首页 > 代码库 > syslog-ng 配置(tcp协议)

syslog-ng 配置(tcp协议)

一、概况

两台服务器,都安装syslog-ng,一台服务端,一台客户端;

server:192.168.209.19

client:192.168.209.18

二、安装

采用yum安装,执行:

yum -y install syslog-ng

完成之后,重启syslog-ng服务,service syslog-ng restart报错:

Plugin module not found in ‘module-path‘; module-path=‘/lib64/syslog-ng‘, module=‘afsql‘

解决方法:

yum install -y syslog-ng-libdbi

会安装以下两个软件包

libdbi-0.8.3-4.el6.x86_64

syslog-ng-libdbi-3.2.5-4.el6.x86_64

 

三、配置文件修改

服务端如下:

options {

        flush_lines (0);

        time_reopen (10);

        log_fifo_size (1000);

        long_hostnames (off);

        use_dns (no);

        use_fqdn (no);

        create_dirs (no);

        keep_hostname (yes);

};

 

#Define source

source s_network {

        tcp(ip(0.0.0.0) port(514));

};

 

#Define filter rules

#filter f_local0 { level(info..emerg); };

 

#Define destination file path

destination d_local0 { file("/var/log/local0.log"  perm(0755) dir_perm(0755) create_dirs(yes)); };

 

# Write to destination files

log { source(s_network); destination(d_local0); };

简单的服务端配置,没有定义filter,直接接收所有的日志;

客户端如下:

options {

        flush_lines (0);

        time_reopen (10);

        log_fifo_size (1000);

        long_hostnames (off);

        use_dns (no);

        use_fqdn (no);

        create_dirs (no);

        keep_hostname (yes);

};

 

source s_sys {

        unix-stream ("/dev/log");

        internal();

};

 

 

filter f_auth { facility(auth); };

 

destination center_log_server { tcp("192.168.209.19" port(514)); };

 

log { source(s_sys); filter(f_auth); destination(center_log_server); };

 

简单配置:

source告知日志来源于/dev/logunix-stream 打开指定的SOCK_STREAM模式的unix套接字,接收日志消息internalsyslog本身产生日志);

定义filterauth策略;

告知日志服务器为192.168.209.19,端口为514,tcp协议。

 

syslog-ng 配置(tcp协议)