下载yum源
yum -y install syslog-ng syslog-ng-*
yum -y install GeoIPGeoIP-devel libesmtp-devel libhiredis hiredis hiredis-devel json-c-devel flex flex-devel libjvm libdbi-devel libdbi-dbd-* glib byacc byacc-devel glib2 glib2-devel libdbi systemd json-c logrotate libxslt
server端配置
@version:3.2 options { flush_lines (0); time_reopen (10); log_fifo_size (1000); chain_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (no); }; source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); }; source s_net { tcp(ip(0.0.0.0) port(514) max-connections(1000) ); udp ( ); }; destination d_cons { file("/dev/console"); }; destination d_mysql { file("/data/${HOST}/${FACILITY}/${PROGRAM}.log" create_dirs(yes) ); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; destination d_redis { redis( host("localhost") port(6379) command("lpush", "${HOST}_${PROGRAM}", "${MESSAGE}") ); }; destination d_sql { sql(type(mysql) host("192.168.1.11") username("d") password("d") database("dd") table("messages") columns("datetime varchar(16)", "host varchar(32)", "program varchar(20)", "pid varchar(8)", "message varchar(200)") values("${R_DATE}", "${HOST}", "${PROGRAM}", "${PID}", "${MSGONLY}") indexes("datetime", "host", "program", "pid", "message")); }; filter f_kernel { facility(kern); }; filter f_user { facility(user); }; filter f_match { host("192.168.1.")}; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; log { source(s_sys); filter(f_kernel); destination(d_kern); }; log { source(s_net); filter(f_match); destination(d_mysql); }; log { source(s_net); filter(f_match); destination(d_sql); }; log { source(s_net); filter(f_match); destination(d_redis); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); };
5 客户端配置 @version:3.2 options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); }; source s_test_udp { file ("/var/lib/mysql/logs/mysql_slow.log" program_override("mysql_slowlog: ")); }; source s_messages_udp { file ("/var/log/messages" program_override("sys_messages: ")); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; destination d_test_udp { udp("192.168.1.12" port(514)); }; filter f_kernel { facility(kern); }; filter f_Query_time { level(info..emerg); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; log { source(s_sys); filter(f_kernel); destination(d_kern); }; log { source(s_messages_udp); filter(f_Query_time); destination(d_test_udp); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); };
原文地址:http://kkkkkk.blog.51cto.com/468162/1717889