Syslog-ng日志服务器收集USG2210网关设备日志信息
一,syslog-ng服务器安装环境介绍 系统:RHEL5.4 实现目标:将客户端的日志自动保存在服务器端的相应目录,并根据日期,IP地址和日志类型进行分开保存 所需软件:gcc环境,libdbi环境,glib环境,eventlog_0.2.9,libol-0.3.9,syslog-ng_3.0.5 二,安装eventlog_0.2.9 [root@server ~]# cd /tmp/ [root@server tmp]# wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz [root@server tmp]# tar -zxvf eventlog_0.2.9.tar.gz -C /usr/local/software [root@server tmp]# cd /usr/local/software/eventlog-0.2.9/ [root@server eventlog-0.2.9]# ./configure --prefix=/usr/local/eventlog && make && make install [root@server eventlog-0.2.9]#ls /usr/local/eventlog/ include lib 三,安装libol-0.3.9 [root@server tmp]# wgethttp://www.balabit.com/downloads/files/libol/0.3/libol-0.3.9.tar.gz [root@server tmp]# tar -zxvf libol-0.3.9.tar.gz -C /usr/local/software/ [root@server tmp]# cd /usr/local/software/libol-0.3.9/ [root@server libol-0.3.9]# ./configure --prefix=/usr/local/libol && make && make install [root@server libol-0.3.9]# ls /usr/local/libol/ bin include lib 四,安装syslog-ng_3.0.5 [root@server tmp]# wget http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.5/source/syslog-ng_3.0.5.tar.gz [root@server tmp]# tar -zxvf syslog-ng_3.0.5.tar.gz -C /usr/local/syslog-ng/ [root@server tmp]# cd /usr/local/syslog-ng/syslog-ng-3.0.5/ [root@server syslog-ng-3.0.5]# export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig [root@server syslog-ng-3.0.5]# ./configure --prefix=/usr/local/syslog-ng --with-libol=/usr/local/libol && make && make installconfigure: error: Cannot find eventlog version >= 0.2: is pkg-config in path? (若出现这个错误,基本上是由于前面的PKG_CONFIG_PATH变量没指定好,或者根据提示安装glib*,libdbi*) [root@server syslog-ng-3.0.5]# ls /usr/local/syslog-ng/bin libexec sbin share [root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/etc [root@server syslog-ng-3.0.5]# mkdir /usr/local/syslog-ng/var [root@server syslog-ng-3.0.5]# cp contrib/syslog-ng.conf.RedHat /usr/local/syslog-ng/etc/syslog-ng.conf [root@server syslog-ng-3.0.5]# cp contrib/init.d.RedHat /etc/init.d/syslog-ng 五,配置syslog-ng.conf @version:3.0 options { long_hostnames (off); log_msg_size (8192); flush_lines (1); time_reopen (10); log_fifo_size (20480); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); chain_hostnames (no); perm (0644); stats_freq (43200); }; source s_remote { tcp (ip(0.0.0.0) port(514) ); udp (ip(0.0.0.0) port(514) ); }; destination d_sz { file("/var/log/sz"); }; filter f_sz { level(info..emerg); }; log { source(s_remote); filter(f_sz); destination(d_sz); }; 六,syslog-ng的开机自动启动 [root@server syslog-ng-3.0.5]# head -3 /etc/init.d/syslog-ng / #!/bin/bash #chkconfig: 35 12 88 #Description: syslog-ng [root@server syslog-ng-3.0.5]# chkconfig --add syslog-ng /etc/init.d/syslog-ng还需要修改下面的三个位置 [root@server syslog-ng-3.0.5]# grep ‘PATH‘ /etc/init.d/syslog-ng PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/syslog-ng/bin:/usr/local/syslog-ng/sbin [root@server syslog-ng-3.0.5]# grep 'INIT' /etc/init.d/syslog-ng |head -2 INIT_PROG="/usr/local/syslog-ng/sbin/syslog-ng" # Full path to daemon INIT_OPTS="-f /usr/local/syslog-ng/etc/syslog-ng.conf" # options passed to daemon 七,启动syslog-ng服务器 [root@server syslog-ng-3.0.5]# service syslog-ng start // 注意cd /usr/local/syslog-ng/etc/ Starting syslog-ng: /usr/local/syslog-ng/sbin/syslog-ng: error while loading shared libraries: libevtlog.so.0: cannot open shared object file: No such file or directoryStarting Kernel Logger: 出现此错误是因为共享库链接没做好 [root@server syslog-ng-3.0.5]# ln -s /usr/local/eventlog/lib/* /lib/ 出现下面的问题是因为主配置文件中缺少:@version:3.0这行 Starting syslog-ng: Configuration file has no version number, assuming syslog-ng 2.1 format. Please add @version: maj.min to the beginning of the file; [root@server etc]# service syslog-ng start Starting Kernel 八,USG2210配置如下 # info-center source PPP channel 2 info-center source IP channel 2 info-center loghost source GigabitEthernet0/0/0 info-center loghost 172.16.2.111 514 facility local2