This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
регистрация_событий_в_системе [2009/11/20 13:31] val |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Регистрация событий в системе ====== | ||
- | ===== Варианты реализации журналирования процессов в службах на примере clamd ===== | ||
- | <code> | ||
- | [hostX:~] # rcsdiff /usr/local/etc/clamd.conf | ||
- | 14c14 | ||
- | < LogFile /var/log/clamav/clamd.log | ||
- | --- | ||
- | > # LogFile /var/log/clamav/clamd.log | ||
- | 43c43 | ||
- | < #LogSyslog yes | ||
- | --- | ||
- | > LogSyslog yes | ||
- | 48c48 | ||
- | < #LogFacility LOG_MAIL | ||
- | --- | ||
- | > LogFacility LOG_LOCAL6 | ||
- | |||
- | [hostX:~] # /usr/local/etc/rc.d/clamav-clamd reload | ||
- | </code> | ||
- | |||
- | ===== Пример использования syslogd ===== | ||
- | man syslog.conf | ||
- | <code> | ||
- | [hostX:~] # shutdown -p 17:30 | ||
- | |||
- | [hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' | ||
- | |||
- | [hostX:~] # cat syslog.conf | ||
- | ... | ||
- | local6.* /var/log/clamd.log | ||
- | ... | ||
- | |||
- | [hostX:~] # touch /var/log/clamd.log | ||
- | |||
- | [hostX:~] # /etc/rc.d/syslogd reload | ||
- | |||
- | [hostX:~] # clamdscan virus.zip | ||
- | </code> | ||
- | ===== Ротация файлов регистрации ===== | ||
- | <code> | ||
- | [hostX:~] # cat /etc/newsyslog.conf | ||
- | ... | ||
- | /var/log/clamd.log 600 7 10 * J | ||
- | /var/log/httpd-access.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
- | /var/log/httpd-error.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
- | /var/log/httpd-ssl_request.log 644 10 1000 * JC /var/run/httpd.pid 30 | ||
- | |||
- | |||
- | [hostX:~] # cat logger.sh | ||
- | while : | ||
- | do | ||
- | logger -t clamd -p local7.info "Message 1" | ||
- | logger -t clamd -p local7.info "Message 2" | ||
- | done | ||
- | |||
- | [hostX:~] # sh logger.sh | ||
- | ... | ||
- | <Ctrl>-C | ||
- | |||
- | [hostX:~] # tail -f /var/log/clamd.log | ||
- | ... | ||
- | <Ctrl>-C | ||
- | |||
- | [hostX:~] # newsyslog | ||
- | |||
- | [hostX:~] # ls -l /var/log/clamd.log* | ||
- | </code> | ||
- | |||
- | ===== Использование syslogd в сети===== | ||
- | |||
- | ==== Настройка сервера ==== | ||
- | <code> | ||
- | [hostX:~] # cat /etc/rc.conf | ||
- | ... | ||
- | syslogd_flags="-a 192.168.X.0/24" | ||
- | </code> | ||
- | |||
- | Сокращенная форма 192.168.X/24 не распознается! | ||
- | <code> | ||
- | [hostX:~] # /etc/rc.d/syslogd restart | ||
- | </code> | ||
- | ==== Настройка клиента ==== | ||
- | <code> | ||
- | [gate:~] # cat /etc/syslog.conf | ||
- | *.* @hostX | ||
- | ... | ||
- | |||
- | [gate:~] # /etc/rc.d/syslogd restart | ||
- | </code> | ||
- | |||
- | ===== Передача сообщений syslogd в программу ===== | ||
- | <code> | ||
- | [hostX:~] # cat syslog.sh | ||
- | #!/bin/sh | ||
- | while read m | ||
- | do | ||
- | if expr "$m" : '.*login.*' > /dev/null | ||
- | then | ||
- | echo $m | mail -s login root | ||
- | fi | ||
- | done | ||
- | |||
- | [hostX:~] # chmod +x syslog.sh | ||
- | |||
- | [hostX:~] # cat /etc/syslog.conf | ||
- | ... | ||
- | auth.* | /root/syslog.sh | ||
- | ... | ||
- | </code> |