Настройка syslog-ng в CentOS/RHEL 7
По ряду причин, rsyslog устанавливаемый в CentOS по умолчанию, мне не нравится. Я люблю когда логи упорядочиваются по годам, месяцам, facility, приоритетам. Поэтому первым делом я меняю rsyslog на syslog-ng. Для этого сделаем следующее:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
$ yum -y install syslog-ng $ nano -w /etc/syslog-ng/syslog-ng.conf @version:3.5 @include "scl.conf" #---------------------------------------------------------------------------- # /etc/syslog-ng/syslog-ng.conf: configuration file # $Revision: 0.3-r5 (CentOS Edition by Wakko Warner) $ # $Comment: Any comments please send to wakko@acmelabs.spb.ru $ #---------------------------------------------------------------------------- # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/ # Global Options options { # Enable or disable the chained hostname format chain_hostnames (off); # The number of lines buffered before written to file flush_lines (0); log_fifo_size (1000); # The default action of syslog-ng is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats_freq (43200); time_reopen (10); # The default action of syslog-ng is to log a MARK line # to the file every 20 minutes. That's seems high for most # people so turn it down to once an hour. Set it to zero # if you don't want the functionality at all. mark_freq(3600); # Enable or disable hostname rewriting keep_hostname (yes); # Enable or disable directory creation for destination files create_dirs (yes); # userid/groupid/permission value for files owner ("root"); group ("adm"); perm (0640); # userid/groupid/permission value for directories dir_owner ("root"); dir_group ("adm"); dir_perm (0750); # Enable or disable DNS usage use_dns (no); # Add Fully Qualified Domain Name instead of short hostname use_fqdn (no); long_hostnames (off); }; source s_sys { system(); internal(); # udp(ip(0.0.0.0) port(514)); }; # Sources of syslog messages (both local and remote messages on the server) source s_local { system(); internal(); }; source s_tcp { tcp (ip ("127.0.0.1") port (514) max-connections (1) ); }; source s_udp { udp (ip ("0.0.0.0") port (514)); }; # By default messages are logged to tty12... #destination d_console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination d_console_all { file("/dev/console"); }; #destination d_console_all { file("/dev/null"); }; destination d_console_all { program("/bin/cat >/dev/null"); }; # Destinations destination d_usertty { usertty("*"); }; destination d_everything { file("/var/log/syslog-$HOST/$YEAR-$MONTH/$FACILITY.$PRIORITY.log" template("$FULLDATE $MSGHDR$MSG\n") template_escape(no) ); }; # Filters filter f_emergency { level(emerg); }; filter f_fetchmail_warnings { not(match("fetchmail" value("PROGRAM")) and match("Warning: the connection is insecure, continuing anyways." value("MESSAGE"))); }; log { source(s_local); filter(f_emergency); destination(d_usertty); }; log { source(s_local); filter(f_fetchmail_warnings); destination(d_everything); }; log { source(s_local); filter(f_fetchmail_warnings); destination(d_console_all); }; log { source(s_tcp); destination(d_everything); }; log { source(s_tcp); destination(d_console_all); }; log { source(s_udp); destination(d_everything); }; log { source(s_udp); destination(d_console_all); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf" # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: $ systemctl stop rsyslog.service $ systemctl start syslog-ng.service $ systemctl disable rsyslog.service $ systemctl enable syslog-ng.service $ yum -y remove rsyslog |
Update от 18.12.2015: Не забудьте прочитать эту заметку.