Syslog-ng on CentOS 6

Sep 15, 2017 01:39


Server side Syslog-ng installation

vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 514 -j ACCEPT

yum install epel-release
yum install syslog-ng syslog-ng-libdbi -y

vi /etc/syslog-ng/syslog-ng.conf

@version:3.2 options { long_hostnames(off); log_msg_size(8192); flush_lines(1); log_fifo_size(20480); time_reopen(10); # use_dns(yes); use_dns(no); # dns_cache(yes); # use_fqdn(yes); use_fqdn(no); keep_hostname(yes); chain_hostnames(no); perm(0644); stats_freq(43200); };
source s_internal { internal(); }; destination d_syslognglog { file("/var/log/syslog-ng.log"); }; log { source(s_internal); destination(d_syslognglog); };
source s_local { unix-dgram("/dev/log"); file("/proc/kmsg" program_override("kernel:")); };
filter f_messages { level(info..emerg); }; filter f_secure { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_emerg { level(emerg); }; filter f_spooler { level(crit..emerg) and facility(uucp, news); }; filter f_local7 { facility(local7); };
destination d_messages { file("/var/log/messages"); }; destination d_secure { file("/var/log/secure"); }; destination d_maillog { file("/var/log/maillog"); }; destination d_cron { file("/var/log/cron"); }; destination d_console { usertty("root"); }; destination d_spooler { file("/var/log/spooler"); }; destination d_bootlog { file("/var/log/demsg"); };
log {source(s_local); filter(f_emerg); destination(d_console); }; log {source(s_local); filter(f_secure); destination(d_secure); flags(final); }; log {source(s_local); filter(f_mail); destination(d_maillog); flags(final); }; log {source(s_local); filter(f_cron); destination(d_cron); flags(final); }; log {source(s_local); filter(f_spooler); destination(d_spooler); }; log {source(s_local); filter(f_local7); destination(d_bootlog); }; log {source(s_local); filter(f_messages); destination(d_messages); };
source s_remote { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); };
destination r_console {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/console" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_secure {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_cron {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_spooler {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_bootlog {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/bootlog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_messages {file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
log { source(s_remote); filter(f_emerg); destination(r_console); }; log { source(s_remote); filter(f_secure); destination(r_secure); flags(final); }; log { source(s_remote); filter(f_cron); destination(r_cron); flags(final); }; log { source(s_remote); filter(f_spooler); destination(r_spooler); }; log { source(s_remote); filter(f_local7); destination(r_bootlog); }; log { source(s_remote); filter(f_messages); destination(r_messages); };
mkdir /var/log/syslog-ng
chkconfig rsyslog off
chkconfig --list rsyslog
chkconfig syslog-ng on
chkconfig --list syslog-ng
service rsyslog stop
service syslog-ng restart

Client configuration

yum install epel-release -y
#CentOS6
yum install syslog-ng syslog-ng-libdbi -y
or
#CentOS5
yum install syslog-ng-y

echo 'destination pnjsvmon01v {udp("192.168.1.60" port(514));};' >> /etc/syslog-ng/syslog-ng.conf echo 'log { source(s_sys); destination(srvmon01v); };' >> /etc/syslog-ng/syslog-ng.conf
#CentOS
chkconfig rsyslog off
chkconfig --list rsyslog
chkconfig syslog-ng on
chkconfig --list syslog-ng
service rsyslog stop
service syslog-ng restart
or
#SLES11
/etc/init.d/syslog restart

Originally published at trichev.com/blog. You can comment here or there.

#sles11, #centos5, #centos6, #centos, работа, it, syslog-ng, linux, work, syslog

Previous post Next post
Up