1、安装syslog-ng
#cd /root/pkgs
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm
#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
#cd /usr/src/redhat/SOURCES/
#tar zxvf eventlog_0.2.9.tar.gz
#cd eventlog-0.2.9/
#rpmbuild --ba eventlog.spec.bb
#cd /usr/src/redhat/RPMS/x86_64
#rpm -Uvh libevtlog*
#cd /root/pkgs/
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
sysllog-ng软件会安装到/opt/syslog-ng/目录下
2、安装logzilla
#cd /root/pkgs/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz
#tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
3、修改syslog-ng的配置
#cd /opt/syslog-ng/
具体配置文件选项请参考:
http://www.balabit.com/sites/default/files/documents/syslog-ng-v3.0-guide-admin-en.html/chapter_configuration.html 或者
4、安装logzilla
a、安装logzilla所需的web基础环境(本文使用lamp,具体安装略)
b、解压logzilla包,并配置Apache
#mkdir -p /www/webroot/
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz
#tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
#cd /root/pkgs
#wget http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.3/setups/rhel-5-i386/syslog-ng-3.0.3-1.rhel5.i386.rpm
#wget http://www.balabit.com/downloads/files/eventlog/0.2/eventlog_0.2.9.tar.gz
#cp eventlog_0.2.9.tar.gz /usr/src/redhat/SOURCES/
#cd /usr/src/redhat/SOURCES/
#tar zxvf eventlog_0.2.9.tar.gz
#cd eventlog-0.2.9/
#rpmbuild --ba eventlog.spec.bb
#cd /usr/src/redhat/RPMS/x86_64
#rpm -Uvh libevtlog*
#cd /root/pkgs/
#rpm -Uvh syslog-ng-3.0.3-1.rhel5.i386.rpm
sysllog-ng软件会安装到/opt/syslog-ng/目录下
2、安装logzilla
#cd /root/pkgs/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz
#tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
3、修改syslog-ng的配置
#cd /opt/syslog-ng/
#vi etc/syslog-ng.conf
@version: 3.0
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
source s_local {
udp(ip(0.0.0.0) port(514));
};
# destinations
destination d_messages { file("/var/log/syslog-ng/$HOST"); };
###########################################################################################
# Clay's LogZilla config below
###########################################################################################
# Last updated on 2010-06-15
###########################################################################################
options {
long_hostnames(off);
# doesn't actually help on Solaris, log(3) truncates at 1024 chars
log_msg_size(8192);
# buffer just a little for performance
# sync(1); <- Deprecated - use flush_lines() instead
flush_lines(1);
# memory is cheap, buffer messages unable to write (like to loghost)
log_fifo_size(16384);
# Hosts we don't want syslog from
#bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished (seconds)
time_reopen(10);
#Use DNS so that our good names are used, not hostnames
use_dns(yes);
dns_cache(yes);
#Use the whole DNS name
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
#Read permission for everyone
perm(0644);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# # how many messages syslog-ng missed (0).
# stats(43200);
};
destination d_logzilla {
program("/www/webroot/php-syslog-ng/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
template_escape(yes)
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_local);
destination(d_logzilla);
destination(d_messages);
};
source s_local {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
source s_local {
udp(ip(0.0.0.0) port(514));
};
# destinations
destination d_messages { file("/var/log/syslog-ng/$HOST"); };
###########################################################################################
# Clay's LogZilla config below
###########################################################################################
# Last updated on 2010-06-15
###########################################################################################
options {
long_hostnames(off);
# doesn't actually help on Solaris, log(3) truncates at 1024 chars
log_msg_size(8192);
# buffer just a little for performance
# sync(1); <- Deprecated - use flush_lines() instead
flush_lines(1);
# memory is cheap, buffer messages unable to write (like to loghost)
log_fifo_size(16384);
# Hosts we don't want syslog from
#bad_hostname("^(ctld.|cmd|tmd|last)$");
# The time to wait before a dead connection is reestablished (seconds)
time_reopen(10);
#Use DNS so that our good names are used, not hostnames
use_dns(yes);
dns_cache(yes);
#Use the whole DNS name
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
#Read permission for everyone
perm(0644);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# # how many messages syslog-ng missed (0).
# stats(43200);
};
destination d_logzilla {
program("/www/webroot/php-syslog-ng/scripts/db_insert.pl"
template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
template_escape(yes)
);
};
# Tell syslog-ng to log to our new destination
log {
source(s_local);
destination(d_logzilla);
destination(d_messages);
};
http://www.balabit.com/sites/default/files/documents/syslog-ng-v3.0-guide-admin-en.html/chapter_configuration.html 或者
http://www.linuxfly.org/post/171/1/1/
4、安装logzilla
a、安装logzilla所需的web基础环境(本文使用lamp,具体安装略)
b、解压logzilla包,并配置Apache
#mkdir -p /www/webroot/
#cd /www/webroot/
#wget http://php-syslog-ng.googlecode.com/files/logzilla_v2.9.9o.tgz
#tar xzvf logzilla_v2.9.9o.tgz
#mkdir -p /var/log/logzilla
修改Apache配置
<VirtualHost *:80>
ServerAdmin junleeee@163.com
DocumentRoot /www/webroot/php-syslog-ng/html/
ServerName 192.168.1.10
ErrorLog logs/error_log
CustomLog logs/access_log common
# LogZilla
Alias /logs "/www/webroot/php-syslog-ng/html/"
<Directory "/www/webroot/php-syslog-ng/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
ServerAdmin junleeee@163.com
DocumentRoot /www/webroot/php-syslog-ng/html/
ServerName 192.168.1.10
ErrorLog logs/error_log
CustomLog logs/access_log common
# LogZilla
Alias /logs "/www/webroot/php-syslog-ng/html/"
<Directory "/www/webroot/php-syslog-ng/html/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
c、web界面安装logzilla
1)浏览http://192.168.1.10/logs进入安装界面:
注:如在改页面出现红色提示,可以调整相应文件和文件夹的权限,以及php的配置。
这样就安装完成了。
