特別注意:
- syslog-ng 預設是將訊息全部寫入 /var/log/messages 這個檔案,以下的設定會嘗試建立一個 /var/log/messages/ 的目錄,因此 /var/log/messages 這個檔案要先刪除,否則 syslog-ng 就不會啟動!
- 以下的設定會在 /var/log 下建立多個目錄,並以 $YEAR$MONTH$DAY.log 為檔案建立每一日的記錄檔,因此要記得整理、刪除不要的檔案!
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.4 2004/07/18 02:25:02 dragonheart Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrettoptions {
long_hostnames(off);
sync(0); # The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
create_dirs(yes);
};source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };destination messages { file( "/var/log/messages/$YEAR$MONTH$DAY.log" ); };# By default messages are logged to tty12…
destination console_all { file( "/dev/tty12" ); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };#log { source(src); destination(messages); };
#log { source(src); destination(console_all); };#postfix log
filter f_postfix { program("postfix"); };
destination d_mail { file( "/var/log/mail/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_postfix); destination(d_mail); };#driver log
filter f_driver { program("drivers/usb/input/"); };
destination d_driver { file( "/var/log/drivers/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_driver); destination(d_driver); };#POP3 log
filter f_pop { program("pop3"); };
destination d_pop { file( "/var/log/pop/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_pop); destination(d_pop); };#cron log
filter f_cron { program("CRON"); };
destination d_cron { file( "/var/log/cron/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_cron); destination(d_cron); };filter f_cron_daemon { program( "cron" ); };
destination d_cron_daemon { file( "/var/log/cron/daemon-$YEAR$MONTH$DAY.log" ); };
log { source( src ); filter( f_cron_daemon ); destination( d_cron_daemon ); };
#sshd log
filter f_sshd { program("sshd"); };
destination d_sshd { file( "/var/log/sshd/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_sshd); destination(d_sshd); };#spam log
filter f_spam { program("spam"); };
destination d_spam { file( "/var/log/spam/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_spam); destination(d_spam); };#amavisd log
filter f_amavisd { program("amavis"); };
destination d_amavisd { file( "/var/log/amavisd/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_amavisd); destination(d_amavisd); };#dhcpd log
filter f_dhcpd { program("dhcpd"); };
destination d_dhcpd { file( "/var/log/dhcpd/$YEAR$MONTH$DAY.log" ); };
log { source(src); filter(f_dhcpd); destination(d_dhcpd); };#webmin log
filter f_webmin { program( "webmin" ); };
destination d_webmin { file( "/var/log/webmin/$YEAR$MONTH$DAY.log" ); };
log { source( src); filter( f_webmin ); destination( d_webmin ); };#all other log
filter f_other { not match( 'ctrl urb status' ); };
log { source(src); filter( f_other ); destination(messages); flags(fallback); };配合前述的設定檔,每月進行一次 log 檔的整理、壓縮動作。
#!/bin/bashLOG_DIR="amavisd cron dhcpd mail messages spam sshd webmin"
LOG_HOME="/var/log"
ARCHIVE_MONTH=$(date -d"1 month ago" +%Y%m)
LOG_FILE="/tmp/logArchive.log"for DIR in $LOG_DIR;
do
cd $LOG_HOME/$DIR
echo "Creating $DIR-$ARCHIVE_MONTH.tar.bz2" >> $LOG_FILE
echo "---------------------------------------------------------------" >> $LOG_FILE
tar -cjvvf $DIR-$ARCHIVE_MONTH.tar.bz2 $ARCHIVE_MONTH*.log >> $LOG_FILE
echo "---------------------------------------------------------------" >> $LOG_FILE
echo "Removing $DIR $ARCHIVE_MONTH log files" >> $LOG_FILE
rm $ARCHIVE_MONTH*.log
echo "===============================================================" >> $LOG_FILE
echo >> $LOG_FILE
done;/bin/mailx -s "$ARCHIVE_MONTH archived log files" <系統管理員信箱> < $LOG_FILE
沒有留言:
張貼留言