php远程写syslog,syslog实现远程nginx日志服务

系统：Centos 6.3

补丁作者：https://github.com/yaoweibin(很牛)

提及：菲哥提及到的kdump，有需要的可以参考哦，我还没研究~

接《Syslog日志中心服务(centos)》这篇文章

当然nginx这个补丁有很详细的步骤https://github.com/yaoweibin/nginx_syslog_patch/blob/master/README(作者写的也很详细了英文我看不懂，可以直接看着操作)

下载nginx和nginx针对syslog的补丁

wget http://nginx.org/download/nginx-1.3.13.tar.gz

到这里点zip下载，或者使用git下载都可以 https://github.com/yaoweibin/nginx_syslog_patch

解压缩两个包(如何解压请百度 or 谷歌)

cd nginx-1.3.13

patch -p1 < ../nginx_syslog_patch-master/syslog_1.3.11.patch

./configure --prefix=/usr/local/nginx/ --add-module=../nginx_syslog_patch-master/ && make && make install

【广告patch】

{

-p或--strip=< 剥离层级> 设置欲剥离几层路径名称。

patch -p0 (“p”指的是路径，后面的数字表示去掉路径的第几部分。"0"，表示不去掉，为全路径)

patch -p1 (“p”后面的数字"1"，表示去掉前第一个路径)

例子：

-p1 則將 / 取消, 得 usr/src/linux

-p2 則是將 /usr/ 取消, 得 src/linux

}

接下来是配置nginx的配置文件，进入到nginx的安装目录的conf下面编辑nginx.conf文件

cd /usr/local/nginx/conf/

vim nginx.conf

编辑后内容如下(如果用的是include导入虚拟主机的话，可以设置全局或者是在单独的虚拟主机配置文件内修改)：

==EXAMPLE==

worker_processes 1;

#syslog logcal6 nginx这个很重要哦，只写一次就可以，当然也要看你放在哪里了

syslog local6 nginx;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] $request '

'"$status" $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

server {

listen 80;

server_name localhost;

#send the log to syslog and file.

access_log syslog:notice|logs/kinggoo.access.log main;

error_log syslog:notice|logs/kinggoo.error.log;

location / {

root html;

index index.html index.htm;

}

}

server {

listen 80;

server_name www.example.com;

access_log syslog:warn|logs/host2.access.log main;

error_log syslog:warn|logs/host2.error.log;

location / {

root html;

index index.html index.htm;

}

}

server {

listen 80;

server_name www.test.com;

#send the log just to syslog.

access_log syslog:error main;

error_log syslog:error;

location / {

root html;

index index.html index.htm;

}

}

}

测试nginx配置文件是否没问题，如没问题则启动nginx

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/nginx

在《Syslog日志中心服务(centos)》这篇文章中，客户端syslog.conf文件的配置有添加以下两处配置项，将其注释掉

*.* /var/log/nginx_access.log

#*.* local0.info @服务器1

改为

local6.info /usr/local/nginx/logs/abc.*.log

local6.info @服务器1

重修修改后的服务

service syslog restart

测试一下，两侧数据相同，OK

参考资料：

==DIRECTIVES==

===SYSLOG===

Sytax: syslog auth|authpriv|cron|daemon|ftp|kern|local0-7|lpr|mail|news|syslog|user|uucp [program_name]

Default: none

Context: main

Enable the syslog and set its facility. The default program name is nginx.

===ERROR_LOG===

Syntax: error_log [syslog[:emerg|alert|crit|error|warn|notice|info|debug]]['|'file] [ debug | info | notice | warn | error | crit ]

Default: ${prefix}/logs/error.log

Context: main, http, server, location

Enable the error_log with the syslog and set its priority. The default priority is error. The error log can be sent to syslog, file or both.

Note: if you set the error_log directive in the main block, the syslog is switched on by default.

===ACCESS_LOG===

Syntax: access_log off|[syslog[:emerg|alert|crit|error|warn|notice|info|debug]]['|'path] [format [buffer=size]]]

Default: access_log logs/access.log combined

Context: http, server, location

Enable the access_log with the syslog and set its priority. The default priority is notice. The access log can be sent to syslog, file or both.

－　ＴＨＥ　ＥＮＤ　－