- 论坛徽章:
- 0
|
1.安装syslog-ng
# vi /usr/local/syslog-ng/etc/syslog-ng.conf
options {
use_fqdn(yes);
chain_hostnames(off);
keep_hostname(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
create_dirs(yes);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_rsync { file("/var/log/rsync"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_filter9 { facility(daemon); };
filter f_filter10 { facility(local6); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
# Remote logging
source s_remote {
udp(ip(0.0.0.0) port(514));
};
destination r_mesg { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_auth { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_mail { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/maillog" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_spol { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_boot { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/boot.log" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_cron { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_daemon { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/daemon" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_local6 { file("/var/log/syslog-ng/$YEAR$MONTH$DAY/network/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
#destination d_separatedbyhosts {
# file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
#};
#log { source(s_remote); destination(d_separatedbyhosts); };
log { source(s_remote); filter(f_filter2); destination(r_mesg); };
log { source(s_remote); filter(f_filter3); destination(r_auth); };
log { source(s_remote); filter(f_filter4); destination(r_mail); };
log { source(s_remote); filter(f_filter6); destination(r_spol); };
log { source(s_remote); filter(f_filter7); destination(r_boot); };
log { source(s_remote); filter(f_filter8); destination(r_cron); };
log { source(s_remote); filter(f_filter9); destination(r_daemon); };
log { source(s_remote); filter(f_filter10); destination(r_local6); };
# syslog-ng conf file for use with phpsyslog-ng
#source src {
# unix-stream("/dev/log" max-connections(256));
# internal();
# file("/proc/kmsg");
# tcp();
# udp();
#};
#
#log {
# source(src);
# destination(d_mysql);
#};
#
#destination d_mysql {
# program("/usr/bin/mysql --user=root --password= syslog 把syslog-ng增加到开机启动
#echo "/usr/local/syslog-ng/sbin/syslog-ng" >> /etc/rc.local
2.安装tomcat和java环境请看本人另外的文章。这里主要讲log4j的相关配置,把日志发送给远程syslog-ng服务器
在tomcat的一个应用工程里面vi /.../WEB-INF/classes/log4j.properties
################ write to the file##################
log4j.rootLogger=info,debug,warn,syslog,A1
log4j.appender.A1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.A1.file=/var/log/messages
#log4j.appender.A1.DatePattern=yyyy-MM-dd'.log'
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss, SSS}[%c]-[%p] %m%n
######################## write to the syslog ######################
# Appender to syslog
#log4j.rootCategory=INFO,DEBUG, CONSOLE, FILE, syslog
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
#log4j.appender.syslog.SyslogHost=192.168.76.100 (日志服务器的IP地址)
log4j.appender.syslog.SyslogHost=127.0.0.1
log4j.appender.syslog.Port=514
log4j.appender.syslog.Facility=local5
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=%p: %c{2} - %m%n
修改本地syslog
vi /etc/syslog.conf
local5.* @192.168.76.100(日志服务器的IP地址)
3.windows日志
windows日志不支持syslog格式
下载地址为:
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
解压后是两个文件evtsys.dll和evtsys.exe
把这两个文件拷贝到 c:\windows\system32目录下。
打开Windows命令提示符(开始->运行 输入CMD)
C:\>evtsys –i –h 192.168.76.100 #(日志服务器的IP地址)
-i 表示安装成系统服务
-h 指定log服务器的IP地址
如果要卸载evtsys,则:
net stop evtsys
evtsys -u
启动该服务:
C:\>net start evtsys
配置完成
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/48994/showart_1083897.html |
|
免费注册
发表于 2008-07-17 09:28