syslog-ng搭建集中日志服务器

syslog-ng的强大功能在此呈现

首先切换到/etc目录
cd /etc

vi log.profile
  1. #日志存放路径
  2. PT=/var/log/ipwall/

  3. #客户端白名单(以逗号分割)
  4. IP=192.168.2.1,192.168.2.30

  5. #磁盘剩余空间大小(单位GB)
  6. SP=10

  7. #日志转储切割大小(单位MB)
  8. SZ=50

vi syslog-ng.example
  1. @version: 3.2
  2. #版本号具体数值参考 /etc/syslog-ng/syslog-ng.conf 文件第一行

  3. options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
  4.           owner("root"); group("adm"); perm(0640); stats_freq(0);
  5.           bad_hostname("^gconfd$");
  6. };

  7. source s_net { udp(ip(0.0.0.0) port(514)); };

  8. destination d_session { file("__PATH__/$HOST/session/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  9. destination d_url { file("__PATH__/$HOST/url/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  10. destination d_qq { file("__PATH__/$HOST/QQ/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  11. destination d_msn { file("__PATH__/$HOST/msn/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  12. destination d_alipay { file("__PATH__/$HOST/alipay/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  13. destination d_dns { file("__PATH__/$HOST/dns/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  14. destination d_pop3 { file("__PATH__/$HOST/pop3/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
  15. destination d_others { file("__PATH__/$HOST/others/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };

  16. filter f_local3 { level(info) and facility(local3); };
  17. filter f_host { host("__IP__"); };
  18. filter f_session { level(info) and facility(local1) and filter(f_host); };
  19. filter f_url { level(info) and facility(local2) and filter(f_host); };
  20. filter f_qq { filter(f_local3) and message(^qq) and filter(f_host); };
  21. filter f_msn { filter(f_local3) and message(^msn) and filter(f_host); };
  22. filter f_alipay { filter(f_local3) and message(^alipay) and filter(f_host); };
  23. filter f_dns { filter(f_local3) and message(^dns) and filter(f_host); };
  24. filter f_pop3 { filter(f_local3) and message(^pop3) and filter(f_host); };
  25. filter f_others { not facility(local1, local2, local3) and filter(f_host); };

  26. log { source(s_net); filter(f_session); destination(d_session); };
  27. log { source(s_net); filter(f_url); destination(d_url); };
  28. log { source(s_net); filter(f_qq); destination(d_qq); };
  29. log { source(s_net); filter(f_msn); destination(d_msn); };
  30. log { source(s_net); filter(f_alipay); destination(d_alipay); };
  31. log { source(s_net); filter(f_dns); destination(d_dns); };
  32. log { source(s_net); filter(f_pop3); destination(d_pop3); };
  33. log { source(s_net); filter(f_others); destination(d_others); };

vi logrotate.example
  1. __PATH__/__IP__/session/messages.log {
  2.         missingok
  3.         rotate 65535
  4.         create 0777 syslog adm
  5.         compress
  6.         size __SZ__M
  7.         dateext
  8.         dateformat .%s
  9.         postrotate
  10.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  11.         endscript
  12. }

  13. __PATH__/__IP__/url/messages.log {
  14.         missingok
  15.         rotate 65535
  16.         create 0777 syslog adm
  17.         compress
  18.         size __SZ__M
  19.         dateext
  20.         dateformat .%s
  21.         postrotate
  22.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  23.         endscript
  24. }

  25. __PATH__/__IP__/QQ/messages.log {
  26.         missingok
  27.         rotate 65535
  28.         create 0777 syslog adm
  29.         compress
  30.         size __SZ__M
  31.         dateext
  32.         dateformat .%s
  33.         postrotate
  34.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  35.         endscript
  36. }

  37. __PATH__/__IP__/msn/messages.log {
  38.         missingok
  39.         rotate 65535
  40.         create 0777 syslog adm
  41.         compress
  42.         size __SZ__M
  43.         dateext
  44.         dateformat .%s
  45.         postrotate
  46.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  47.         endscript
  48. }

  49. __PATH__/__IP__/alipay/messages.log {
  50.         missingok
  51.         rotate 65535
  52.         create 0777 syslog adm
  53.         compress
  54.         size __SZ__M
  55.         dateext
  56.         dateformat .%s
  57.         postrotate
  58.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  59.         endscript
  60. }

  61. __PATH__/__IP__/dns/messages.log {
  62.         missingok
  63.         rotate 65535
  64.         create 0777 syslog adm
  65.         compress
  66.         size __SZ__M
  67.         dateext
  68.         dateformat .%s
  69.         postrotate
  70.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  71.         endscript
  72. }

  73. __PATH__/__IP__/pop3/messages.log {
  74.         missingok
  75.         rotate 65535
  76.         create 0777 syslog adm
  77.         compress
  78.         size __SZ__M
  79.         dateext
  80.         dateformat .%s
  81.         postrotate
  82.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  83.         endscript
  84. }

  85. __PATH__/__IP__/others/messages.log {
  86.         missingok
  87.         rotate 65535
  88.         create 0777 syslog adm
  89.         compress
  90.         size __SZ__M
  91.         dateext
  92.         dateformat .%s
  93.         postrotate
  94.         /bin/kill -HUP $(/bin/cat /var/run/syslog-ng.pid 2>/dev/null) &>/dev/null
  95.         endscript
  96. }

vi syslog.install
  1. #/bin/bash

  2. . /etc/log.profile
  3. cd /etc
  4. rm -/etc/logrotate.d/ipwall
  5. PT=${PT%%/}
  6. [ -d $PT ] || mkdir -p $PT
  7. NUM=$(awk -vRS=, 'END{print NR}' <<<$IP)
  8. CRON=/var/spool/cron/crontabs/root
  9. SED_F(){
  10.     sed "s,__PATH__,$PT,;s,__IP__,$1,;s,__SZ__,$SZ," logrotate.example >> /etc/logrotate.d/ipwall
  11. }

  12. if [[ $NUM == 1 ]];then
  13.     NIP=$(sed 's/.*/^&$/' <<<$IP)
  14.     SED_F $IP
  15. else
  16.     NIP=$(sed 's/.*/^&$/;s/,/$\\\\|^/g' <<<$IP)
  17.     awk -vRS=",|\n" '1' <<<$IP | while read LINE;do SED_F $LINE;done
  18. fi

  19. sed "s,__PATH__,$PT,;s,__IP__,$NIP," syslog-ng.example > /etc/syslog-ng/syslog-ng.conf

  20. service syslog-ng restart 1>/dev/null

  21. chmod 755 /etc/rotate /etc/monipartition
  22. [ -f $CRON ] && sed -i '/rotate\|monipartition/d' /var/spool/cron/crontabs/root
  23. echo -"* * * * * /etc/rotate\n10 0 * * * /etc/monipartition" >> /var/spool/cron/crontabs/root

  24. exit 0

vi rotate
  1. #!/bin/bash

  2. . /etc/log.profile

  3. MOVE_F(){
  4.         cd $1
  5.         ls *.gz 2>/dev/null|/usr/bin/awk -F"_" 'NR==1{i=$1;system("mkdir -p "i"")}{if($1==i)system("mv "$0" "i"")}'
  6. }

  7. /usr/sbin/logrotate /etc/logrotate.conf

  8. /usr/bin/find $PT -name "messages.log.*.gz" | /usr/bin/awk -F'messages\\.log\\.' '{split($NF,a,".");system("mv "$0" "$1"`date -d \"@"a[1]"\" +%Y-%m-%d_%H-%M`.gz")}'

  9. /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do MOVE_F $LINE;done

  10. exit 0

vi monipartition
  1. #!/bin/bash

  2. . /etc/log.profile

  3. SPACE=$(df $PT | awk 'NR==2{print $4}')
  4. SP=$(($SP*100000))

  5. RM_F(){
  6.     cd $1
  7.     ls -*/ 2>/dev/null | awk 'NR==1{system("rm -rf "$0"")}'
  8. }

  9. [[ $SPACE -le $SP ]] && /usr/bin/find $PT -maxdepth 2 -type d | /bin/sed 'N;/^\(.\+\)\n\1/!P;D' | while read LINE;do RM_F $LINE;done

  10. exit 0

文件全部保存在 /etc 目录下,给安装脚本 syslog.install 加执行权限,执行该脚本。
ubuntu 11.04  syslog-ng 3.13 测试通过,如果是syslog-ng 3.1.2 版本请把配置文件的版本号改为: @version :  3 . 0

参考网站:
http://en.gentoo-wiki.com/wiki/Syslog-ng
https://wiki.archlinux.org/index.php/Syslog-ng

你可能感兴趣的:(session,filter,File,System,Path,cron)