转自:http://blog.sina.com.cn/s/blog_4a071ed80100cssu.html
日志服务器安装指南
一、希望达到的目的
二、日志主机安装和配置
1.安装syslog-ng:
安装前准备:(操作系统为:centos 4.7)
#cd /usr/local/src
配置/etc/yum.repos.d/CentOS-Base.repo
添加:
[dag]
name=Dag RPM Repostory for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
gpgkey=http://apt.sw.be/packages/RPM-GPG-KEY.dag.txt
开始安装syslog-ng
#rpm -ivh libdb*
#rpm -ivh libevtlog0-0.2.8-1.i386.rpm
#rpm -ivh syslog-ng-2.1.3-1.i386.rpm
#rpm -ivh msttcorefonts-2.0-1.noarch.rpm
# mkdir -p /usr/share/fonts/truetype/msttcorefonts/
# cp /usr/X11R6/lib/X11/fonts/truetype/verdana* /usr/share/fonts/truetype/msttcorefonts/.
配置 syslog-ng:
# vi /etc/syslog-ng/syslog-ng.conf
options {
long_hostnames(off);
log_msg_size(8192);
sync(1);
log_fifo_size(20480);
time_reopen(10);
use_dns(yes);
dns_cache(yes);
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
perm(0644);
stats(43200);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
source s_local {
};
filter f_messages { level(info..emerg); };
filter f_secure { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_cron { facility(cron); };
filter f_emerg { level(emerg); };
filter f_spooler { level(crit..emerg) and facility(uucp, news); };
filter f_local7 { facility(local7); };
destination d_messages { file("/var/log/messages"); };
destination d_secure { file("/var/log/secure"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_cron { file("/var/log/cron"); };
destination d_console { usertty("root"); };
destination d_spooler { file("/var/log/spooler"); };
destination d_bootlog { file("/var/log/boot.log"); };
log { source(s_local); filter(f_emerg); destination(d_console); };
log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };
log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_local); filter(f_spooler); destination(d_spooler); };
log { source(s_local); filter(f_local7); destination(d_bootlog); };
log { source(s_local); filter(f_messages); destination(d_messages); };
# Remote logging
source s_remote {
};
destination r_console {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_secure {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_cron {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_spooler {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_bootlog {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
destination r_messages {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));};
log { source(s_remote); filter(f_emerg); destination(r_console); };
log { source(s_remote); filter(f_secure); destination(r_secure); flags(final); };
log { source(s_remote); filter(f_cron); destination(r_cron); flags(final); };
log { source(s_remote); filter(f_spooler); destination(r_spooler); };
log { source(s_remote); filter(f_local7); destination(r_bootlog); };
log { source(s_remote); filter(f_messages); destination(r_messages); };
启动 syslog-ng:
# /etc/rc.d/init.d/syslog-ng restart
验证:#netstat -an |grep 514
tcp
udp
查看文件:
#tail –f /var/log/syslog-ng/日期/主机名(或IP地址)/message
2. 安装MySQL:
#yum install -y mysql-server
#/etc/rc.d/init.d/mysqld start
3. 安装php-syslog-ng,以便将日志写入 MySQL 数据库中:
下载最新版php-syslog-ng
#yum install php-gd php-mysql
#wget http://php-syslog-ng.gdd.net/current.tgz
#tar zxvf php-syslog-ng-2.9.8l.tgz –C /var/www/html/.
#cd /var/www/html/
#mv php-syslog-ng html
#chown –R apache:apache html
#cd scripts
替换脚本中的文件实际路径(方法:perl -i -pe 's/\/www\/php-syslog-ng/\<newpath>/g' *)
#perl -i -pe 's/\/www\/php-syslog-ng/\/var\/www\/html/g' *
修改 syslog-ng.conf 文件,在最后添加下面几行:
destination d_mysql {
program("/usr/bin/mysql -usyslogadmin -psyslogadmin syslog"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
log {
source(s_remote);
destination(d_mysql);
};
修改/etc/php.ini文件
将display_errors = Off更改为display_errors = On ;
将magic_quotes_gpc = Off更改为magic_quotes_gpc = On ;
将memory_limit = 8M更改为memory_limit = 256M ;
将max_execution_time = 30更改为max_execution_time = 90
然后重启httpd
# /etc/rc.d/init.d/httpd restart
在浏览器输入http://日志服务器ip地址/html
Screen 1: 点击next开始安装;
Screen 3: 输入数据库ROOT用户密码,其它可以保持默认 (你可以不选择 "install sample data" box) ,点击Next 继续;
Screen 5: 输入email地址和admin的密码外,其它可以保持默认,点击next继续;
Screen 6: 如果选择安装用于收集Cisco ERROR TABLE的数据,将会弹出如下安装对话框;
点击Install CEMDB继续... (如果点击install CEMDB不工作,请使用Firefox进行安装。)
你将看到如下对话框: 点击 "Start Import" 导入 CEMDB数据到数据库.
重启 syslog-ng:
# /etc/rc.d/init.d/syslog-ng restart
验证:现在你应该可以通过 MySQL 客户端软件查看日志了。
配置计划任务
使用php-syslog-ng对日志进行集中管理,其数据量可能是相当巨大的,使用计划任务实现日志循环的问题.
配置计划任务使用crontab -e加入
@daily php /var/www/html/scripts/logrotate.php >> /var/log/syslog-ng/logrotate.log
@daily find /var/www/html/html/jpcache/ -atime 1 -exec rm -f '{}' ';'
*/10 * * * * php /var/www/html/scripts/reloadcache.php >> /var/log/syslog-ng/reloadcache.log
# /etc/rc.d/init.d/crond restart
(1)logrotate.php
对php-syslog-ng中的表进行日志循环,其与系统的logrotate不同。该脚本的执行结果,是把每天的日志表备份起来,并创建一个新的日志表供读写。在crontab下,每天自动执行一次。