syslog-ng (日誌集中管理)

原創 aaqq3561 2020-06-21 16:06


1、syslog-ng   日誌服務器,可以從網絡接收日誌,並且把日誌寫文本或者數據庫中
2、LAMP    用於發佈php頁面,並且使用mysql來存儲從客戶端發過來的日誌
3、php-syslog-ng  日誌查詢前端,使用php編寫的頁面
4、syslog-ng-client  日誌收集客戶端,用於在客戶把日誌收集並且通過網絡方式發送給日誌服務器


日誌服務器的邏輯:
syslog-ng-client-->syslog-ng-server-->mysqld-->php-syslog-ng(php查詢頁面)

client端邏輯:
source s_local {kernel/programe}-->destination(d_messages)/destination(d_logserver)


server端的邏輯:
local/remote-->syslog-ng-server-->destination(d_mysql)
       1、/var/log/mysql.pipe(管道文件)
       2、template
       3、while.sh-->mysqld
       4、IE/firefox-->httpd-->php(select.php)-->mysqld.syslog.logs

 

2)日誌服務器
# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
options {
};
source s_local {
        internal();
        unix-stream("/dev/log");
        file("/proc/kmsg" program_override("kernel"));
};
destination d_mysql {
   pipe("/var/log/mysql.pipe"
      template("INSERT INTO logs
      (host, facility, priority, level, tag, datetime, program, msg)
      VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
        source(s_local);
        destination(d_mysql);
};

 vim /opt/syslog-ng/syslog2mysql.sh    --讀取日誌存放至mysql服務器
#!/bin/bash

if [ ! -e /var/log/mysql.pipe ]
then
   mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
   mysql -u root --password=123 syslog < /var/log/mysql.pipe >/dev/null
done

# chmod +x /opt/syslog-ng/syslog2mysql.sh
# nohup /opt/syslog-ng/syslog2mysql.sh &

 

# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
options {
};
source s_local {
        internal();
        unix-stream("/dev/log");
        file("/proc/kmsg" program_override("kernel"));
        udp(
                ip(0.0.0.0)
                port(514)
        );
        tcp(
                ip(0.0.0.0)
                port(514)
        );
};
destination d_mysql {
   pipe("/var/log/mysql.pipe"
      template("INSERT INTO logs
      (host, facility, priority, level, tag, datetime, program, msg)
      VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
        source(s_local);
        destination(d_mysql);
};

# /etc/init.d/syslog-ng restart
# netstat -tunlp |grep :514
tcp        0      0 0.0.0.0:514                0.0.0.0:*                   LISTEN      18204/syslog-ng    
udp        0      0 0.0.0.0:514                 0.0.0.0:*                               18204/syslog-ng    

 

# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/phpsyslogng/scripts">
    Deny from all
</Directory>
<Directory "/var/www/phpsyslogng/includes">
    Deny from all
</Directory>
<Directory "/var/www/phpsyslogng/config">
    Deny from all
</Directory>

# service httpd restart

 

syslog-client

# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0

options {
};
source s_local {
        internal();
        unix-stream("/dev/log");
        file("/proc/kmsg" program_override("kernel"));
};

destination d_messages { file("/var/log/messages"); };
destination d_logserver { udp("192.168.0.1");};

log {
        source(s_local);
        destination(d_messages);
        destination(d_logserver);
};

# service syslog-ng restart

1)編輯滾動腳本,告訴這個腳本php-syslog-ng安裝在系統中哪個目錄
# vim /var/www/html/scripts/logrotate.php
$APP_ROOT = '/var/www/html';


# /usr/bin/php /var/www/html/scripts/logrotate.php  --執行日誌滾動

Starting logrotate
2012-09-05 10:05:26
Log rotate ended successfully.
Now optimizing the old logs.
Getting list of log tables.
Searching for tables to drop.
Creating merge table.

2012-09-05 10:05:26
All done!


mysql> show tables;
+------------------+
| Tables_in_syslog |
+------------------+
| actions          |
| all_logs         |
| cemdb            |
| logs             |
| logs20120905     |
| search_cache     |
| user_access      |
| users            |
+------------------+
8 rows in set (0.00 sec)


2)修改當前的日期,再次滾動
# date -s 2012-09-06

# /usr/bin/php /var/www/html/scripts/logrotate.php

Starting logrotate
2012-09-06 00:00:21
Log rotate ended successfully.
Now optimizing the old logs.
Getting list of log tables.
Searching for tables to drop.
Creating merge table.

2012-09-06 00:00:21
All done!

 

3)配置保留30個最新日誌記錄
# vim /var/www/html/config/config.php
   7 define('LOGROTATERETENTION', 30);

打補丁:
# wget ftp://192.168.0.254/notes/softwares/project/syslog-ng/logrotate.patch -P /root
# cd /var/www/html/scripts
# patch -p1 ./logrotate.php < /root/logrotate.patch
missing header for unified diff at line 3 of patch
patching file ./logrotate.php
Hunk #1 succeeded at 70 with fuzz 2.


4)配置自動滾動(每3天)
# crontab -e
00 05 */3 * * /usr/bin/php /var/www/html/scripts/logrotate.php &> /dev/null

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Nginx web服務器

aaqq3561 2020-02-21 12:35:00

tomcat+jdk搭建

aaqq3561 2020-02-21 12:35:00

日誌統計

aaqq3561 2020-02-21 12:34:59

Nginx web服務器

aaqq3561 2020-02-21 12:35:00

tomcat+jdk搭建

aaqq3561 2020-02-21 12:35:00

日誌統計

aaqq3561 2020-02-21 12:34:59