syslog-ng的强大功能在此呈现
首先切换到/etc目录
cd /etc
vi log.profile
- #日志存放路径
- PT=/var/log/ipwall/
- #客户端白名单(以逗号分割)
- IP=192.168.2.1,192.168.2.30
- #磁盘剩余空间大小(单位GB)
- SP=10
- #日志转储切割大小(单位MB)
- SZ=50
vi syslog-ng.example
- @version: 3.2
- #版本号具体数值参考 /etc/syslog-ng/syslog-ng.conf 文件第一行
-
-
options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
-
owner("root"); group("adm"); perm(0640); stats_freq(0);
-
bad_hostname("^gconfd$");
-
};
-
-
source s_net { udp(ip(0.0.0.0) port(514)); };
-
-
destination d_session { file("__PATH__/$HOST/session/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_url { file("__PATH__/$HOST/url/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_qq { file("__PATH__/$HOST/QQ/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_msn { file("__PATH__/$HOST/msn/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_alipay { file("__PATH__/$HOST/alipay/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_dns { file("__PATH__/$HOST/dns/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_pop3 { file("__PATH__/$HOST/pop3/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
destination d_others { file("__PATH__/$HOST/others/messages.log" perm(0777) dir_perm(0777) create_dirs(yes)); };
-
-
filter f_local3 { level(info) and facility(local3); };
-
filter f_host { host("__IP__"); };
-
filter f_session { level(info) and facility(local1) and filter(f_host); };
-
filter f_url { level(info) and facility(local2) and filter(f_host); };
-
filter f_qq { filter(f_local3) and message(^qq) and filter(f_host); };
-
filter f_msn { filter(f_local3) and message(^msn) and filter(f_host); };
-
filter f_alipay { filter(f_local3) and message(^alipay) and filter(f_host); };
-
filter f_dns { filter(f_local3) and message(^dns) and filter(f_host); };
-
filter f_pop3 { filter(f_local3) and message(^pop3) and filter(f_host); };
-
filter f_others { not facility(local1, local2, local3) and filter(f_host); };
-
-
log { source(s_net); filter(f_session); destination(d_session); };
-
log { source(s_net); filter(f_url); destination(d_url); };
-
log { source(s_net); filter(f_qq); destination(d_qq); };
-
log { source(s_net); filter(f_msn); destination(d_msn); };
-
log { source(s_net); filter(f_alipay); destination(d_alipay); };
-
log { source(s_net); filter(f_dns); destination(d_dns); };
-
log { source(s_net); filter(f_pop3); destination(d_pop3); };
- log { source(s_net); filter(f_others); destination(d_others); };
vi logrotate.example
-
__PATH__/__IP__/session/messages.log {
-
missingok
-
rotate 65535
-
create 0777 syslog adm
-
compress
-
size __SZ__M
-
dateext
-
dateformat .%s
-
postrotate
-
/bin/kill -HUP
$(/bin/cat /var/run/syslog-ng.pid
2>/dev/null) &>/dev/null -
endscript
-
}
-
-
__PATH__/__IP__/url/messages.log {
-
missingok
-
rotate 65535
-
create 0777 syslog adm
-
compress
-
size __SZ__M
-
dateext
-
dateformat .%s
-
postrotate
-
/bin/kill -HUP
$(/bin/cat /var/run/syslog-ng.pid
2>/dev/null) &>/dev/null -
endscript
-
}
-
-
__PATH__/__IP__/QQ/messages.log {
-
missingok
-
rotate 65535
-
create 0777 syslog adm
-
compress
-
size __SZ__M
-
dateext
-
dateformat .%s
-
postrotate
-
/bin/kill -HUP
$(/bin/cat /var/run/syslog-ng.pid
2>/dev/null) &>/dev/null -
endscript
-
}
-
-
__PATH__/__IP__/msn/messages.log {
-
missingok
-
rotate 65535