This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
сервис_syslog [2010/12/07 17:13] val created |
сервис_syslog [2010/12/07 17:28] val |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис SYSLOG ====== | ====== Сервис SYSLOG ====== | ||
+ | ===== FreeBSD ===== | ||
+ | <code> | ||
+ | [server:~] # grep syslog /etc/rc.conf | ||
+ | syslogd_flags="-a 192.168.X.0/24:*" | ||
+ | |||
+ | [server:~] # cat /etc/syslog.conf | ||
+ | ... | ||
+ | local0.* /var/log/cisco.log | ||
+ | !ppp | ||
+ | ... | ||
+ | |||
+ | [server:~] # touch /var/log/cisco.log | ||
+ | |||
+ | [server:~] # /etc/rc.d/syslogd restart | ||
+ | |||
+ | [server:~] # tail -f /var/log/cisco.log | ||
+ | </code> | ||
+ | |||
+ | ===== Ubuntu 8.04 (syslogd) ===== | ||
+ | <code> | ||
+ | root@server:~# cat /etc/default/syslogd | ||
+ | ... | ||
+ | SYSLOGD="-r" | ||
+ | |||
+ | root@server:~# cat /etc/syslog.conf | ||
+ | ... | ||
+ | local0.* /var/log/cisco.log | ||
+ | |||
+ | root@server:~# touch /var/log/cisco.log | ||
+ | |||
+ | root@server:~# chown syslog:adm /var/log/cisco.log | ||
+ | |||
+ | root@server:~# /etc/init.d/sysklogd restart | ||
+ | |||
+ | root@server:~# tail -f /var/log/cisco.log | ||
+ | </code> | ||
+ | |||
+ | ===== Ubuntu 10.04 (rsyslogd) ===== | ||
+ | <code> | ||
+ | root@server:~# cat /etc/rsyslog.conf | ||
+ | ... | ||
+ | $ModLoad imudp | ||
+ | $UDPServerRun 514 | ||
+ | ... | ||
+ | |||
+ | root@server:~# cat /etc/rsyslog.d/30-cisco.conf | ||
+ | local0.* -/var/log/cisco.log | ||
+ | |||
+ | root@server:~# touch /var/log/cisco.log | ||
+ | root@server:~# chown syslog:adm /var/log/cisco.log | ||
+ | |||
+ | root@server:~# restart rsyslog | ||
+ | |||
+ | root@server:~# tail -f /var/log/cisco.log | ||
+ | </code> | ||
+ | |||
+ | ===== Пример использования syslogd ===== | ||
+ | |||
+ | man syslog.conf | ||
+ | <code> | ||
+ | [hostX:~] # shutdown -p 17:30 | ||
+ | |||
+ | [hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' | ||
+ | |||
+ | [hostX:~] # cat syslog.conf | ||
+ | ... | ||
+ | local6.* /var/log/clamd.log | ||
+ | ... | ||
+ | |||
+ | [hostX:~] # touch /var/log/clamd.log | ||
+ | |||
+ | [hostX:~] # /etc/rc.d/syslogd reload | ||
+ | |||
+ | [hostX:~] # clamdscan virus.zip | ||
+ | </code> | ||
+ | |||
+ | ===== Ротация файлов регистрации ===== | ||
+ | <code> | ||
+ | [hostX:~] # cat /etc/newsyslog.conf | ||
+ | ... | ||
+ | /var/log/clamd.log 600 7 10 * J | ||
+ | /var/log/httpd-access.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
+ | /var/log/httpd-error.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
+ | /var/log/httpd-ssl_request.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
+ | |||
+ | |||
+ | [hostX:~] # cat logger.sh | ||
+ | while : | ||
+ | do | ||
+ | logger -t clamd -p local7.info "Message 1" | ||
+ | logger -t clamd -p local7.info "Message 2" | ||
+ | done | ||
+ | |||
+ | [hostX:~] # sh logger.sh | ||
+ | ... | ||
+ | <Ctrl>-C | ||
+ | |||
+ | [hostX:~] # tail -f /var/log/clamd.log | ||
+ | ... | ||
+ | <Ctrl>-C | ||
+ | |||
+ | [hostX:~] # newsyslog | ||
+ | |||
+ | [hostX:~] # ls -l /var/log/clamd.log* | ||
+ | </code> | ||
+ | |||
+ | ===== Использование syslogd в сети===== | ||
+ | |||
+ | ==== Настройка сервера ==== | ||
+ | <code> | ||
+ | [hostX:~] # cat /etc/rc.conf | ||
+ | ... | ||
+ | syslogd_flags="-a 192.168.X.0/24" | ||
+ | </code> | ||
+ | |||
+ | Сокращенная форма 192.168.X/24 не распознается! | ||
+ | <code> | ||
+ | [hostX:~] # /etc/rc.d/syslogd restart | ||
+ | </code> | ||
+ | ==== Настройка клиента ==== | ||
+ | <code> | ||
+ | [gate:~] # cat /etc/syslog.conf | ||
+ | *.* @hostX | ||
+ | ... | ||
+ | |||
+ | [gate:~] # /etc/rc.d/syslogd restart | ||
+ | </code> | ||
+ | |||
+ | ===== Передача сообщений syslogd в программу ===== | ||
+ | <code> | ||
+ | [hostX:~] # cat syslog.sh | ||
+ | #!/bin/sh | ||
+ | while read m | ||
+ | do | ||
+ | if expr "$m" : '.*login.*' > /dev/null | ||
+ | then | ||
+ | echo $m | mail -s login root | ||
+ | fi | ||
+ | done | ||
+ | |||
+ | [hostX:~] # chmod +x syslog.sh | ||
+ | |||
+ | [hostX:~] # cat /etc/syslog.conf | ||
+ | ... | ||
+ | auth.* | /root/syslog.sh | ||
+ | ... | ||
+ | </code> |