Centralized syslog-ng to Mysql Installation Guide
1.Requirement
OS: Red Hat 9.0
Database: MySQL 4.0.20
Web Server: Apache2
PHP Supported.
Packages:
syslog-ng-1.6.5.tar.gz
libol-0.3.14.tar.gz
php-syslog-ng-2.5.1.tar.gz
2.Installation
2.1 Install libol-0.3.14.tar.gz
The Libol package contains support libraries needed by Syslog-ng.
2.1.1 Prepare Libol for compilation
#tar zxvf libol-3.0.14.tar.gz
#./configure --prefix=/usr --enable-shared
2.1.2 Compile Libol
#make
2.1.3 Install
#make install
2.2 Install syslog-ng-1.6.5.tar.gz
2.2.1 Prepare Syslog-ng for compilation
#tar zxvf syslog-ng-1.6.5.tar.gz
#./configure --prefix=/usr --sysconfdir=/etc
2.2.2 Compile Syslog-ng
#make
2.2.3 Install
#make install
2.3 Extract php-syslog-ng-2.5.1.tar.gz
Extract php-syslog-ng-2.5.1.tar.gz under Apache's document root (ex: /usr/local/apache2/htdocs)
3.Configuration
3.1 Create Database Schema
3.1.1 Edit syslog-ng.sql script for creating log database schema
=== syslog-ng.sql script start here ===
CREATE DATABASE syslog;
USE syslog;
CREATE TABLE logs (
host varchar(32) default NULL,
facility varchar(10) default NULL,
priority varchar(10) default NULL,
level varchar(10) default NULL,
tag varchar(10) default NULL,
date date default NULL,
time time default NULL,
program varchar(15) default NULL,
msg text,
seq int(10) unsigned NOT NULL auto_increment,
PRIMARY KEY (seq),
KEY host (host),
KEY seq (seq),
KEY program (program),
KEY time (time),
KEY date (date),
KEY priority (priority),
KEY facility (facility)
) TYPE=MyISAM;
=== syslog-ng.sql script end here ===
3.1.2 Run the command to install the database into mysql.
#mysql -u YOURACCOUNT -p <>
3.2 Edit syslog-ng.conf
Edit syslog-ng.conf (default installation path will be /usr/local/etc/syslog-ng/ depends on your installation prefix argument)
=== Configuration file start here ===
options
{
chain_hostnames(no);
create_dirs (no);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
log_msg_size(8192);
long_hostnames(on);
perm(0644);
stats(3600);
sync(0);
time_reopen (10);
use_dns(yes);
use_fqdn(yes);
};
#----------------------------------------------------------------------
# Sources
#----------------------------------------------------------------------
# For Linux
#----------------------------------------------------------------------
source s_stream
{ unix-stream("/dev/log"); };
source s_internal
{ internal(); };
source s_kernel
{ pipe("/proc/kmsg" log_prefix("kernel: ")); };
#----------------------------------------------------------------------
# Piping method
#----------------------------------------------------------------------
destination database { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
#----------------------------------------------------------------------
# Logging to a database
#----------------------------------------------------------------------
log { source(s_stream);
source(s_internal);
source(s_kernel); destination(database); };
=== Configuration file end here ===
3.3 Pipe and startup script
3.3.1 Setup syslog-ng run as a daemon
(1)Edit /etc/rc.d/init.d/syslog-ng as below,
=== syslog-ng script start here ===
################################################################################
#
# Program: syslog-ng init script for Red Hat
#
################################################################################
# the following information is for use by chkconfig
# if you are want to manage this through chkconfig (as you should), you must
# first must add syslog-ng to chkconfig's list of startup scripts it
# manages by typing:
#
# chkconfig --add syslog-ng
#
# DO NOT CHANGE THESE LINES (unless you know what you are doing)
# chkconfig: 2345 12 88
# description: syslog-ng is the next generation of the syslog daemon. \
# syslog-ng gives you the flexibility of logging not only by facility and \
# severity, but also by host, message content, date, etc. it can also replace \
# klogd's function of logging kernel messages
#
# This following block of lines is correct, do not change! (for more info, see
# http://www.linuxbase.org/spec/refspecs/LSB_1.1.0/gLSB/facilname.html)
### BEGIN INIT INFO
# Provides: $syslog
### END INIT INFO
################################################################################
#
# This is an init script for syslog-ng on the Linux platform.
#
# It totally relies on the Redhat function library and works the same
# way as other typical Redhat init scripts.
#
#
# Platforms (tested): Linux (Redhat 7.3)
#
#
# Author: Gregor Binder
# Changed: October 10, 2000
#
# Last Changed: September 27, 2002
# Updated by: Diane Davidowicz
# changes: Brought the start script up to snuff as far as compliance
# with managing the startup script through chkconfig;
# added PATH variable ability to hook in path to syslog-ng (if
# its necessary); converted init script format to the
# standard init script format in Red Hat (7.3 to be exact)
# including using the /etc/sysconfig/syslog-ng file to
# managed the arguments to syslog-ng without changing this
# script, and disabled klogd but noted where and under what
# conditions it should be enabled. HAPPY LOGGING.
#
# Copyright (c) 2000 by sysfive.com GmbH, All rights reserved.
#
#
################################################################################
#
# configuration
#
INIT_PROG="/usr/local/sbin/syslog-ng" # Full path to daemon
INIT_OPTS="" # options passed to daemon
#
# Source Redhat function library.
#
. /etc/rc.d/init.d/functions
# Tack on path to syslog-ng if not already in PATH
SYSLOGNG_PATH=":/usr/local/sbin"
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
INIT_NAME=`basename "$INIT_PROG"`
# /etc/sysconfig/ is the standard way to pull in options for a daemon to use.
# Source config
if [ -f /etc/sysconfig/syslog-ng ] ; then
. /etc/sysconfig/syslog-ng
else
SYSLOGNG_OPTIONS=
fi
RETVAL=0
umask 077
ulimit -c 0
# See how we were called.
start() {
echo -n "Starting $INIT_PROG: "
#daemon $INIT_PROG $SYSLOGNG_OPTIONS
daemon --check $INIT_PROG "$INIT_PROG $INIT_OPTS"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
stop() {
echo -n "Stopping $INIT_PROG: "
killproc $INIT_PROG
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f "/var/lock/subsys/${INIT_NAME}"
return $RETVAL
}
rhstatus() {
status $INIT_PROG
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart|reload)
restart
;;
condrestart)
[ -f /var/lock/subsys/syslog-ng ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $?
=== syslog-ng script end here ===
(2)Set as startup script
#chmod ugo+x /etc/rc.d/init.d/syslog-ng
#chkconfig --add syslog-ng
3.3.2 Setup mysql-pipe file run as startup
(1)Edit /etc/rc.d/init.d/sqlsyslogd as below,
=== sqlsyslogd script start here ===
#!/bin/bash
#
# sqlsyslogd This is a daemon that takes syslog-ng input and pipe it into
# a MySQL database.
#
# chkconfig: 2345 98 10
# description: sqlsyslogd bridges syslog-ng and mysql.
# author: Josh Kuo Thu 2004/08/12 13:21:56 PDT
. /etc/rc.d/init.d/functions
case "$1" in
start)
if [ -x /tmp/mysql.pipe ]; then
mkfifo /tmp/mysql.pipe
else
# if the service is already running, do not start another one
PIDS=`pidofproc mysql`
if [ "$PIDS" ]; then
echo "sqlsyslogd is already running."
exit 1
fi
mysql -u YOURACCOUNT -h YOURMYSQLSERVERNAME -pYOURPASSWORD syslog < /tmp/mysql.pipe &
fi
;;
stop )
killproc mysql
;;
*)
echo "Usage: sqlsyslogd {start|stop}"
exit 1;
esac
exit 0;
=== sqlsyslogd script end here ===
(2)Set as startup script
#chmod ugo+x /etc/rc.d/init.d/sqlsyslogd
#chkconfig --add sqlsyslogd
3.4 Set Apache log to syslog-ng (Optional)
(1) Modify the httpd.conf (/usr/local/apache2/conf/httpd.conf) put the syslog instead of the file name /logs/error_log as below,
=== parts of httpd.conf here ===
LogLevel notice
ErrorLog syslog
=== parts of httpd.conf here ===
(2) Modify the httpd.conf about the access Log setting as below,
=== part of httpd.conf here ===
CustomLog "| /usr/bin/logger -p local.info" common
=== part of httpd.conf here ===
(3) Add the corresponding entry required in /etc/syslog.conf (In order to keep a copy in local system)
=== part of syslog.conf here ===
local7.* /var/log/local7.log
local1.* /var/log/local1.log
=== part of syslog.conf here ===
(4) Restart the httpd service and syslog service
#service syslog restart
#/usr/local/apache2/bin/apachectl -k restart
3.5 Start the syslog-ng services
Run the following command or reboot the system.
#service syslog-ng start
#service sqlsyslogd start
4.Syslog-ng Monitor
4.1 Modify db_fns.php
(1)Configure the database function of php include file. YOURDOCROOT/YOURFOLDERNAME/includes/db_fns.php
=== db_fns.php start here ===
function db_connect_syslog()
{
$result = mysql_pconnect("YOURMYSQLSERVERNAME", "YOURACCOUNT", "YOURPASSWORD");
if (!$result)
return false;
if (!mysql_select_db("syslog"))
return false;
return $result;
}
?>
=== db_fns.php end here ===
(2)Monitor from browser
http://YOURHOST/YOURFOLDERNAME/index.php
5.Reference
http://www.campin.net/syslog-ng/faq.html
http://vermeer.org/projects.php
Written by Sam Lin 2004/09/16
No comments:
Post a Comment