#yum -y install gcc* tcp_wrappers tcp_wrappers-libs glib2 glib2-devel glib2-static
#yum -y install mysql mysql-server php php-mcrypt php-mbstring php-gd php-mysql
ps:如果要移除yum套件,則使用yum remove
接著確認httpd服務在開機時啟動
#chkconfig httpd on
#service httpd start
接著基本套件設定完成後,開始安裝syslog-ng
首先必須關閉現有rsyslog
#chkconfig --level 2345 rsyslog off
#service rsyslog stop
接著下載eventlog與syslog-ng
#wget --no-check-certificate http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.5.3/source/eventlog_0.2.12+20120504+1700.tar.gz
#wget --no-check-certificate http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.5.3/source/syslog-ng_3.5.3.tar.gz
下載完成後,開始進行安裝作業
#tar -zxvf eventlog_0.2.12+20120504+1700.tar.gz
#cd eventlog-0.2.12+20120504+1700
#./configure --prefix=/usr/local/eventlog
#make
#make install
#tar zxvf syslog-ng_3.5.3.tar.gz
#cd syslog-ng-3.5.3
#export PKG_CONFIG_PATH=/usr/local/eventlog/lib/pkgconfig
#./configure --prefix=/usr/local/syslog-ng
#make
#make install
再來要將syslog-ng添加為系統服務
#vim /etc/init.d/syslog-ng
###內容如下
#!/bin/bash
#
# chkconfig: - 60 27
# description: syslog-ng SysV script.
. /etc/rc.d/init.d/functions
syslog_ng=/usr/local/syslog-ng/sbin/syslog-ng
prog=syslog-ng
pidfile=/usr/local/syslog-ng/var/syslog-ng.pid
lockfile=/usr/local/syslog-ng/var/syslog-ng.lock
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
start() {
echo -n $"Starting $prog: "
daemon --pidfile=$pidfile $syslog_ng $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile -d $STOP_TIMEOUT $syslog_ng
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f $lockfile $pidfile
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p $pidfile $syslog_ng
RETVAL=$?
;;
restart)
stop
start
;;
*)
echo $"Usage: $prog {start|stop|restart|status}"
RETVAL=2
esac
exit $RETVAL
#####
接著設定服務的執行權限
#chmod a+x /etc/init.d/syslog-ng
#chkconfig --add syslog-ng
#chkconfig syslog-ng on
#service syslog-ng start
接下來要安裝php-syslog-ng,需從web介面進行安裝
#tar -zxvf php-syslog-ng-2.9.8m.tar.gz
#cd html
#cp -Rf * /var/www/html/
#chown -Rf apache.apache /var/www/html
這裡需要注意的是,MySQL預設的root Password只能為空白,不然會出現添加使用者的錯誤或是後續syslog導入的錯誤。
安裝完成後需要將syslog與MySQL進行連結,所以要修改以下設定
#vi /usr/local/syslog-ng/etc/syslog-ng.conf
在最後面加入
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs
(host, facility, priority, level, tag, datetime, program, msg)
VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n") template-escape(yes));
};
log {
source(s_network);
destination(d_mysql);
};
#####
接著在編寫一個sh的檔案來進行啟動作業,可以將其命名為syslog2mysql.sh
檔案內容如下:
#!/bin/bash
# If you add this script to cron, be sure to change $config to the full path name
# ie: /var/www/html/php-syslog-ng/html/config/config.php
config="/var/www/html/config/config.php"
user=`cat $config | grep "'DBADMIN'" | awk -F"'" '{print $4}' `
pw=`cat $config | grep "'DBADMINPW'" | awk -F"'" '{print $4}' `
db=`cat $config | grep "'DBNAME'" | awk -F"'" '{print $4}' `
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u $user --password=$pw $db < /var/log/mysql.pipe >/dev/null
done
#####
最後可以把這個檔案放在
/var/www/html
並且須建立兩個log目錄
#mkdir -p /var/log/httpd/php-syslog-ng
#mkdir -p /var/log/php-syslog-ng
修改要連結MySQL檔案的sh執行權限
#chmod 755 syslog2mysql.sh
#/var/www/html/syslog2mysql.sh >> /var/log/php-syslog-ng/mysql.log 2>&1 &
如果沒有出現錯誤表示正常執行
接著可以用指令與工具測試syslog導入
SyslogGen.exe -t:192.168.1.118 -f:1 -s:7 -h:server -m:"Too many bytes.\x0D\x0A"
SyslogGen.exe -t:192.168.6.35 -f:1 -s:7 -h:server -m:"Too many bytes.\x0D\x0A"
SyslogGen.exe -t:192.168.9.45 -f:1 -s:7 -h:server -m:"Too many bytes.\x0D\x0A"
SyslogGen.exe -t:192.168.19.45 -f:1 -s:7 -h:server -m:"Too many bytes.\x0D\x0A"
沒有留言:
張貼留言