2005年1月13日

/etc/syslog-ng/syslog-ng.conf

特別注意:

  1. syslog-ng 預設是將訊息全部寫入 /var/log/messages 這個檔案,以下的設定會嘗試建立一個 /var/log/messages/ 的目錄,因此 /var/log/messages 這個檔案要先刪除,否則 syslog-ng 就不會啟動!
  2. 以下的設定會在 /var/log 下建立多個目錄,並以 $YEAR$MONTH$DAY.log 為檔案建立每一日的記錄檔,因此要記得整理、刪除不要的檔案!
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.4 2004/07/18 02:25:02 dragonheart Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett

options { long_hostnames(off); sync(0);

# The default action of syslog-ng 1.6.0 is to log a STATS line # to the file every 10 minutes. That's pretty ugly after a while. # Change it to every 12 hours so you get a nice daily update of # how many messages syslog-ng missed (0). stats(43200); create_dirs(yes); };

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file( "/var/log/messages/$YEAR$MONTH$DAY.log" ); };

# By default messages are logged to tty12… destination console_all { file( "/dev/tty12" ); }; # ...if you intend to use /dev/console for programs like xconsole # you can comment out the destination line above that references /dev/tty12 # and uncomment the line below. #destination console_all { file("/dev/console"); };

#log { source(src); destination(messages); }; #log { source(src); destination(console_all); };

#postfix log filter f_postfix { program("postfix"); }; destination d_mail { file( "/var/log/mail/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_postfix); destination(d_mail); };

#driver log filter f_driver { program("drivers/usb/input/"); }; destination d_driver { file( "/var/log/drivers/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_driver); destination(d_driver); };

#POP3 log filter f_pop { program("pop3"); }; destination d_pop { file( "/var/log/pop/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_pop); destination(d_pop); };

#cron log filter f_cron { program("CRON"); }; destination d_cron { file( "/var/log/cron/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_cron); destination(d_cron); };

filter f_cron_daemon { program( "cron" ); }; destination d_cron_daemon { file( "/var/log/cron/daemon-$YEAR$MONTH$DAY.log" ); }; log { source( src ); filter( f_cron_daemon ); destination( d_cron_daemon ); };

#sshd log filter f_sshd { program("sshd"); }; destination d_sshd { file( "/var/log/sshd/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_sshd); destination(d_sshd); };

#spam log filter f_spam { program("spam"); }; destination d_spam { file( "/var/log/spam/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_spam); destination(d_spam); };

#amavisd log filter f_amavisd { program("amavis"); }; destination d_amavisd { file( "/var/log/amavisd/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_amavisd); destination(d_amavisd); };

#dhcpd log filter f_dhcpd { program("dhcpd"); }; destination d_dhcpd { file( "/var/log/dhcpd/$YEAR$MONTH$DAY.log" ); }; log { source(src); filter(f_dhcpd); destination(d_dhcpd); };

#webmin log filter f_webmin { program( "webmin" ); }; destination d_webmin { file( "/var/log/webmin/$YEAR$MONTH$DAY.log" ); }; log { source( src); filter( f_webmin ); destination( d_webmin ); };

#all other log filter f_other { not match( 'ctrl urb status' ); }; log { source(src); filter( f_other ); destination(messages); flags(fallback); };

配合前述的設定檔,每月進行一次 log 檔的整理、壓縮動作。

#!/bin/bash

LOG_DIR="amavisd cron dhcpd mail messages spam sshd webmin" LOG_HOME="/var/log" ARCHIVE_MONTH=$(date -d"1 month ago" +%Y%m) LOG_FILE="/tmp/logArchive.log"

for DIR in $LOG_DIR; do cd $LOG_HOME/$DIR echo "Creating $DIR-$ARCHIVE_MONTH.tar.bz2" >> $LOG_FILE echo "---------------------------------------------------------------" >> $LOG_FILE tar -cjvvf $DIR-$ARCHIVE_MONTH.tar.bz2 $ARCHIVE_MONTH*.log >> $LOG_FILE echo "---------------------------------------------------------------" >> $LOG_FILE echo "Removing $DIR $ARCHIVE_MONTH log files" >> $LOG_FILE rm $ARCHIVE_MONTH*.log echo "===============================================================" >> $LOG_FILE echo >> $LOG_FILE done;

/bin/mailx -s "$ARCHIVE_MONTH archived log files" <系統管理員信箱> < $LOG_FILE

沒有留言:

張貼留言