리눅스 > Redhat(CentOS) > [Redhat] syslog-ng 설정하기 2

	게시물 259건

[Redhat] syslog-ng 설정하기 2

글쓴이 : theko 날짜 : 2014-04-17 (목) 15:51 조회 : 2111

테스트 하기
A = 192.168.0.92
B = 192.168.0.93
c = 192.168.0.93

- A 서버에서 B 로 5238port 전송, C로는 5239 포트로 전송하기

1) A 서버 에서 의 설정
# vi /etc/syslog-ng/syslog-ng.conf

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (yes);
          #use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          keep_hostname (no);
          #keep_hostname (yes);
        };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" perm(0644)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
#destination d_http_access { file("/var/log/http/access_log"); };
#destination d_http_error { file("/var/log/http/error_log"); };
destination d_mlal { usertty("*"); };
destination d_xinetd { file("/var/log/xinetd.log"); };

destination d_logsrv { tcp("192.168.0.93" port(5238)); };

destination d_logsrv1 { tcp("192.168.0.94" port(5239)); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or facility(authpriv) or facility(cron) or match("httpd\\: ")); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter40     { facility(mail) and not match("spam[c-d]\\["); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7) and not match("httpd\\[.+ \\[error\\] ");};
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(local2); };
#filter f_http_access     { match("httpd\\: "); };
#filter f_http_error     { facility(local7) and match("httpd\\[.+ \\[error\\] "); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_logsrv); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter2); destination(d_logsrv); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter3); destination(d_logsrv); };
log { source(s_sys); filter(f_filter40); destination(d_mail); };
log { source(s_sys); filter(f_filter4); destination(d_logsrv); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter8); destination(d_logsrv); };
log { source(s_sys); filter(f_filter9); destination(d_logsrv); };

2) B 서버의 설정
# vi /etc/syslog-ng/syslog-ng.conf

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_logsrv { tcp("192.168.0.93" port(5238)); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or facility(authpriv) or facility(cron) or match("httpd\\: ")); };
"/etc/syslog-ng/syslog-ng.conf" 107L, 4878C
filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and not (facility(mail) or facility(authpriv) or facility(cron) or match("httpd\\: ")); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter40     { facility(mail) and not match("spam[c-d]\\["); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7) and not match("httpd\\[.+ \\[error\\] ");};
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(local2); };

destination d_logsrv1 { tcp("192.168.0.94" port(5239)); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter2); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };

log { source(s_sys); filter(f_filter2); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter3); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter40); destination(d_mail); };
log { source(s_sys); filter(f_filter4); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter8); destination(d_logsrv1); };
log { source(s_sys); filter(f_filter9); destination(d_logsrv1); };

3) C 서버 설정
# vi /etc/syslog-ng/syslog-ng.conf

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
#       - for Red Hat 7.3
#       - totally do away with klogd
#       - add message "kernel:" as is done with klogd.
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
#       - use the log_prefix option as per Balazs Scheidler's email
#

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (yes);
          #keep_hostname (no);
          keep_hostname (yes);
        };

source s_sys { pipe ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" perm(0644)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
"syslog-ng.conf" 85L, 4074C
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
destination d_xinetd { file("/var/log/xinetd.log"); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter40); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

source s_aplusit {
tcp(ip(0.0.0.0) port(5239));
};

destination d_filter1 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/kern/kern-$DAY"); };
destination d_filter2 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/message/message-$DAY"); };
destination d_filter3 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/auth/auth-$DAY"); };
destination d_filter4 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/mail/mail-$DAY"); };
destination d_filter5 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/tty/tty-$DAY"); };

destination d_filter4 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/mail/mail-$DAY"); };
destination d_filter5 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/tty/tty-$DAY"); };
destination d_filter6 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/spool/spool-$DAY"); };
destination d_filter7 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/boot/boot-$DAY"); };
destination d_filter8 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/cron/cron-$DAY"); };
destination d_filter9 { file ("/var/log/HOSTS/$HOST/$YEAR.$MONTH/filter9/filter9-$DAY"); };
log { source (s_aplusit); filter(f_filter1); destination (d_filter1);};
log { source (s_aplusit); filter(f_filter2); destination (d_filter2);};
log { source (s_aplusit); filter(f_filter3); destination (d_filter3);};
log { source (s_aplusit); filter(f_filter4); destination (d_filter4);};
log { source (s_aplusit); filter(f_filter5); destination (d_filter5);};
log { source (s_aplusit); filter(f_filter6); destination (d_filter6);};
log { source (s_aplusit); filter(f_filter7); destination (d_filter7);};
log { source (s_aplusit); filter(f_filter8); destination (d_filter8);};
log { source (s_aplusit); filter(f_filter9); destination (d_filter9);};

theko

2014-04-17 (목) 16:06

서버쪽만 아래 내용 추가

source s_aplusit {
tcp(ip(0.0.0.0) port(5238) max-connections(5000));
};