Solaris10下syslog-ng安装配置
从sunfreesoftware.com下载以下安装软件:gcc,eventlog, libiconv, libintl, zlib, pcre, openssl, glib, syslog-ng.
syslog-ng安装
按顺序依次安装以下软件.
gcc :
root@node1 # gunzip gcc-3.4.6-sol10-sparc-local.gz
root@node1 # pkgadd -d ./gcc-3.4.6-sol10-sparc-local
eventlog :
root@node1 # gunzip eventlog-0.2.12-sol10-sparc-local.gz
root@node1 # pkgadd -d ./eventlog-0.2.12-sol10-sparc-local
libiconv :
root@node1 # gunzip libiconv-1.14-sol10-sparc-local.gz
root@node1 # pkgadd -d ./libiconv-1.14-sol10-sparc-local
libintl :
root@node1 # gunzip libintl-3.4.0-sol10-sparc-local.gz
root@node1 # pkgadd -d ./libintl-3.4.0-sol10-sparc-local
zlib :
root@node1 # gunzip zlib-1.2.5-sol10-sparc-local.gz
root@node1 # pkgadd -d ./zlib-1.2.5-sol10-sparc-local
pcre :
root@node1 # gunzip pcre-8.21-sol10-sparc-local.gz
root@node1 # pkgadd -d ./pcre-8.21-sol10-sparc-local
openssl :
root@node1 # gunzip openssl-1.0.0g-sol10-sparc-local.gz
root@node1 # pkgadd -d ./openssl-1.0.0g-sol10-sparc-local
glib :
root@node1 # gunzip glib-2.25.13-sol10-sparc-local.gz
root@node1 # pkgadd -d glib-2.25.13-sol10-sparc-local
syslog-ng :
root@node1 # gunzip syslogng-3.2.4-sol10-sparc-local.gz
root@node1 # pkgadd -d ./syslogng-3.2.4-sol10-sparc-local
syslog-ng配置
1. 停用system-log
# svcadm -v disable svc:/system/system-log:default
2. 拷贝以下文件
#cp /usr/local/doc/syslogng/contrib/solaris-packaging/syslog-ng.example.xml /var/svc/manifest/system/syslog-ng.xml
#cp /usr/local/doc/syslogng/contrib/solaris-packaging/syslog-ng.method /lib/svc/method/syslog-ng
3. 验证并导入syslog-ng.xml文件
# svccfg
svc:> validate /var/svc/manifest/system/syslog-ng.xml
svc:> import /var/svc/manifest/system/syslog-ng.xml
svc:> quit
4. 创建目录
# mkdir -p /usr/local/var/run
5. 修改启动脚本/lib/svc/method/syslog-ng
SYSLOGNG_PREFIX=/opt/syslog-ng
改为:SYSLOGNG_PREFIX=/usr/local
OPTIONS=
改为:OPTIONS="-f $CONFFILE -p $PIDFILE"
6. 修改配置文件/usr/local/etc/syslog-ng.conf
根据需要修改配置文件,以下是文件示例。
@version: 3.2
@include "scl.conf"
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_local {
system();
internal();
};
source s_network {
udp();
};
#destination d_local {
# file("/var/log/messages");
#};
#log {
# source(s_local);
#
# # uncomment this line to open port 514 to receive messages
# #source(s_network);
# destination(d_local);
#};
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mesg_all { file("/var/log/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
log { source(s_local); destination(d_mesg_all); };
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
destination(d_mlrt); };