环境:CentOS Linux release 7.3.1611 (Core)
获取安装的RPM:
[root@localhost yum.repos.d]# wget https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-13.noarch.rpm
--2020-11-26 09:50:24-- https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-13.noarch.rpm
Resolving dl.fedoraproject.org (dl.fedoraproject.org)... 38.145.60.22, 38.145.60.24, 38.145.60.23
Connecting to dl.fedoraproject.org (dl.fedoraproject.org)|38.145.60.22|:443... connected.
HTTP request sent, awaiting response... 200 OK
安装RPM:
[root@localhost yum.repos.d]# rpm -ivh epel-release-7-13.noarch.rpm
warning: epel-release-7-13.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:epel-release-7-13 ################################# [100%]
yum安装syslog-ng
[root@localhost yum.repos.d]# yum --enable repo=epel install syslog-ng eventlog syslog-ng-libdbi
Loaded plugins: fastestmirror, langpacks
Usage: yum [options] COMMAND
List of Commands:
check Check for problems in the rpmdb
check-update Check for available package updates
clean Remove cached data
deplist List a package's dependencies
distribution-synchronization Synchronize installed packages to the latest available versions
downgrade downgrade a package
...
...
...
Verifying : librabbitmq-0.8.0-3.el7.x86_64 5/7
Verifying : ivykis-0.36.2-2.el7.x86_64 6/7
Verifying : libnet-1.1.6-7.el7.x86_64 7/7
Installed:
eventlog.x86_64 0:0.2.13-4.el7 syslog-ng.x86_64 0:3.21.1-3.el7 syslog-ng-libdbi.x86_64 0:3.21.1-3.el7
Dependency Installed:
ivykis.x86_64 0:0.36.2-2.el7 libdbi.x86_64 0:0.9.0-6.el7 libnet.x86_64 0:1.1.6-7.el7
librabbitmq.x86_64 0:0.8.0-3.el7
Complete!
查看配置文件
[root@localhost ~]# cat /etc/syslog-ng/syslog-ng.conf
@version:3.21
@include "scl.conf"
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
...
防止syslog与syslog-ng冲突,关闭syslog服务:
[root@localhost ~]# chkconfig rsyslog off; chkconfig syslog-ng on
Note: Forwarding request to 'systemctl disable rsyslog.service'.
Removed symlink /etc/systemd/system/multi-user.target.wants/rsyslog.service.
Note: Forwarding request to 'systemctl enable syslog-ng.service'.
停止syslog服务,启用syslog-ng服务:
[root@localhost ~]# service rsyslog stop;service syslog-ng start
Redirecting to /bin/systemctl stop rsyslog.service
Redirecting to /bin/systemctl start syslog-ng.service
重启加载配置文件:
[root@localhost ~]# systemctl reload syslog-ng.service
配置文件修改:
@version:3.21
@include "scl.conf"
options {
time-reap(30);
mark-freq(10);
keep-hostname(yes);
};
source s_local { system(); internal(); };
source s_network {syslog(transport(udp) port(514));}; #syslog使用的协议以及端口
destination d_local {file("/var/log/syslog-ng/messages_${HOST}"); }; #syslog日志保存的位置,以IP命名。
#destination d_logs {
# file(
# "/var/log/syslog-ng/logs.txt" #syslog日志保存位置
# owner("root") # 文件所有者
# group("root") # 文件所属用户组
# perm(0777)); # 文件权限
# };
log { source(s_local); source(s_network); destination(d_logs);};
@include "/etc/syslog-ng/conf.d/*.conf"
发送日志方:syslog 配置修改/etc/rsyslog.conf
*.* /var/log/messages
*.*;local6.none /var/log/messages
#local6.* @syslog server ip
#local6.* @192.168.44.210
cron.* /var/log/cron
authpriv.* /var/log/secure
local6.* @192.168.50.102