Syslog-ng 與 Mysql結合

[布魯斯]

OS：Fedora Core2
採用RPM安裝

1.安裝syslog

wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm
wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm

rpm -ivh 安裝...

/etc/rc.d/init.d/syslog stop
關閉原本的syslog

/etc/rc.d/init.d/syslog-ng start
啟動syslog-ng

2.設定mysql

建立syslog-ng使用的資料庫

CREATE DATABASE syslog;

USE syslog;

CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY(seq),
KEY host(host),
KEY seq(seq),
KEY program(program),
KEY time(time),
KEY date(date),
KEY priority(priority),
KEY facility(facility)
)TYPE=MyISAM;

3.修改syslog-ng.conf

Client端：
#client configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_logserver { tcp("IP") port(10514));

log { source(s_sys); destination(d_logserver);};

Server端 ：
#server configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

source s_net {tcp(ip(0.0.0.0) port(10514));
udp(); };

destination d_mysql {pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host,facility,priority,level,tag,date,time,program,msg) VALUES ('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC','$PROGRAM','$MSG');\n") template-escape(yes));
};

log { source(s_sys); source(s_net); destination(d_mysql); };

4.建立mysql.pipe

mkfifo /tmp/mysql.pipe
/etc/rc.d/init.d/syslog-ng restart

5.將資料寫入mysql

syslog-ng.sh內容：
#!/bin/bash

if [ -e /tmp/mysql.pipe ]; then

while [ -e /tmp/mysql.pipe ]

do

mysql -u root syslog < /tmp/mysql.pipe

done

else

mkfifo /tmp/mysql.pipe

fi

存檔後chmod a+x syslog-ng.sh設成可執行，
第一次啟動
./syslog-ng.sh &
加入 /etc/rc.local裡，使開機可以自動執行

6.安裝php-syslog-ng

wget http://unc.dl.sourceforge.net/sourcefor ... 5.1.tar.gz
tar -zxvf php-syslog-ng-2.5.1.tar.gz
cd php-syslog-ng-2.5.1
cp -R web /var/www/html

修改/var/www/html/syslog/includes/db_fns.php
修改DB_HOST,DB_USERNAME,DB_PASSWORD

註：如果你想把php-syslog-ng放在子目錄下的話，需再修改index.php及result.php之檔案路徑，最上方的三行include裡

[布魯斯]

參考
http://vermeer.org/display_doc.php?doc_id=1