# cd /usr/src/redhat/SOURCES # wget http://gsd.di.uminho.pt/jpo/software/RPMS/libol-0.3.16-1.src.rpm # rpmbuild --rebuild libol-0.3.16-1.src.rpm # cd ../RPMS/i386 # rpm -Uvh libol-0.3.16-1.i386.rpm libol-devel-0.3.16-1.i386.rpm |
# cd ../SOURCES # wget http://gsd.di.uminho.pt/jpo/software/RPMS/syslog-ng-1.6.7-2.src.rpm # rpmbuild --rebuild syslog-ng-1.6.7-2.src.rpm # cd ../RPMS/i386 # rpm -Uvh syslog-ng-1.6.7-2.i386.rpm |
# cd ../SOURCES # wget http://gsd.di.uminho.pt/jpo/software/RPMS/syslog-ng-1.6.7-2.src.rpm # rpm -Uvh syslog-ng-1.6.7-2.src.rpm # cd ../SPECS # vi syslog-ng.spec (snip) %post # only rpm -i (not rpm {-U|-F}) if [ $1 = 1 ]; then /sbin/chkconfig syslog off 2> /dev/null || : /sbin/chkconfig --add syslog-ng #/sbin/service syslog stop 2> /dev/null || : #/sbin/service syslog-ng start fi %preun # only rpm -e (not rpm {-U|-F}) if [ $1 = 0 ]; then /sbin/chkconfig syslog reset 2> /dev/null || : #/sbin/service syslog-ng stop #/sbin/service syslog start 2> /dev/null || : /sbin/chkconfig --del syslog-ng fi (snip) [Esc]、[:]、[w]、[q]を押す。 # rpmbuid -ba syslog-ng.spec # cd ../RPMS/i386 # rpm -Uvh syslog-ng-1.6.7-2.i386.rpm |
No. 項 目 概 要 1 source syslog-ngのログ受信に関する設定(source-driver) 2 filter syslogのフィルタ処理に関する設定 3 distnation フィルタリング後のログの出力に関する設定 4 log source、filterとdestnationの関連付けに関する設定 5 option syslog-ngの動作に関する各種オプション
source src { internal(); unix-dgram("/dev/log"); unix-dgram("/var/lib/dhcp/dev/log"); unix-dgram("/var/lib/named/dev/log"); unix-dgram("/var/lib/ntp/dev/log"); #udp(ip("0.0.0.0") port(514)); }; |
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); internal(); unix-stream ("/dev/log"); # udp(ip(0.0.0.0) port(514)); }; |
filter f_console { level(warn) and facility(kern) or level(err) and not facility(authpriv); }; filter f_newsnotice { level(notice) and facility(news); }; filter f_newscrit { level(crit) and facility(news); }; filter f_newserr { level(err) and facility(news); }; filter f_news { facility(news); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_warn { level(warn, err, crit); }; filter f_alert { level(alert); }; filter f_messages { not facility(news, mail); }; filter f_local { facility(local0, local1, local2, local3, local4, local5, local6, local7); }; filter f_iptables { facility(kern) and match("IN=") and match("OUT="); }; |
#filter f_filter1 { facility(kern); }; filter f_filter2 { level(info..emerg) and not facility(mail,authpriv,cron); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_filter7 { facility(local7); }; filter f_filter8 { facility(cron); }; |
destination console { file("/dev/tty10"); }; destination xconsole { pipe("/dev/xconsole"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination mail { file("/var/log/mail"); }; destination localmessages { file("/var/log/localmessages"); }; destination messages { file("/var/log/messages"); }; destination warn { file("/var/log/warn"); }; |
destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" sync(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_mlal { usertty("*"); }; |
log { source(src); filter(f_console); destination(console); }; log { source(src); filter(f_console); destination(xconsole); }; log { source(src); filter(f_newscrit); destination(newscrit); }; log { source(src); filter(f_newserr); destination(newserr); }; log { source(src); filter(f_newsnotice); destination(newserr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_local); destination(localmessages); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_warn); destination(warn); }; |
#log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; log { source(s_sys); filter(f_filter7); destination(d_boot); }; log { source(s_sys); filter(f_filter8); destination(d_cron); }; |
パラメータ 概 要 設定値 long_hostnames ログ出力のホスト名の前にsourceで定義した名前(src/s_sys)を付加するかどうかの指定。元もとのホスト名だけにするならoffとする。 off sync ログをファイルに書き込む前にバッファするメッセージ数の指定。一気に大量のメッセージを処理するsyslogサーバならいざ知らず、自宅サーバなのでここは、発生の都度書き込むので0とする。 0 stats syslog-ng自身が出力するレポートで、syncでログの出力バッファリングした時に出力に失敗したログ数をレポートする。sync(0)でバッファしないならstats(0)で出力停止でよい。 0
options { long_hostnames(off); sync(0); stats(0); }; |
options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); stats(0); }; |
# BA8000/MN8300W messages in one filelog
source router { udp(ip("192.168.1.100") port(514)); };
destination d_routerlog { file("/var/log/router"); };
filter f_routerlog { host(192.168.1.1) and level(info..emerg); };
log { source(router); filter(f_routerlog); destination(d_routerlog); };
# FTP Login failure
destination d_ftp_mail { program("/usr/local/bin/mail.cgi"); };
destination d_ftp_filter { program("/usr/local/bin/filter.cgi"); };
filter f_ftp_login_failure { program("proftpd") and match("Authentication failure"); };
log { source(src); filter(f_ftp_login_failure); destination(d_ftp_mail); };
log { source(src); filter(f_ftp_login_failure); destination(d_ftp_filter); };
[エラー無しの場合]
# syslog-ng -s
#
[エラー有りの場合]
# syslog-ng -s
syntax error at 14
Parse error reading configuration file, exiting. (line 14)
# chkconfig --list | grep syslog syslog-ng 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off # service syslog stop # service syslog-ng start |