Configuring syslog-ng in CentOS/RHEL 7
For a number of reasons, rsyslog is installed in the default CentOS, I do not like. I love when the logs are sorted by year, month, facility, priorities. So the first thing I change rsyslog in syslog-ng. To do this, do the following:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
$ yum -y install syslog-ng $ nano -w /etc/syslog-ng/syslog-ng.conf @version:3.5 @include "scl.conf" #---------------------------------------------------------------------------- # /etc/syslog-ng/syslog-ng.conf: configuration file # $Revision: 0.3-r5 (CentOS Edition by Wakko Warner) $ # $Comment: Any comments please send to wakko@acmelabs.spb.ru $ #---------------------------------------------------------------------------- # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/ # Global Options options { # Enable or disable the chained hostname format chain_hostnames (off); # The number of lines buffered before written to file flush_lines (0); log_fifo_size (1000); # The default action of syslog-ng is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats_freq (43200); time_reopen (10); # The default action of syslog-ng is to log a MARK line # to the file every 20 minutes. That's seems high for most # people so turn it down to once an hour. Set it to zero # if you don't want the functionality at all. mark_freq(3600); # Enable or disable hostname rewriting keep_hostname (yes); # Enable or disable directory creation for destination files create_dirs (yes); # userid/groupid/permission value for files owner ("root"); group ("adm"); perm (0640); # userid/groupid/permission value for directories dir_owner ("root"); dir_group ("adm"); dir_perm (0750); # Enable or disable DNS usage use_dns (no); # Add Fully Qualified Domain Name instead of short hostname use_fqdn (no); long_hostnames (off); }; source s_sys { system(); internal(); # udp(ip(0.0.0.0) port(514)); }; # Sources of syslog messages (both local and remote messages on the server) source s_local { system(); internal(); }; source s_tcp { tcp (ip ("127.0.0.1") port (514) max-connections (1) ); }; source s_udp { udp (ip ("0.0.0.0") port (514)); }; # By default messages are logged to tty12... #destination d_console_all { file("/dev/tty12"); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination d_console_all { file("/dev/console"); }; #destination d_console_all { file("/dev/null"); }; destination d_console_all { program("/bin/cat >/dev/null"); }; # Destinations destination d_usertty { usertty("*"); }; destination d_everything { file("/var/log/syslog-$HOST/$YEAR-$MONTH/$FACILITY.$PRIORITY.log" template("$FULLDATE $MSGHDR$MSG\n") template_escape(no) ); }; # Filters filter f_emergency { level(emerg); }; filter f_fetchmail_warnings { not(match("fetchmail" value("PROGRAM")) and match("Warning: the connection is insecure, continuing anyways." value("MESSAGE"))); }; log { source(s_local); filter(f_emergency); destination(d_usertty); }; log { source(s_local); filter(f_fetchmail_warnings); destination(d_everything); }; log { source(s_local); filter(f_fetchmail_warnings); destination(d_console_all); }; log { source(s_tcp); destination(d_everything); }; log { source(s_tcp); destination(d_console_all); }; log { source(s_udp); destination(d_everything); }; log { source(s_udp); destination(d_console_all); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf" # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: $ systemctl stop rsyslog.service $ systemctl start syslog-ng.service $ systemctl disable rsyslog.service $ systemctl enable syslog-ng.service $ yum -y remove rsyslog |
Update from 2015-12-18: Don’t forget to read this post.
Tuan
29.07.2016 - 09:27
Hi,
cd /
mkdir logcentral
I have changed the:
file(“/logcentral/syslog-$HOST/$YEAR-$MONTH/$FACILITY.$PRIORITY.log”
template(“$FULLDATE $MSGHDR$MSG\n”)
template_escape(no)
);
But it doesn’t work ? Can you help ?
Thanks,