侧边栏壁纸
  • 累计撰写 72 篇文章
  • 累计创建 36 个标签
  • 累计收到 8 条评论

目 录CONTENT

文章目录

Linxu Syslog-ng 安装和配置

散漫的老何
2022-07-02 / 0 评论 / 0 点赞 / 33 阅读 / 3,808 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-07-02,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

Linxu Syslog-ng 安装和配置

概述

环境:CentOS Linux release 7.9.2009 (Core)

段落引用syslog-ng的一个设计原则就是建立更好的消息过滤粒度。

另一个设计原则是更容易进行不同防火墙网段的信息转发,它支持主机链,即使日志消息经过了许多计算机的转发,也可以找出原发主机地址和整个转发链。

最后的一个设计原则就是尽量使配置文件强大和简洁。

syslog-ng作为syslog的替代工具,可以完全替代syslog的服务,并且通过定义规则,实现更好的过滤功能。

本文简单介绍syslog-ng日志集中管理服务部署及配置情况。

1.syslog-ng安装

syslog-ng支持yum安装和rpm离线安装两种方式

1.1) yum安装

1) 安装epel-release-latest-7.noarch.rpm生成epelyum源

​ Extra Packages for Enterprise Linux (EPEL)存储库包含许多有用的包,这些包不包含在RHEL中。这个repo提供了一些 syslog-ng的依赖项。您可以通过下载和安装RPM包来启用它(对于 EPEL7,将8替换为7):

[root@linuxsyslogserver opt]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
--2022-07-01 10:56:19--  https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Resolving dl.fedoraproject.org (dl.fedoraproject.org)... 38.145.60.22, 38.145.60.24, 38.145.60.23
Connecting to dl.fedoraproject.org (dl.fedoraproject.org)|38.145.60.22|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15608 (15K) [application/x-rpm]
Saving to: ‘epel-release-latest-7.noarch.rpm’

100%[=====================================================================================================================>] 15,608      60.2KB/s   in 0.3s 

2022-07-01 10:56:20 (60.2 KB/s) - ‘epel-release-latest-7.noarch.rpm’ saved [15608/15608]

[root@linuxsyslogserver opt]# ll
total 40
-rw-r--r--. 1 root root 15608 Sep  4  2021 epel-release-latest-7.noarch.rpm
[root@linuxsyslogserver opt]# rpm -ivh epel-release-latest-7.noarch.rpm 
warning: epel-release-latest-7.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:epel-release-7-14                ################################# [100%]
[root@linuxsyslogserver opt]# 
[root@linuxsyslogserver yum.repos.d]# ll /etc/yum.repos.d/
total 52
-rw-r--r--. 1 root root 2523 May  4 12:58 CentOS-Base.repo
-rw-r--r--. 1 root root 1664 Apr  7  2020 CentOS-Base.repo.backup
-rw-r--r--. 1 root root 1309 Nov 23  2020 CentOS-CR.repo
-rw-r--r--. 1 root root  649 Nov 23  2020 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  314 Nov 23  2020 CentOS-fasttrack.repo
-rw-r--r--. 1 root root  630 Nov 23  2020 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Nov 23  2020 CentOS-Sources.repo
-rw-r--r--. 1 root root 8515 Nov 23  2020 CentOS-Vault.repo
-rw-r--r--. 1 root root  616 Nov 23  2020 CentOS-x86_64-kernel.repo
-rw-r--r--. 1 root root 1358 Sep  4  2021 epel.repo
-rw-r--r--. 1 root root 1457 Sep  4  2021 epel-testing.repo
[root@linuxsyslogserver yum.repos.d]# 
  • 安装syslog-ng包
[root@linuxsyslogserver yum.repos.d]# yum install syslog-ng -y
BDB2053 Freeing read locks for locker 0x191: 17758/140284236965696
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * epel: mirrors.bfsu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package syslog-ng.x86_64 0:3.5.6-3.el7 will be installed
--> Processing Dependency: ivykis >= 0.36.1 for package: syslog-ng-3.5.6-3.el7.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.29)(64bit) for package: syslog-ng-3.5.6-3.el7.x86_64
--> Processing Dependency: libivykis.so.0(IVYKIS_0.30)(64bit) for package: syslog-ng-3.5.6-3.el7.x86_64
--> Processing Dependency: libevtlog.so.0()(64bit) for package: syslog-ng-3.5.6-3.el7.x86_64
--> Processing Dependency: libivykis.so.0()(64bit) for package: syslog-ng-3.5.6-3.el7.x86_64
--> Processing Dependency: libnet.so.1()(64bit) for package: syslog-ng-3.5.6-3.el7.x86_64
--> Running transaction check
---> Package eventlog.x86_64 0:0.2.13-4.el7 will be installed
---> Package ivykis.x86_64 0:0.36.2-2.el7 will be installed
---> Package libnet.x86_64 0:1.1.6-7.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================================================
 Package                                                Arch                                                Version                                                   Repository                                         Size
==============================================================================================================================================================================================================================
Installing:
 syslog-ng                                              x86_64                                              3.5.6-3.el7                                               epel                                              453 k
Installing for dependencies:
 eventlog                                               x86_64                                              0.2.13-4.el7                                              epel                                               19 k
 ivykis                                                 x86_64                                              0.36.2-2.el7                                              epel                                               35 k
 libnet                                                 x86_64                                              1.1.6-7.el7                                               base                                               59 k

Transaction Summary
==============================================================================================================================================================================================================================
Install  1 Package (+3 Dependent packages)

Total download size: 567 k
Installed size: 1.8 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/eventlog-0.2.13-4.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for eventlog-0.2.13-4.el7.x86_64.rpm is not installed
(1/4): eventlog-0.2.13-4.el7.x86_64.rpm                                                                                                                                                                |  19 kB  00:00:00     
(2/4): ivykis-0.36.2-2.el7.x86_64.rpm                                                                                                                                                                  |  35 kB  00:00:00     
(3/4): libnet-1.1.6-7.el7.x86_64.rpm                                                                                                                                                                   |  59 kB  00:00:00     
(4/4): syslog-ng-3.5.6-3.el7.x86_64.rpm                                                                                                                                                                | 453 kB  00:00:00     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                         676 kB/s | 567 kB  00:00:00     
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
 Userid     : "Fedora EPEL (7) <epel@fedoraproject.org>"
 Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
 Package    : epel-release-7-14.noarch (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
json-c-0.13.1-0.4.el8.x86_64 is a duplicate with json-c-0.11-4.el7_0.x86_64
  Installing : ivykis-0.36.2-2.el7.x86_64                                                                                                              1/4 
  Installing : eventlog-0.2.13-4.el7.x86_64                                                                                                            2/4 
  Installing : libnet-1.1.6-7.el7.x86_64                                                                                                               3/4 
  Installing : syslog-ng-3.5.6-3.el7.x86_64                                                                                                            4/4 
  Verifying  : libnet-1.1.6-7.el7.x86_64                                                                                                               1/4 
  Verifying  : eventlog-0.2.13-4.el7.x86_64                                                                                                            2/4 
  Verifying  : ivykis-0.36.2-2.el7.x86_64                                                                                                              3/4 
  Verifying  : syslog-ng-3.5.6-3.el7.x86_64                                                                                                            4/4 

Installed:
  syslog-ng.x86_64 0:3.5.6-3.el7                  
Dependency Installed:
  eventlog.x86_64 0:0.2.13-4.el7                          ivykis.x86_64 0:0.36.2-2.el7                          libnet.x86_64 0:1.1.6-7.el7                 
  
Complete!
[root@linuxsyslogserver yum.repos.d]# 

syslog-ng 安装成功了!!!

2) 启动syslog-ng服务

[root@linuxsyslogserver yum.repos.d]# systemctl start syslog-ng
[root@linuxsyslogserver yum.repos.d]# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-07-01 11:55:06 EDT; 6s ago
     Docs: man:syslog-ng(8)
 Main PID: 17845 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
           └─17845 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid

Jul 01 11:55:06 linuxsyslogserver systemd[1]: Starting System Logger Daemon...
Jul 01 11:55:06 linuxsyslogserver systemd[1]: Started System Logger Daemon.

3) 安装常见问题

缺少依赖:libjson-c.so.4()(64bit)、libc.so.6(GLIBC_2.28)(64bit)、libivykis.so.0(IVYKIS_0.40)(64bit)问题解决

搜索RPM软件网站:http://rpmfind.net/linux/rpm2html/search.php

CentOS 搜索RPM网站:https://centos.pkgs.org/

[root@syslogserver ~]# yum install syslog-ng
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                                                             | 7.8 kB  00:00:00     
 * base: mirrors.aliyun.com
 * epel: mirrors.bfsu.edu.cn
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
base                                                                                                                             | 3.6 kB  00:00:00     
copr:copr.fedorainfracloud.org:czanik:syslog-ng336                                                                               | 3.3 kB  00:00:00     
epel                                                                                                                             | 4.7 kB  00:00:00     
extras                                                                                                                           | 2.9 kB  00:00:00     
updates                                                                                                                          | 2.9 kB  00:00:00     
(1/3): epel/x86_64/updateinfo                                                                                                    | 1.1 MB  00:00:01     
(2/3): updates/7/x86_64/primary_db                                                                                               |  16 MB  00:00:01     
(3/3): epel/x86_64/primary_db                                                                                                    | 7.0 MB  00:00:01     
Resolving Dependencies
--> Running transaction check
---> Package syslog-ng.x86_64 0:3.36.1-2.el8 will be installed
......
Error: Package: syslog-ng-3.36.1-2.el8.x86_64 (copr:copr.fedorainfracloud.org:czanik:syslog-ng336)
           Requires: libjson-c.so.4()(64bit)
Error: Package: syslog-ng-3.36.1-2.el8.x86_64 (copr:copr.fedorainfracloud.org:czanik:syslog-ng336)
           Requires: libc.so.6(GLIBC_2.28)(64bit)
Error: Package: syslog-ng-3.36.1-2.el8.x86_64 (copr:copr.fedorainfracloud.org:czanik:syslog-ng336)
           Requires: libivykis.so.0(IVYKIS_0.40)(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
一、libjson-c.so.4()(64bit)
[root@syslogserver syslog-ng_rpm]# wget http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/json-c-0.13.1-0.4.el8.x86_64.rpm
--2022-06-30 11:47:34--  http://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/json-c-0.13.1-0.4.el8.x86_64.rpm
Resolving rpmfind.net (rpmfind.net)... 195.220.108.108
Connecting to rpmfind.net (rpmfind.net)|195.220.108.108|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 41020 (40K) [application/x-rpm]
Saving to: ‘json-c-0.13.1-0.4.el8.x86_64.rpm’

100%[==================================================================================================================] 41,020      91.4KB/s   in 0.4s 

2022-06-30 11:47:35 (91.4 KB/s) - ‘json-c-0.13.1-0.4.el8.x86_64.rpm’ saved [41020/41020]
[root@syslogserver syslog-ng_rpm]# rpm -ivh json-c-0.13.1-0.4.el8.x86_64.rpm 
warning: json-c-0.13.1-0.4.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:json-c-0.13.1-0.4.el8            ################################# [100%]
[root@syslogserver syslog-ng_rpm]# 
二、libc.so.6(GLIBC_2.28)(64bit)

下载glibc-2.28-164.el8.x86_64.rpm

[root@linuxsyslogserver opt]# wget https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-2.28-164.el8.x86_64.rpm
--2022-07-01 11:08:23--  https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-2.28-164.el8.x86_64.rpm
Resolving vault.centos.org (vault.centos.org)... 18.65.216.43, 18.65.216.65, 18.65.216.32, ...
Connecting to vault.centos.org (vault.centos.org)|18.65.216.43|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3818248 (3.6M) [application/x-rpm]
Saving to: ‘glibc-2.28-164.el8.x86_64.rpm’

100%[===================================================================================================================>] 3,818,248   5.97MB/s   in 0.6s   

2022-07-01 11:08:24 (5.97 MB/s) - ‘glibc-2.28-164.el8.x86_64.rpm’ saved [3818248/3818248]

[root@linuxsyslogserver opt]# rpm -ivh glibc-2.28-164.el8.x86_64.rpm 
warning: glibc-2.28-164.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
error: Failed dependencies:
	glibc-common = 2.28-164.el8 is needed by glibc-2.28-164.el8.x86_64
	glibc-langpack = 2.28-164.el8 is needed by glibc-2.28-164.el8.x86_64
	# 提示缺少glibc-common和glibc-langpack依赖
[root@linuxsyslogserver opt]# 

下载glibc-common-2.28-164.el8.x86_64.rpm

[root@linuxsyslogserver opt]# wget https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-common-2.28-164.el8.x86_64.rpm
--2022-07-01 11:14:23--  https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-common-2.28-164.el8.x86_64.rpm
Resolving vault.centos.org (vault.centos.org)... 18.65.216.70, 18.65.216.32, 18.65.216.43, ...
Connecting to vault.centos.org (vault.centos.org)|18.65.216.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1378856 (1.3M) [application/x-rpm]
Saving to: ‘glibc-common-2.28-164.el8.x86_64.rpm’

100%[=====================================================================================================================>] 1,378,856   3.33MB/s   in 0.4s 

2022-07-01 11:14:24 (3.33 MB/s) - ‘glibc-common-2.28-164.el8.x86_64.rpm’ saved [1378856/1378856]

下载glibc-langpack-en-2.28-164.el8.x86_64.rpm

[root@linuxsyslogserver opt]# wget https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-langpack-en-2.28-164.el8.x86_64.rpm
--2022-07-01 11:18:10--  https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/glibc-langpack-en-2.28-164.el8.x86_64.rpm
Resolving vault.centos.org (vault.centos.org)... 18.65.216.70, 18.65.216.43, 18.65.216.32, ...
Connecting to vault.centos.org (vault.centos.org)|18.65.216.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 847924 (828K) [application/x-rpm]
Saving to: ‘glibc-langpack-en-2.28-164.el8.x86_64.rpm’

100%[=====================================================================================================================>] 847,924     2.44MB/s   in 0.3s 

2022-07-01 11:18:11 (2.44 MB/s) - ‘glibc-langpack-en-2.28-164.el8.x86_64.rpm’ saved [847924/847924]

[root@linuxsyslogserver opt]# 
三、libivykis.so.0(IVYKIS_0.40)(64bit)

1.2) rpm 离线安装

1) 下载syslog-ng rpm 安装包

@ rpm软件包下载地址

wget -O syslog-ng-3.5.6-3.el7.x86_64.rpm --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/s/syslog-ng-3.5.6-3.el7.x86_64.rpm
wget -O eventlog-0.2.13-4.el7.x86_64.rpm --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/e/eventlog-0.2.13-4.el7.x86_64.rpm
wget -O ivykis-0.36.2-2.el7.x86_64.rpm --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/i/ivykis-0.36.2-2.el7.x86_64.rpm
wget -O libnet-1.1.6-7.el7.x86_64.rpm http://mirrors.163.com/centos/7.9.2009/os/x86_64/Packages/libnet-1.1.6-7.el7.x86_64.rpm

[root@linuxsyslogserver syslog-ng]# wget --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/s/syslog-ng-3.5.6-3.el7.x86_64.rpm
--2022-07-01 12:16:10--  https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/s/syslog-ng-3.5.6-3.el7.x86_64.rpm
Resolving mirror.lzu.edu.cn (mirror.lzu.edu.cn)... 202.201.0.160, 2001:da8:c000::160
Connecting to mirror.lzu.edu.cn (mirror.lzu.edu.cn)|202.201.0.160|:443... connected.
WARNING: cannot verify mirror.lzu.edu.cn's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 464128 (453K) [application/x-redhat-package-manager]
Saving to: ‘syslog-ng-3.5.6-3.el7.x86_64.rpm’

100%[===================================================================================================================>] 464,128     1.18MB/s   in 0.4s   

2022-07-01 12:16:10 (1.18 MB/s) - ‘syslog-ng-3.5.6-3.el7.x86_64.rpm’ saved [464128/464128]

[root@linuxsyslogserver syslog-ng]# wget --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/e/eventlog-0.2.13-4.el7.x86_64.rpm
--2022-07-01 12:16:10--  https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/e/eventlog-0.2.13-4.el7.x86_64.rpm
Resolving mirror.lzu.edu.cn (mirror.lzu.edu.cn)... 202.201.0.160, 2001:da8:c000::160
Connecting to mirror.lzu.edu.cn (mirror.lzu.edu.cn)|202.201.0.160|:443... connected.
WARNING: cannot verify mirror.lzu.edu.cn's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 19848 (19K) [application/x-redhat-package-manager]
Saving to: ‘eventlog-0.2.13-4.el7.x86_64.rpm’

100%[========================================================================================================================>] 19,848      --.-K/s   in 0s

2022-07-01 12:16:11 (302 MB/s) - ‘eventlog-0.2.13-4.el7.x86_64.rpm’ saved [19848/19848]

[root@linuxsyslogserver syslog-ng]# wget --no-check-certificate https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/i/ivykis-0.36.2-2.el7.x86_64.rpm
--2022-07-01 12:16:11--  https://mirror.lzu.edu.cn/epel/7/x86_64/Packages/i/ivykis-0.36.2-2.el7.x86_64.rpm
Resolving mirror.lzu.edu.cn (mirror.lzu.edu.cn)... 202.201.0.160, 2001:da8:c000::160
Connecting to mirror.lzu.edu.cn (mirror.lzu.edu.cn)|202.201.0.160|:443... connected.
WARNING: cannot verify mirror.lzu.edu.cn's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
  Issued certificate has expired.
HTTP request sent, awaiting response... 200 OK
Length: 36280 (35K) [application/x-redhat-package-manager]
Saving to: ‘ivykis-0.36.2-2.el7.x86_64.rpm’

100%[====================================================================================================================>] 36,280      --.-K/s   in 0.004s

2022-07-01 12:16:11 (8.36 MB/s) - ‘ivykis-0.36.2-2.el7.x86_64.rpm’ saved [36280/36280]

[root@linuxsyslogserver syslog-ng]# wget http://mirrors.163.com/centos/7.9.2009/os/x86_64/Packages/libnet-1.1.6-7.el7.x86_64.rpm
--2022-07-01 12:14:57--  http://mirrors.163.com/centos/7.9.2009/os/x86_64/Packages/libnet-1.1.6-7.el7.x86_64.rpm
Resolving mirrors.163.com (mirrors.163.com)... 101.71.33.11
Connecting to mirrors.163.com (mirrors.163.com)|101.71.33.11|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 59960 (59K) [application/x-redhat-package-manager]
Saving to: ‘libnet-1.1.6-7.el7.x86_64.rpm’

100%[=====================================================================================================================>] 59,960      --.-K/s   in 0.08s

2022-07-01 12:14:57 (718 KB/s) - ‘libnet-1.1.6-7.el7.x86_64.rpm’ saved [59960/59960]

[root@linuxsyslogserver syslog-ng]# 
[root@linuxsyslogserver syslog-ng]# ll
total 572
-rw-r--r--. 1 root root  19848 Jan 13  2014 eventlog-0.2.13-4.el7.x86_64.rpm
-rw-r--r--. 1 root root  36280 Jan 13  2014 ivykis-0.36.2-2.el7.x86_64.rpm
-rw-r--r--. 1 root root  59960 Jul  3  2014 libnet-1.1.6-7.el7.x86_64.rpm
-rw-r--r--. 1 root root 464128 Dec 30  2015 syslog-ng-3.5.6-3.el7.x86_64.rpm
[root@linuxsyslogserver syslog-ng]# rpm -ivh *.rpm
warning: eventlog-0.2.13-4.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:libnet-1.1.6-7.el7               ################################# [ 25%]
   2:ivykis-0.36.2-2.el7              ################################# [ 50%]
   3:eventlog-0.2.13-4.el7            ################################# [ 75%]
   4:syslog-ng-3.5.6-3.el7            ################################# [100%]
[root@linuxsyslogserver syslog-ng]# 

syslog-ng 安装成功了!!!

2) 启动syslog-ng服务

[root@linuxsyslogserver syslog-ng]# systemctl start syslog-ng
[root@linuxsyslogserver syslog-ng]# systemctl status syslog-ng
● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2022-07-01 12:16:48 EDT; 1s ago
     Docs: man:syslog-ng(8)
 Main PID: 3042 (syslog-ng)
   CGroup: /system.slice/syslog-ng.service
           └─3042 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid

Jul 01 12:16:48 splunk_master systemd[1]: Starting System Logger Daemon...
Jul 01 12:16:48 splunk_master systemd[1]: Started System Logger Daemon.

2.syslog-ng 配置

通常syslog-ng 配置文件保存在/etc/syslog-ng/目录下

# syslog 接收
source source_udp_514 {
	udp(ip(0.0.0.0) port(514));
};

source source_tcp_514 {
	tcp(ip(0.0.0.0) port(515));
};

# 设置数据接收保存路径
destination d_dest_1 {
	file( "/data/log/${HOST}/${SOURCEIP}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes) dir-perm(0755) perm(0644) );
};

destination d_dest_2 {
 	file( "/data/log/${HOST}/${SOURCEIP}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes) dir-perm(0755) perm(0644) );
};

# 日志定义添加由Ryo-Ohki
log { source(source_udp_514); destination(d_dest_1); };
log { source(source_tcp_514); destination(d_dest_2); };

参考文档

https://support.oneidentity.com/zh-cn/technical-documents/syslog-ng-open-source-edition/3.36/administration-guide/11#TOPIC-1768522
https://www.syslog-ng.com/community/b/blog/posts/installing-latest-syslog-ng-on-rhel-and-other-rpm-distributions/

0
广告 广告

评论区