1、syslog-ng 日誌服務器,可以從網絡接收日誌,並且把日誌寫文本或者數據庫中
2、LAMP 用於發佈php頁面,並且使用mysql來存儲從客戶端發過來的日誌
3、php-syslog-ng 日誌查詢前端,使用php編寫的頁面
4、syslog-ng-client 日誌收集客戶端,用於在客戶把日誌收集並且通過網絡方式發送給日誌服務器
日誌服務器的邏輯:
syslog-ng-client-->syslog-ng-server-->mysqld-->php-syslog-ng(php查詢頁面)
client端邏輯:
source s_local {kernel/programe}-->destination(d_messages)/destination(d_logserver)
server端的邏輯:
local/remote-->syslog-ng-server-->destination(d_mysql)
1、/var/log/mysql.pipe(管道文件)
2、template
3、while.sh-->mysqld
4、IE/firefox-->httpd-->php(select.php)-->mysqld.syslog.logs
2)日誌服務器
# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
options {
};
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
source(s_local);
destination(d_mysql);
};
vim /opt/syslog-ng/syslog2mysql.sh --讀取日誌存放至mysql服務器
#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root --password=123 syslog < /var/log/mysql.pipe >/dev/null
done
# chmod +x /opt/syslog-ng/syslog2mysql.sh
# nohup /opt/syslog-ng/syslog2mysql.sh &
# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
options {
};
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
udp(
ip(0.0.0.0)
port(514)
);
tcp(
ip(0.0.0.0)
port(514)
);
};
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
source(s_local);
destination(d_mysql);
};
# /etc/init.d/syslog-ng restart
# netstat -tunlp |grep :514
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN 18204/syslog-ng
udp 0 0 0.0.0.0:514 0.0.0.0:* 18204/syslog-ng
# vim /etc/httpd/conf/httpd.conf
<Directory "/var/www/phpsyslogng/scripts">
Deny from all
</Directory>
<Directory "/var/www/phpsyslogng/includes">
Deny from all
</Directory>
<Directory "/var/www/phpsyslogng/config">
Deny from all
</Directory>
# service httpd restart
syslog-client
# vim /opt/syslog-ng/etc/syslog-ng.conf
@version: 3.0
options {
};
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel"));
};
destination d_messages { file("/var/log/messages"); };
destination d_logserver { udp("192.168.0.1");};
log {
source(s_local);
destination(d_messages);
destination(d_logserver);
};
# service syslog-ng restart
1)編輯滾動腳本,告訴這個腳本php-syslog-ng安裝在系統中哪個目錄
# vim /var/www/html/scripts/logrotate.php
$APP_ROOT = '/var/www/html';
# /usr/bin/php /var/www/html/scripts/logrotate.php --執行日誌滾動
Starting logrotate
2012-09-05 10:05:26
Log rotate ended successfully.
Now optimizing the old logs.
Getting list of log tables.
Searching for tables to drop.
Creating merge table.
2012-09-05 10:05:26
All done!
mysql> show tables;
+------------------+
| Tables_in_syslog |
+------------------+
| actions |
| all_logs |
| cemdb |
| logs |
| logs20120905 |
| search_cache |
| user_access |
| users |
+------------------+
8 rows in set (0.00 sec)
2)修改當前的日期,再次滾動
# date -s 2012-09-06
# /usr/bin/php /var/www/html/scripts/logrotate.php
Starting logrotate
2012-09-06 00:00:21
Log rotate ended successfully.
Now optimizing the old logs.
Getting list of log tables.
Searching for tables to drop.
Creating merge table.
2012-09-06 00:00:21
All done!
3)配置保留30個最新日誌記錄
# vim /var/www/html/config/config.php
7 define('LOGROTATERETENTION', 30);
打補丁:
# wget
ftp://192.168.0.254/notes/softwares/project/syslog-ng/logrotate.patch -P /root
# cd /var/www/html/scripts
# patch -p1 ./logrotate.php < /root/logrotate.patch
missing header for unified diff at line 3 of patch
patching file ./logrotate.php
Hunk #1 succeeded at 70 with fuzz 2.
4)配置自動滾動(每3天)
# crontab -e
00 05 */3 * * /usr/bin/php /var/www/html/scripts/logrotate.php &> /dev/null