"a[1]"\" +%Y-%m-%d_%H-%M`.gz")}'
-
- /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do MOVE_F $LINE;done
-
- exit 0
vi monipartition
- #!/bin/bash
-
- . /etc/log.profile
-
- SPACE=$(df $PT | awk 'NR==2{print $4}')
- SP=$(($SP*100000))
-
- RM_F(){
- cd $1
- ls -d */ 2>/dev/null | awk 'NR==1{system("rm -rf "$0"")}'
- }
-
- [[ $SPACE -le $SP ]] && /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do RM_F $LINE;done
-
- exit 0
文件全部保存在 /etc 目录下,给安装脚本 syslog.install 加执行权限,执行该脚本。
ubuntu 11.04 syslog-ng 3.13 测试通过,如果是syslog-ng 3.1.2 版本请把配置文件的版本号改为:
@version
:
3
.
0