°Ô½Ã¹° 260°Ç
   
[Redhat] syslog-ng ¼³Á¤Çϱâ
±Û¾´ÀÌ : theko ³¯Â¥ : 2014-04-17 (¸ñ) 13:35 Á¶È¸ : 7890

1. ¼­¹ö ¼³Ä¡

 - ±âÁ¸¿¡ ÀÖ´Â syslog ³ª rsyslog »èÁ¦ ÈÄ ÁøÇà

1) syslog-ng ¼³Ä¡
  - ¾Æ·¡¿Í °°ÀÌ ÇØ´çµÇ´Â ÆÐÅ°Áö¸¦ ¼³Ä¡ °¢3°³

eventlog-0.2.12-1.el5.i386.rpm
libnet-1.1.5-1.el5.i386.rpm
syslog-ng-2.1.4-9.el5.i386.rpm
---------------------------------------
syslog-ng-2.1.4-9.el5.x86_64.rpm
eventlog-0.2.12-1.el5.x86_64.rpm
libnet-1.1.5-1.el5.x86_64.rpm



2) Ŭ¶óÀ̾ðÆ® ¼­¹ö(·Î±×Àü¼ÛÇÒ ¼­¹ö)
# vi /etc/syslog-ng/syslog-ng.conf



# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925
gb@sysfive.com
#
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<
Frank.Crawford@ac3.com.au
>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (yes);
          #use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (no);
          #keep_hostname (yes);
        };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" perm(0644)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
#destination d_http_access { file("/var/log/http/access_log"); };
#destination d_http_error { file("/var/log/http/error_log"); };
destination d_mlal { usertty("*"); };
destination d_xinetd { file("/var/log/xinetd.log"); };
destination d_logsrv { udp("192.168.0.93" port(514)); };    // Ãß°¡

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or facility(authpriv) or facility(cron) or match("httpd\\: "));
 };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter40     { facility(mail) and not match("spam[c-d]\\["); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7) and not match("httpd\\[.+
\\[error\\] ");};
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(local2); };
#filter f_http_access     { match("httpd\\: "); };
#filter f_http_error     { facility(local7) and match("httpd\\[.+
\\[error\\] "); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_logsrv); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter2); destination(d_logsrv); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter3); destination(d_logsrv); };
log { source(s_sys); filter(f_filter40); destination(d_mail); };
log { source(s_sys); filter(f_filter4); destination(d_logsrv); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter8); destination(d_logsrv); };
log { source(s_sys); filter(f_filter9); destination(d_logsrv); };


# /etc/init.d/syslog-ng restart


2) ·Î±× ¼­¹ö(·Î±×Àü¼Û¹ÞÀ» ¼­¹ö)

#mkdir /var/log/HOSTS   // ·Î±×½×ÀÏ µð·ºÅ丮»ý¼º


# vi /etc/syslog-ng/syslog-ng.conf

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          #keep_hostname (no);
          keep_hostname (yes);
        };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" perm(0644)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
estination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_xinetd { file("/var/log/xinetd.log"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or facility(authpriv) or facility(cron) or match("httpd\\: "));
 };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter40     { facility(mail) and not match("spam[c-d]\\["); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7) and not match("httpd\\[.+ \\[error\\] ");};
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(local2); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter40); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };


## add config

source s_aplusit {
        udp(ip(0.0.0.0) port(514));
};

destination d_filter1 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/kern/kern-$DAY"); };
destination d_filter2 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/message/message-$DAY"); };
destination d_filter3 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/auth/auth-$DAY"); };
destination d_filter4 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/mail/mail-$DAY"); };
destination d_filter5 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/tty/tty-$DAY"); };
destination d_filter6 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/spool/spool-$DAY"); };
destination d_filter7 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/boot/boot-$DAY"); };
destination d_filter8 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/cron/cron-$DAY"); };
destination d_filter9 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/filter9/filter9-$DAY"); };
log { source (s_aplusit); filter(f_filter1); destination (d_filter1);};
log { source (s_aplusit); filter(f_filter2); destination (d_filter2);};
log { source (s_aplusit); filter(f_filter3); destination (d_filter3);};
log { source (s_aplusit); filter(f_filter4); destination (d_filter4);};
log { source (s_aplusit); filter(f_filter5); destination (d_filter5);};
log { source (s_aplusit); filter(f_filter6); destination (d_filter6);};
log { source (s_aplusit); filter(f_filter7); destination (d_filter7);};
log { source (s_aplusit); filter(f_filter8); destination (d_filter8);};
log { source (s_aplusit); filter(f_filter9); destination (d_filter9);};


# /etc/init.d/syslog-ng restart


À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

miwit.com sir.co.kr DNS Powered by DNSEver.com DNS Powered by DNSEver.com