User Tools
регистрация_событий_в_системе
This is an old revision of the document!
Table of Contents
Регистрация событий в системе
Варианты реализации журналирования процессов в службах на примере clamd
[gX:~] # rcsdiff /usr/local/etc/clamd.conf 14c14 < LogFile /var/log/clamav/clamd.log --- > # LogFile /var/log/clamav/clamd.log 43c43 < #LogSyslog yes --- > LogSyslog yes 48c48 < #LogFacility LOG_MAIL --- > LogFacility LOG_LOCAL6 [gX:~] # /usr/local/etc/rc.d/clamav-clamd reload
Пример использования syslogd
man syslog.conf
[gX:~] # shutdown -p 17:30 [gX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' [gX:~] # cat syslog.conf ... local6.* /var/log/clamd.log ... [gX:~] # touch /var/log/clamd.log [gX:~] # /etc/rc.d/syslogd reload [gX:~] # clamdscan virus.zip
Ротация файлов регистрации
[gX:~] # cat /etc/newsyslog.conf ... /var/log/clamd.log 600 7 10 * J [gX:~] # cat logger.sh while : do logger -t clamd -p local7.info "Message 1" logger -t clamd -p local7.info "Message 2" done [gX:~] # sh logger.sh ... <Ctrl>-C [gX:~] # tail -f /var/log/clamd.log ... <Ctrl>-C [gX:~] # newsyslog [gX:~] # ls -l /var/log/clamd.log*
Использование syslogd в сети
Настройка сервера
[gX:~] # cat /etc/rc.conf ... syslogd_flags="-a 192.168.X.0/24"
Сокращенная форма 192.168.X/24 не распознается!
[gX:~] # /etc/rc.d/syslogd restart
Настройка клиента
[g50:~] # cat /etc/syslog.conf *.* @gX ... [g50:~] # /etc/rc.d/syslogd restart
Передача сообщений syslogd в программу
[gX:~] # cat syslog.sh
#!/bin/sh
while read m
do
if expr "$m" : '.*login.*' > /dev/null
then
echo $m | mail -s login root
fi
done
[gX:~] # chmod +x syslog.sh
[gX:~] # cat /etc/syslog.conf
...
auth.* | /root/syslog.sh
...
регистрация_событий_в_системе.1243054315.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
