一,syslog-ng服务器安装环境介绍
系统:RHEL5.4
实现目标:将客户端的日志自动保存在服务器端的相应目录,并根据日期,IP地址和日志类型进行分开保存
所需软件:gcc环境,libdbi环境,glib环境,eventlog_0.2.9,libol-0.3.9,syslog-ng_3.0.5
二,安装eventlog_0.2.9
[root@server ~]# cd /tmp/
[root@server tmp]# wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
[root@server tmp]# tar -zxvf eventlog_0.2.9.tar.gz -C /usr/local/software
[root@server tmp]# cd /usr/local/software/eventlog-0.2.9/
[root@server eventlog-0.2.9]# ./configure --prefix=/usr/local/eventlog && make && make install
[root@server eventlog-0.2.9]#ls /usr/local/eventlog/
include lib
三,安装libol-0.3.9
[root@server tmp]# wgethttp://www.balabit.com/downloads/files/libol/0.3/libol-0.3.9.tar.gz
[root@server tmp]# tar -zxvf libol-0.3.9.tar.gz -C /usr/local/software/
[root@server tmp]# cd /usr/local/software/libol-0.3.9/
[root@server libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install
[root@server libol-0.3.9]# ls /usr/local/libol/
bin include lib
四,安装syslog-ng_3.0.5
[root@server tmp]# wget http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.5/source/syslog-ng_3.0.5.tar.gz
[root@server tmp]# tar -zxvf syslog-ng_3.0.5.tar.gz -C /usr/local/syslog-ng/
[root@server tmp]# cd /usr/local/syslog-ng/syslog-ng-3.0.5/
[root@server syslog-ng-3.0.5]# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
[root@server syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make installconfigure: error: Cannot find
eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好,或者根据提示安装glib*,libdbi*)
[root@server syslog-ng-3.0.5]# ls /usr/local/syslog-ng/bin libexec sbin share
[root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc
[root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var
[root@server syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat /usr/local/syslog-ng/etc/syslog-ng.conf
[root@server syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng
五,配置syslog-ng.conf
@version:3.0
options {
long_hostnames (off);
log_msg_size (8192);
flush_lines (1);
time_reopen (10);
log_fifo_size (20480);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
chain_hostnames (no);
perm (0644);
stats_freq (43200);
};
source s_remote {
tcp (ip(0.0.0.0) port(514) );
udp (ip(0.0.0.0) port(514) );
};
destination d_sz { file("/var/log/sz"); };
filter f_sz { level(info..emerg); };
log { source(s_remote); filter(f_sz); destination(d_sz); };
六,syslog-ng的开机自动启动
[root@server syslog-ng-3.0.5]# head -3 /etc/init.d/syslog-ng /
#!/bin/bash
#chkconfig: 35 12 88
#Description: syslog-ng
[root@server syslog-ng-3.0.5]# chkconfig --add syslog-ng
/etc/init.d/syslog-ng还需要修改下面的三个位置
[root@server syslog-ng-3.0.5]# grep ‘PATH‘ /etc/init.d/syslog-ng PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin
[root@server syslog-ng-3.0.5]# grep 'INIT' /etc/init.d/syslog-ng |head -2
INIT_PROG="/usr/local/syslog-ng/sbin/syslog-ng" # Full path to daemon
INIT_OPTS="-f /usr/local/syslog-ng/etc/syslog-ng.conf" # options passed to daemon
七,启动syslog-ng服务器
[root@server syslog-ng-3.0.5]# service syslog-ng start // 注意cd /usr/local/syslog-ng/etc/
Starting syslog-ng: /usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libevtlog.so.0: cannot open shared object file: No such file
or directoryStarting Kernel Logger: 出现此错误是因为共享库链接没做好
[root@server syslog-ng-3.0.5]# ln -s /usr/local/eventlog/lib/* /lib/
出现下面的问题是因为主配置文件中缺少:@version:3.0这行
Starting syslog-ng: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file;
[root@server etc]# service syslog-ng start
Starting Kernel
八,USG2210配置如下
#
info-center source PPP channel 2
info-center source IP channel 2
info-center loghost source GigabitEthernet0/0/0
info-center loghost 172.16.2.111 514 facility local2
系统:RHEL5.4
实现目标:将客户端的日志自动保存在服务器端的相应目录,并根据日期,IP地址和日志类型进行分开保存
所需软件:gcc环境,libdbi环境,glib环境,eventlog_0.2.9,libol-0.3.9,syslog-ng_3.0.5
二,安装eventlog_0.2.9
[root@server ~]# cd /tmp/
[root@server tmp]# wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
[root@server tmp]# tar -zxvf eventlog_0.2.9.tar.gz -C /usr/local/software
[root@server tmp]# cd /usr/local/software/eventlog-0.2.9/
[root@server eventlog-0.2.9]# ./configure --prefix=/usr/local/eventlog && make && make install
[root@server eventlog-0.2.9]#ls /usr/local/eventlog/
include lib
三,安装libol-0.3.9
[root@server tmp]# wgethttp://www.balabit.com/downloads/files/libol/0.3/libol-0.3.9.tar.gz
[root@server tmp]# tar -zxvf libol-0.3.9.tar.gz -C /usr/local/software/
[root@server tmp]# cd /usr/local/software/libol-0.3.9/
[root@server libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install
[root@server libol-0.3.9]# ls /usr/local/libol/
bin include lib
四,安装syslog-ng_3.0.5
[root@server tmp]# wget http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.5/source/syslog-ng_3.0.5.tar.gz
[root@server tmp]# tar -zxvf syslog-ng_3.0.5.tar.gz -C /usr/local/syslog-ng/
[root@server tmp]# cd /usr/local/syslog-ng/syslog-ng-3.0.5/
[root@server syslog-ng-3.0.5]# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
[root@server syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make installconfigure: error: Cannot find
eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好,或者根据提示安装glib*,libdbi*)
[root@server syslog-ng-3.0.5]# ls /usr/local/syslog-ng/bin libexec sbin share
[root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc
[root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var
[root@server syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat /usr/local/syslog-ng/etc/syslog-ng.conf
[root@server syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng
五,配置syslog-ng.conf
@version:3.0
options {
long_hostnames (off);
log_msg_size (8192);
flush_lines (1);
time_reopen (10);
log_fifo_size (20480);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
chain_hostnames (no);
perm (0644);
stats_freq (43200);
};
source s_remote {
tcp (ip(0.0.0.0) port(514) );
udp (ip(0.0.0.0) port(514) );
};
destination d_sz { file("/var/log/sz"); };
filter f_sz { level(info..emerg); };
log { source(s_remote); filter(f_sz); destination(d_sz); };
六,syslog-ng的开机自动启动
[root@server syslog-ng-3.0.5]# head -3 /etc/init.d/syslog-ng /
#!/bin/bash
#chkconfig: 35 12 88
#Description: syslog-ng
[root@server syslog-ng-3.0.5]# chkconfig --add syslog-ng
/etc/init.d/syslog-ng还需要修改下面的三个位置
[root@server syslog-ng-3.0.5]# grep ‘PATH‘ /etc/init.d/syslog-ng PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin
[root@server syslog-ng-3.0.5]# grep 'INIT' /etc/init.d/syslog-ng |head -2
INIT_PROG="/usr/local/syslog-ng/sbin/syslog-ng" # Full path to daemon
INIT_OPTS="-f /usr/local/syslog-ng/etc/syslog-ng.conf" # options passed to daemon
七,启动syslog-ng服务器
[root@server syslog-ng-3.0.5]# service syslog-ng start // 注意cd /usr/local/syslog-ng/etc/
Starting syslog-ng: /usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libevtlog.so.0: cannot open shared object file: No such file
or directoryStarting Kernel Logger: 出现此错误是因为共享库链接没做好
[root@server syslog-ng-3.0.5]# ln -s /usr/local/eventlog/lib/* /lib/
出现下面的问题是因为主配置文件中缺少:@version:3.0这行
Starting syslog-ng: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file;
[root@server etc]# service syslog-ng start
Starting Kernel
八,USG2210配置如下
#
info-center source PPP channel 2
info-center source IP channel 2
info-center loghost source GigabitEthernet0/0/0
info-center loghost 172.16.2.111 514 facility local2