intro syslog syslogng
TRANSCRIPT
![Page 1: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/1.jpg)
应用 syslog和 syslog-ng
http://www.juruntang.net200903
![Page 2: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/2.jpg)
目 录
syslog基本概念 下一代日志: syslog-ng 应用 syslog开发 windows下使用 syslog 参考资料
![Page 3: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/3.jpg)
syslog服务
广泛应用与 *nix系统 系统日志,应用日志 syslog服务的三种形式 发送 Device 转发 Relay 接收 Collector
2001年 RFC3164, BSD syslog协议,非强制性
![Page 4: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/4.jpg)
syslog进程层次结构
![Page 5: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/5.jpg)
RFC 3164
UDP 514端口,不需要应答 UDP报文不超过 1024 全部为可打印字符 三部分 PRI HEADER MSG
![Page 6: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/6.jpg)
日常使用关心的结构
正文 (Content) 程序模块 (Facility) 严重性 (Severity或 Level) 时间 主机名或 IP 进程名或进程 ID
![Page 7: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/7.jpg)
Facility
0-23,共 24个设备 几个重要 0: kernel 2: mail 3: system daemons
预留给其他 1: user 16-23: Local0-Local7
![Page 8: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/8.jpg)
Level
8个等级 0-emerg(系统不可用) 1-alert(紧急情况) 2-crit(严重错误) 3-err(一般性错误) 4-warning(警告) 5-notice(值得注意的消息) 6-info(一般消息) 7-debug(调试消息)
![Page 9: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/9.jpg)
syslog配置文件 (1)
/etc/syslog.conf,多条规则 每条规则都要匹配 规则:条件 (F.L) 操作 mail.err /var/log/mail.err
通配符 * = ! mail.*;auth.!info /var/log/mail * 等同于 7(debug) 等级
![Page 10: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/10.jpg)
syslog配置文件 (2)
文件前用 -,表示缓冲写文件 不同的 F用 ,隔开 不同条件可以用 ;隔 none,排除这个设备 *.debug;auth,mail.none -var/log/debug
发送网络 *.err @192.168.1.1
在控制台 *.err /dev/console
![Page 11: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/11.jpg)
调试工具 -logger
系统自带 最常用参数 -p,不同 *nix必有 用法: logger -p f.l “content” # logger -p local0.debug“info msg”
例子: 规则
mail.info /var/log/mail.info mail.err /var/log/mail.err
# logger -p mail.err “err from roger”
![Page 12: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/12.jpg)
syslog-ng
下一代系统日志工具
![Page 13: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/13.jpg)
syslog-ng概述
API: syslog()不变 兼容 syslog 开源 &商业版本 特点 TCP 正则消息过滤 多种归档方式 配置更清晰,更灵活 主机链
被多个 os采用 ,debian,freebsd等
![Page 14: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/14.jpg)
syslog-ng配置文件
/etc/syslog-ng/syslog-ng.conf 核心参数 sync(0);#立刻写磁盘 log_fifo_size(2048); #设置输出队列的缓存,防止消息丢失
规则 消息路径 『消息源 - 过滤器 - 目的站』 通过定义多个消息源,把匹配上若干个过滤器的消息导向到指定的目的地,从而组成一个消息路径。
![Page 15: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/15.jpg)
syslog-ng配置例子 -发送
#目的destination d_loghost { tcp("192.168.1.215" port(8514)); file("/tmp/loglocal"); //本机做的备份};
#过滤器,只发送 local0.info的filter f_local0_info {
facility(local0)and level(info);
};
#消息路径log {
source(s_all);filter(f_local0_info);
destination(d_loghost);};
发送方配置
![Page 16: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/16.jpg)
syslog-ng配置例子 -接收
source s_remote { tcp(ip(192.168.1.215) port(8514));};
filter f_paycard_a { #match("<v001>"); #正则过滤,暂时没有使用 program("paycard");};#存放在发送时间命名的文件中,例如: paycard_one.log.2008-12-05 #这样自动文件就分割了destination d_paycard_a { file("/tmp/paycard_one.log.$S_YEAR-$S_MONTH-$S_DAY");};
log { source(s_remote); filter(f_paycard_a); destination(d_paycard_a);};
接收方配置
![Page 17: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/17.jpg)
syslog开发
c php python 应用类型
![Page 18: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/18.jpg)
syslog开发 -c
void openlog(const char *ident, int logopt, int facility)
指定 ident 指定 facitlity
void syslog(int priority, const char *message, ...)
指定 level 发送消息
void closelog(void)
![Page 19: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/19.jpg)
syslog开发 -PHP
完全和 c开发相同 只能在 *nix上使用 内嵌模块
![Page 20: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/20.jpg)
syslog开发 -python
import syslog
syslog.openlog('paycard', syslog.LOG_LOCAL0)
syslog.syslog(syslog.LOG_INFO, “msg”)
![Page 21: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/21.jpg)
应用类型
程序应用日志 Message Queueu:并行变串行 中央日志服务器监控
对 syslog/syslog-ng进行监控
![Page 22: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/22.jpg)
Windows上使用 syslog
作为发送方 直接实现 RFC3164, UDP方式 将win的 Eventlog转换 syslog格式发送 开源实现 http://sourceforge.net/projects/ntsyslog/ https://engineering.purdue.edu/ECN/
Resources/Documents/UNIX/evtsys/
![Page 23: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/23.jpg)
参考资料
syslog http://www.cnblogs.com/yoleung/articles/
1183375.html http://bbs.tech-lab.cn/viewthread.php?tid=30253
syslog-ng http://coolerfeng.blog.51cto.com/133059/79964 http://coolerfeng.blog.51cto.com/133059/80152 http://www.campin.net/syslog-ng/faq.html★
![Page 24: intro syslog syslogng](https://reader036.vdocuments.mx/reader036/viewer/2022081502/5554c61eb4c90559398b51f6/html5/thumbnails/24.jpg)
EndEndThanks