User Tools
сервис_syslog
This is an old revision of the document!
Table of Contents
Сервис SYSLOG
FreeBSD
[server:~] # grep syslog /etc/rc.conf syslogd_flags="-a 192.168.X.0/24:*" [server:~] # cat /etc/syslog.conf ... local0.* /var/log/cisco.log !ppp ... [server:~] # touch /var/log/cisco.log [server:~] # /etc/rc.d/syslogd restart [server:~] # tail -f /var/log/cisco.log
Ubuntu 8.04 (syslogd)
root@server:~# cat /etc/default/syslogd ... SYSLOGD="-r" root@server:~# cat /etc/syslog.conf ... local0.* /var/log/cisco.log root@server:~# touch /var/log/cisco.log root@server:~# chown syslog:adm /var/log/cisco.log root@server:~# /etc/init.d/sysklogd restart root@server:~# tail -f /var/log/cisco.log
Ubuntu 10.04 (rsyslogd)
root@server:~# cat /etc/rsyslog.conf ... $ModLoad imudp $UDPServerRun 514 ... root@server:~# cat /etc/rsyslog.d/30-cisco.conf local0.* -/var/log/cisco.log root@server:~# touch /var/log/cisco.log root@server:~# chown syslog:adm /var/log/cisco.log root@server:~# restart rsyslog root@server:~# tail -f /var/log/cisco.log
Пример использования syslogd
man syslog.conf
[hostX:~] # shutdown -p 17:30 [hostX:~] # logger -t clamd -p kern.emerg 'Kernel Panic' [hostX:~] # cat syslog.conf ... local6.* /var/log/clamd.log ... [hostX:~] # touch /var/log/clamd.log [hostX:~] # /etc/rc.d/syslogd reload [hostX:~] # clamdscan virus.zip
Ротация файлов регистрации
[hostX:~] # cat /etc/newsyslog.conf ... /var/log/clamd.log 600 7 10 * J /var/log/httpd-access.log 644 10 1000 * JC /var/run/httpd.pid 30 /var/log/httpd-error.log 644 10 1000 * JC /var/run/httpd.pid 30 /var/log/httpd-ssl_request.log 644 10 1000 * JC /var/run/httpd.pid 30 [hostX:~] # cat logger.sh while : do logger -t clamd -p local7.info "Message 1" logger -t clamd -p local7.info "Message 2" done [hostX:~] # sh logger.sh ... <Ctrl>-C [hostX:~] # tail -f /var/log/clamd.log ... <Ctrl>-C [hostX:~] # newsyslog [hostX:~] # ls -l /var/log/clamd.log*
Использование syslogd в сети
Настройка сервера
[hostX:~] # cat /etc/rc.conf ... syslogd_flags="-a 192.168.X.0/24"
Сокращенная форма 192.168.X/24 не распознается!
[hostX:~] # /etc/rc.d/syslogd restart
Настройка клиента
[gate:~] # cat /etc/syslog.conf *.* @hostX ... [gate:~] # /etc/rc.d/syslogd restart
Передача сообщений syslogd в программу
[hostX:~] # cat syslog.sh
#!/bin/sh
while read m
do
if expr "$m" : '.*login.*' > /dev/null
then
echo $m | mail -s login root
fi
done
[hostX:~] # chmod +x syslog.sh
[hostX:~] # cat /etc/syslog.conf
...
auth.* | /root/syslog.sh
...
сервис_syslog.1291731870.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
