Benutzer-Werkzeuge

Webseiten-Werkzeuge


syslog-ng.conf

===== syslog-ng.conf ===== In Ubuntu liegt die Datei hier: "/etc/syslog-ng/syslog-ng.conf" **globaler Bereich:** options { # disable the chained hostname format in logs # (default is enabled) chain_hostnames(0); # # the time to wait before a died connection is re-established # (default is 60) time_reopen(10); # # the time to wait before an idle destination file is closed # (default is 60) time_reap(360); # # the number of lines buffered before written to file # you might want to increase this if your disk isn't catching with # all the log messages you get or if you want less disk activity # (say on a laptop) # (default is 0) sync(0); # # the number of lines fitting in the output queue log_fifo_size(2048); # # enable or disable directory creation for destination files create_dirs(yes); # # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) #owner(root); group(adm); perm(0640); # # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) #dir_owner(root); #dir_group(root); dir_perm(0755); # # enable or disable DNS usage # syslog-ng blocks on DNS queries, so enabling DNS may lead to # a Denial of Service attack # (default is yes) #use_dns(no); use_dns(yes); dns_cache(yes); # # maximum length of message in bytes # this is only limited by the program listening on the /dev/log Unix # socket, glibc can handle arbitrary length log messages, but -- for # example -- syslogd accepts only 1024 bytes # (default is 2048) #log_msg_size(2048); # #Disable statistic log messages. stats_freq(0); # # Some program send log messages through a private implementation. # and sometimes that implementation is bad. If this happen syslog-ng # may recognise the program name as hostname. Whit this option # we tell the syslog-ng that if a hostname match this regexp than that # is not a real hostname. bad_hostname("^gconfd$"); }; **hier wird die Quelle definiert** Wichtig ist hier die Zeile mit "tcp"! source s_all { # message generated by Syslog-NG internal(); # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel file("/proc/kmsg" log_prefix("kernel: ")); # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) udp(); tcp(ip(0.0.0.0) port(514) max-connections(100)); }; **hier wird noch in das klassische Log-File geschrieben (kann auf Wunsch entfernt werden)** destination d_syslog { file("/var/log/syslog" owner("root") group("adm") perm(0640)); }; log { source(s_all); destination(d_syslog); }; **hier wird in eine MySQL-DB geschrieben** ### MySQL (Tabelle "$YEAR-$MONTH") destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs_$YEAR$MONTH (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL','$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(s_all); destination(d_mysql); };

syslog-ng.conf.txt · Zuletzt geändert: 2016/04/13 00:50 (Externe Bearbeitung)