-
下载yum源
-
yum -y install syslog-ng syslog-ng-*
-
yum -y install GeoIPGeoIP-devel libesmtp-devel libhiredis hiredis hiredis-devel json-c-devel flex flex-devel libjvm libdbi-devel libdbi-dbd-* glib byacc byacc-devel glib2 glib2-devel libdbi systemd json-c logrotate libxslt
-
1
server端配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
@version:3.2
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (no);
};
source
s_sys {
file
(
"/proc/kmsg"
program_override(
"kernel: "
));
unix-stream (
"/dev/log"
);
internal();
udp(ip(0.0.0.0) port(514));
};
source
s_net { tcp(ip(0.0.0.0) port(514) max-connections(1000) ); udp ( ); };
destination d_cons {
file
(
"/dev/console"
); };
destination d_mysql {
file
(
"/data/${HOST}/${FACILITY}/${PROGRAM}.log"
create_dirs(
yes
) ); };
destination d_mesg {
file
(
"/var/log/messages"
); };
destination d_auth {
file
(
"/var/log/secure"
); };
destination d_mail {
file
(
"/var/log/maillog"
flush_lines(10)); };
destination d_spol {
file
(
"/var/log/spooler"
); };
destination d_boot {
file
(
"/var/log/boot.log"
); };
destination d_cron {
file
(
"/var/log/cron"
); };
destination d_kern {
file
(
"/var/log/kern"
); };
destination d_mlal { usertty(
"*"
); };
destination d_redis {
redis(
host(
"localhost"
)
port(6379)
command
(
"lpush"
,
"${HOST}_${PROGRAM}"
,
"${MESSAGE}"
)
);
};
destination d_sql {
sql(
type
(mysql)
host(
"192.168.1.11"
) username(
"d"
) password(
"d"
)
database(
"dd"
)
table(
"messages"
)
columns(
"datetime varchar(16)"
,
"host varchar(32)"
,
"program varchar(20)"
,
"pid varchar(8)"
,
"message varchar(200)"
)
values(
"${R_DATE}"
,
"${HOST}"
,
"${PROGRAM}"
,
"${PID}"
,
"${MSGONLY}"
)
indexes(
"datetime"
,
"host"
,
"program"
,
"pid"
,
"message"
));
};
filter f_kernel { facility(kern); };
filter f_user { facility(user); };
filter f_match { host(
"192.168.1."
)};
filter f_default { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(
cron
)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(
cron
); };
log {
source
(s_sys); filter(f_kernel); destination(d_kern); };
log {
source
(s_net); filter(f_match); destination(d_mysql); };
log {
source
(s_net); filter(f_match); destination(d_sql); };
log {
source
(s_net); filter(f_match); destination(d_redis); };
log {
source
(s_sys); filter(f_auth); destination(d_auth); };
log {
source
(s_sys); filter(f_mail); destination(d_mail); };
log {
source
(s_sys); filter(f_emergency); destination(d_mlal); };
log {
source
(s_sys); filter(f_news); destination(d_spol); };
log {
source
(s_sys); filter(f_boot); destination(d_boot); };
log {
source
(s_sys); filter(f_cron); destination(d_cron); };
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
5 客户端配置
@version:3.2
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (
yes
);
};
source
s_sys {
file
(
"/proc/kmsg"
program_override(
"kernel: "
));
unix-stream (
"/dev/log"
);
internal();
};
source
s_test_udp {
file
(
"/var/lib/mysql/logs/mysql_slow.log"
program_override(
"mysql_slowlog: "
));
};
source
s_messages_udp {
file
(
"/var/log/messages"
program_override(
"sys_messages: "
));
};
destination d_cons {
file
(
"/dev/console"
); };
destination d_mesg {
file
(
"/var/log/messages"
); };
destination d_auth {
file
(
"/var/log/secure"
); };
destination d_mail {
file
(
"/var/log/maillog"
flush_lines(10)); };
destination d_spol {
file
(
"/var/log/spooler"
); };
destination d_boot {
file
(
"/var/log/boot.log"
); };
destination d_cron {
file
(
"/var/log/cron"
); };
destination d_kern {
file
(
"/var/log/kern"
); };
destination d_mlal { usertty(
"*"
); };
destination d_test_udp { udp(
"192.168.1.12"
port(514)); };
filter f_kernel { facility(kern); };
filter f_Query_time { level(info..emerg); };
filter f_default { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(
cron
)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(
cron
); };
log {
source
(s_sys); filter(f_kernel); destination(d_kern); };
log {
source
(s_messages_udp); filter(f_Query_time); destination(d_test_udp); };
log {
source
(s_sys); filter(f_default); destination(d_mesg); };
log {
source
(s_sys); filter(f_auth); destination(d_auth); };
log {
source
(s_sys); filter(f_mail); destination(d_mail); };
log {
source
(s_sys); filter(f_emergency); destination(d_mlal); };
log {
source
(s_sys); filter(f_news); destination(d_spol); };
log {
source
(s_sys); filter(f_boot); destination(d_boot); };
log {
source
(s_sys); filter(f_cron); destination(d_cron); };
|
本文转自 tianshuai369 51CTO博客,原文链接:http://blog.51cto.com/kkkkkk/1717889
477
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
