User Tools
регистрация_событий_в_системе
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
регистрация_событий_в_системе [2009/07/02 15:31] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Регистрация событий в системе ====== | ||
| - | |||
| - | ===== Варианты реализации журналирования процессов в службах на примере clamd ===== | ||
| - | <code> | ||
| - | [hostX:~] # rcsdiff /usr/local/etc/clamd.conf | ||
| - | 14c14 | ||
| - | < LogFile /var/log/clamav/clamd.log | ||
| - | --- | ||
| - | > # LogFile /var/log/clamav/clamd.log | ||
| - | 43c43 | ||
| - | < #LogSyslog yes | ||
| - | --- | ||
| - | > LogSyslog yes | ||
| - | 48c48 | ||
| - | < #LogFacility LOG_MAIL | ||
| - | --- | ||
| - | > LogFacility LOG_LOCAL6 | ||
| - | |||
| - | [hostX:~] # /usr/local/etc/rc.d/clamav-clamd reload | ||
| - | </code> | ||
| - | |||
| - | ===== Пример использования syslogd ===== | ||
| - | man syslog.conf | ||
| - | <code> | ||
| - | [hostX:~] # shutdown -p 17:30 | ||
| - | |||
| - | [hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' | ||
| - | |||
| - | [hostX:~] # cat syslog.conf | ||
| - | ... | ||
| - | local6.* /var/log/clamd.log | ||
| - | ... | ||
| - | |||
| - | [hostX:~] # touch /var/log/clamd.log | ||
| - | |||
| - | [hostX:~] # /etc/rc.d/syslogd reload | ||
| - | |||
| - | [hostX:~] # clamdscan virus.zip | ||
| - | </code> | ||
| - | |||
| - | ===== Ротация файлов регистрации ===== | ||
| - | <code> | ||
| - | [hostX:~] # cat /etc/newsyslog.conf | ||
| - | ... | ||
| - | /var/log/clamd.log 600 7 10 * J | ||
| - | |||
| - | [hostX:~] # cat logger.sh | ||
| - | while : | ||
| - | do | ||
| - | logger -t clamd -p local7.info "Message 1" | ||
| - | logger -t clamd -p local7.info "Message 2" | ||
| - | done | ||
| - | |||
| - | [hostX:~] # sh logger.sh | ||
| - | ... | ||
| - | <Ctrl>-C | ||
| - | |||
| - | [hostX:~] # tail -f /var/log/clamd.log | ||
| - | ... | ||
| - | <Ctrl>-C | ||
| - | |||
| - | [hostX:~] # newsyslog | ||
| - | |||
| - | [hostX:~] # ls -l /var/log/clamd.log* | ||
| - | </code> | ||
| - | |||
| - | ===== Использование syslogd в сети===== | ||
| - | |||
| - | ==== Настройка сервера ==== | ||
| - | <code> | ||
| - | [hostX:~] # cat /etc/rc.conf | ||
| - | ... | ||
| - | syslogd_flags="-a 192.168.X.0/24" | ||
| - | </code> | ||
| - | |||
| - | Сокращенная форма 192.168.X/24 не распознается! | ||
| - | <code> | ||
| - | [hostX:~] # /etc/rc.d/syslogd restart | ||
| - | </code> | ||
| - | |||
| - | ==== Настройка клиента ==== | ||
| - | <code> | ||
| - | [g50:~] # cat /etc/syslog.conf | ||
| - | *.* @gX | ||
| - | ... | ||
| - | |||
| - | [g50:~] # /etc/rc.d/syslogd restart | ||
| - | </code> | ||
| - | |||
| - | ===== Передача сообщений syslogd в программу ===== | ||
| - | <code> | ||
| - | [hostX:~] # cat syslog.sh | ||
| - | #!/bin/sh | ||
| - | while read m | ||
| - | do | ||
| - | if expr "$m" : '.*login.*' > /dev/null | ||
| - | then | ||
| - | echo $m | mail -s login root | ||
| - | fi | ||
| - | done | ||
| - | |||
| - | [hostX:~] # chmod +x syslog.sh | ||
| - | |||
| - | [hostX:~] # cat /etc/syslog.conf | ||
| - | ... | ||
| - | auth.* | /root/syslog.sh | ||
| - | ... | ||
| - | </code> | ||
регистрация_событий_в_системе.1246534278.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
