Unix
從 syslog.conf 移動到 syslogng.conf
我正在將 Solaris 機器從 syslogd 移動到 syslog-ng,因為 syslogd 的 Solaris 版本會刪除日誌中的原始源主機名。我正在查看 syslogng.conf 文件,但不確定我是否完全理解。我們有一個相對簡單的 syslog.conf,我希望那裡的 syslog-ng 專家可以告訴我如何將它“轉換”為可行的 syslogng.conf?
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages #*.alert;kern.err;daemon.err operator #*.alert root *.emerg * local7.debug /var/log/ncolog audit.debug /var/log/ncolog local7.debug @nimitz audit.debug @nimitz # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages #user.alert `root, operator' user.emerg * )
一旦您了解了它的配置文件的結構,syslog-ng 就非常簡單(但更冗長)。在像您這樣簡單的安裝中,您現在需要知道的是您必須配置源、過濾器和目標。我不確定您正在執行什麼版本的 syslog-ng,但這裡是 3.0.x 的版本(也適用於更新的版本):
@version 3.0 # syslog source source s_sys { sun-streams ("/dev/log" door("/var/run/syslog_door")); }; # use this instead if you receive logs from network: # source s_sys { udp (); # sun-streams ("/dev/log" door("/var/run/syslog_door")); }; # destinations destination d_sysmsg { file ("/dev/sysmsg"); }; destination d_messages { file ("/var/adm/messages"); }; destination d_ncolog { file ("/var/log/ncolog"); }; destination d_nimitz { udp ("nimitz"); }; destination d_auth { file ("/var/log/authlog"); }; destination d_syslog { file ("/var/log/syslog"); }; destination d_users { usertty ("*"); }; # filters filter f_emerg { priority (emerg); }; filter f_sysmsg { priority (err..emerg) or (facility (kern) or facility (auth)) and priority (notice..emerg); }; filter f_messages { priority (err..emerg) or facility (kern) or facility (daemon) and priority (notice..emerg) or facility (mail) and priority (crit..emerg); }; filter f_local7 { facility (local7); }; filter f_audit { facility (13); }; filter f_mail { facility (mail); }; # log paths log { source (s_sys); filter (f_emerg); destination (d_users); }; log { source (s_sys); filter (f_sysmsg); destination (d_sysmsg); }; log { source (s_sys); filter (f_messages); destination (d_messages); }; log { source (s_sys); filter (f_local7); destination (d_ncolog); destination (d_nimitz); }; log { source (s_sys); filter (f_audit); destination (d_ncolog); destination (d_nimitz); }; log { source (s_sys); filter (f_mail); destination (d_syslog); };
我想我涵蓋了除“ifdef”部分之外的所有內容。如果您的主機沒有在本地保存日誌,即它不是 LOGHOST,您必須添加另一個目的地
destination d_loghost { udp ("loghost"); };
並將郵件的日誌路徑更改為
log { source (s_sys); filter (f_mail); destination (d_loghost); };