Differences

This shows you the differences between two versions of the page.

--- сервис_syslog [2010/12/07 17:13]
val created
+++ сервис_syslog [2010/12/07 17:28]
val
@@ Line 1: / Line 1: @@
 ====== Сервис SYSLOG ======
+===== FreeBSD =====
+<code>
+[server:~] # grep syslog /etc/rc.conf
+syslogd_flags="-a 192.168.X.0/24:*"
+[server:~] # cat /etc/syslog.conf
+...
+local0.*                                        /var/log/cisco.log
+!ppp
+...
+[server:~] # touch /var/log/cisco.log
+[server:~] # /etc/rc.d/syslogd restart
+[server:~] # tail -f /var/log/cisco.log
+</code>
+===== Ubuntu 8.04 (syslogd) =====
+<code>
+root@server:~# cat /etc/default/syslogd
+...
+SYSLOGD="-r"
+root@server:~# cat /etc/syslog.conf
+...
+local0.*      /var/log/cisco.log
+root@server:~# touch /var/log/cisco.log
+root@server:~# chown syslog:adm /var/log/cisco.log
+root@server:~# /etc/init.d/sysklogd restart
+root@server:~# tail -f /var/log/cisco.log
+</code>
+===== Ubuntu 10.04 (rsyslogd) =====
+<code>
+root@server:~# cat  /etc/rsyslog.conf
+...
+$ModLoad imudp
+$UDPServerRun 514
+...
+root@server:~# cat /etc/rsyslog.d/30-cisco.conf
+local0.*                        -/var/log/cisco.log
+root@server:~# touch /var/log/cisco.log
+root@server:~# chown syslog:adm /var/log/cisco.log
+root@server:~# restart rsyslog
+root@server:~# tail -f /var/log/cisco.log
+</code>
+===== Пример использования syslogd =====
+man syslog.conf
+<code>
+[hostX:~] # shutdown -p 17:30
+[hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic'
+[hostX:~] # cat syslog.conf
+...
+local6.*                                   /var/log/clamd.log
+...
+[hostX:~] # touch /var/log/clamd.log
+[hostX:~] # /etc/rc.d/syslogd reload
+[hostX:~] # clamdscan virus.zip
+</code>
+===== Ротация файлов регистрации =====
+<code>
+[hostX:~] # cat /etc/newsyslog.conf
+...
+/var/log/clamd.log                      600  7     10   *     J
+/var/log/httpd-access.log               644  10    1000 *     JC    /var/run/httpd.pid 30
+/var/log/httpd-error.log                644  10    1000 *     JC    /var/run/httpd.pid 30
+/var/log/httpd-ssl_request.log          644  10    1000 *     JC    /var/run/httpd.pid 30
+[hostX:~] # cat logger.sh
+while :
+do
+  logger -t clamd -p local7.info "Message 1"
+  logger -t clamd -p local7.info "Message 2"
+done
+[hostX:~] # sh logger.sh
+...
+<Ctrl>-C
+[hostX:~] # tail -f /var/log/clamd.log
+...
+<Ctrl>-C
+[hostX:~] # newsyslog
+[hostX:~] # ls -l /var/log/clamd.log*
+</code>
+===== Использование syslogd в сети=====
+==== Настройка сервера ====
+<code>
+[hostX:~] # cat /etc/rc.conf
+...
+syslogd_flags="-a 192.168.X.0/24"
+</code>
+Сокращенная форма 192.168.X/24 не распознается!
+<code>
+[hostX:~] # /etc/rc.d/syslogd restart
+</code>
+==== Настройка клиента ====
+<code>
+[gate:~] # cat /etc/syslog.conf
+*.*                                           @hostX
+...
+[gate:~] # /etc/rc.d/syslogd restart
+</code>
+===== Передача сообщений syslogd в программу =====
+<code>
+[hostX:~] # cat syslog.sh
+#!/bin/sh
+while read m
+do
+        if expr "$m" : '.*login.*' > /dev/null
+        then
+                echo $m | mail -s login root
+        fi
+done
+[hostX:~] # chmod +x syslog.sh
+[hostX:~] # cat /etc/syslog.conf
+...
+auth.*                                        | /root/syslog.sh
+...
+</code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools