Syslog-ng 與 Mysql結合
發表於 : 週四 2月 16, 2006 5:35 pm
OS:Fedora Core2
採用RPM安裝
1.安裝syslog
wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm
wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm
rpm -ivh 安裝...
/etc/rc.d/init.d/syslog stop
關閉原本的syslog
/etc/rc.d/init.d/syslog-ng start
啟動syslog-ng
2.設定mysql
建立syslog-ng使用的資料庫
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY(seq),
KEY host(host),
KEY seq(seq),
KEY program(program),
KEY time(time),
KEY date(date),
KEY priority(priority),
KEY facility(facility)
)TYPE=MyISAM;
3.修改syslog-ng.conf
Client端:
#client configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_logserver { tcp("IP") port(10514));
log { source(s_sys); destination(d_logserver);};
Server端 :
#server configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
source s_net {tcp(ip(0.0.0.0) port(10514));
udp(); };
destination d_mysql {pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host,facility,priority,level,tag,date,time,program,msg) VALUES ('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC','$PROGRAM','$MSG');\n") template-escape(yes));
};
log { source(s_sys); source(s_net); destination(d_mysql); };
4.建立mysql.pipe
mkfifo /tmp/mysql.pipe
/etc/rc.d/init.d/syslog-ng restart
5.將資料寫入mysql
syslog-ng.sh內容:
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u root syslog < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
存檔後chmod a+x syslog-ng.sh設成可執行,
第一次啟動
./syslog-ng.sh &
加入 /etc/rc.local裡,使開機可以自動執行
6.安裝php-syslog-ng
wget http://unc.dl.sourceforge.net/sourcefor ... 5.1.tar.gz
tar -zxvf php-syslog-ng-2.5.1.tar.gz
cd php-syslog-ng-2.5.1
cp -R web /var/www/html
修改/var/www/html/syslog/includes/db_fns.php
修改DB_HOST,DB_USERNAME,DB_PASSWORD
註:如果你想把php-syslog-ng放在子目錄下的話,需再修改index.php及result.php之檔案路徑,最上方的三行include裡
採用RPM安裝
1.安裝syslog
wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm
wget http://www.silfreed.net/download/repo/p ... 2.i386.rpm
rpm -ivh 安裝...
/etc/rc.d/init.d/syslog stop
關閉原本的syslog
/etc/rc.d/init.d/syslog-ng start
啟動syslog-ng
2.設定mysql
建立syslog-ng使用的資料庫
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY(seq),
KEY host(host),
KEY seq(seq),
KEY program(program),
KEY time(time),
KEY date(date),
KEY priority(priority),
KEY facility(facility)
)TYPE=MyISAM;
3.修改syslog-ng.conf
Client端:
#client configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_logserver { tcp("IP") port(10514));
log { source(s_sys); destination(d_logserver);};
Server端 :
#server configuration
source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
source s_net {tcp(ip(0.0.0.0) port(10514));
udp(); };
destination d_mysql {pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host,facility,priority,level,tag,date,time,program,msg) VALUES ('$HOST','$FACILITY','$PRIORITY','$LEVEL','$TAG','$YEAR-$MONTH-$DAY','$HOUR:$MIN:$SEC','$PROGRAM','$MSG');\n") template-escape(yes));
};
log { source(s_sys); source(s_net); destination(d_mysql); };
4.建立mysql.pipe
mkfifo /tmp/mysql.pipe
/etc/rc.d/init.d/syslog-ng restart
5.將資料寫入mysql
syslog-ng.sh內容:
#!/bin/bash
if [ -e /tmp/mysql.pipe ]; then
while [ -e /tmp/mysql.pipe ]
do
mysql -u root syslog < /tmp/mysql.pipe
done
else
mkfifo /tmp/mysql.pipe
fi
存檔後chmod a+x syslog-ng.sh設成可執行,
第一次啟動
./syslog-ng.sh &
加入 /etc/rc.local裡,使開機可以自動執行
6.安裝php-syslog-ng
wget http://unc.dl.sourceforge.net/sourcefor ... 5.1.tar.gz
tar -zxvf php-syslog-ng-2.5.1.tar.gz
cd php-syslog-ng-2.5.1
cp -R web /var/www/html
修改/var/www/html/syslog/includes/db_fns.php
修改DB_HOST,DB_USERNAME,DB_PASSWORD
註:如果你想把php-syslog-ng放在子目錄下的話,需再修改index.php及result.php之檔案路徑,最上方的三行include裡