2 安装:(使用最简安装没有添加对json,sql等得支持) 1)因为syslog-ng安装需要eventlog的支持需要先安装eventlog的支持 a eventlog的的作用( 这里把eventlog的英文注释拿过来了 偷懒了) The EventLog library aims to be a replacement of the simple syslog() API provided on UNIX systems. The major difference between EventLog and syslog is that EventLog tries to add structure to messages. Where you had a simple non-structrured string in syslog() you have acombination of description and tag/value pairs. EventLog provides an interface to build, format and output an event record.The exact format and output method can be customized by the administrator via a configuration file.
Installation ------------
Installing this library is quite straightforward as it does not depend on anything but libc.
First grab your copy of the library. It is a tarball named eventlog-x.x.x.x.tar.gz where x.x.x.x is the library revision.
tar xvfz eventlog-x.x.x.x.tar.gz cd eventlog-x.x.x.x ./configure make && make install
If you want to package the library or move the binaries to another system, you can use the DESTDIR argument to 'make install' like this:
make DESTDIR=/tmp/staging install
which will use the /tmp/staging directory as root and copy all files beneath as it were a real system.
Copyright ---------
EventLog is distributed under the terms of a BSD style license, for details see the file COPYING. b eventlog安装脚本:
cd eventlog-0.2.12 ./configure --prefix=/data/workspace/eventlog make make install 2)安装好eventlog后,就可以进行syslog-ng的步骤了: a 安装脚本: cd syslog-ng-3.3.4 export EVTLOG_CFLAGS="-I/data/workspace/eventlog/include/eventlog/" export EVTLOG_LIBS="-levtlog -L/data/workspace/eventlog/lib" ./configure CFLAGS="-I/data/workspace/eventlog/include/eventlog/" LDFLAGS="-L/data/workspace/eventlog/lib " --prefix=/data/workspace/syslog-ng make make install
############################################################################# # Default syslog-ng.conf file which collects all local logs into a # single file called /var/log/messages. #
log {#包含 source 和 dest 我的理解相当于一个模块 source(s_local);
# uncomment this line to open port 514 to receive messages #source(s_network); destination(d_local); }; 2) 启动syslog-ng(/data/workspace/syslog-ng/sbin/syslog-ng) 3) 向 /home/guoxian1/test.log 写入一些数据: 运行三次echo "hello world test guoxain1" >>/home/guoxian1/test.log 4) 查看配置的日志dest: Apr 6 14:21:58 aer213130 hello world test guoxain1 Apr 6 14:21:59 aer213130 hello world test guoxain1 Apr 6 14:21:59 aer213130 hello world test guoxain1 5) 清空 /home/guoxian1/test.log并在此写入三条: 运行>/home/guoxian1/test.log 运行三次echo "hello world test guoxain1" >>/home/guoxian1/test.log 查看/var/log/test1messages Apr 6 14:26:02 aer213130 hello world test1 guoxain1 Apr 6 14:26:03 aer213130 hello world test1 guoxain1 Apr 6 14:26:04 aer213130 hello world test1 guoxain1 小结论:说明syslog-ng在日志内容发生回滚的时候挺健壮的(不过在发送应用日志的时候需要继续测试) 2) 配置文件修改(/data/workspace/syslog-ng/etc/syslog-ng.conf )这个配置已经通过(128的接受端是syslogd ,能够进行接受),测试步骤与上一个测试差不多就不做具体书写了(发现一个现象,syslogd一样的信息好像就不进行接受了)