Đưa packet eventlog voi syslog-ng vao server
- yum install glib* gcc gcc-c++ -y
Giải nén và cài đặt eventlog
- configure
- make
- make install
- tao bien moi truong export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
- vi .bash_profile
- them PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
- them unset uSERNAME
- giai nen va cai dat syslog-ng
- ./configure --sysconfdir=/etc/syslog-ng
- make
- make install
- cd contrib/
- mkdir /etc/syslog-ng
cp fedora-packaging/syslog-ng.init /etc/init.d/syslog-ng
cp fedora-packaging/syslog-ng.conf /etc/syslog-ng/
cp fedora-packaging/syslog-ng.sysconfig /etc/syslog-ng/
cp fedora-packaging/syslog-ng.logrotate /etc/logrotate.d/syslog-ng
chmod 755 /etc/init.d/syslog-ng
vi /etc/init.d/syslog-ng
Tùy chình tệp khởi động.
them dong 21 exec="/usr/local/sbin/syslog-ng"
them dau # vao dong 22
- whereis syslog-ng
- vi /etc/init.d/syslog-ng
- service rsyslog stop
chkconfig rsyslog off
service syslog-ng start
rpm -ivh libevtlog0-0.2.12-20.1.x86_64.rpm
Cấu hình nhận thiết bị.
vi /etc/syslog-ng/syslog-ng.conf
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
#input log client
source s_device {
udp(ip(0.0.0.0) port(514));
tcp(ip(0.0.0.0) port(514));
};
destination d_device {
file(
"/var/log/syslog/$HOST"
perm(644)
create_dirs(yes)
);
};
log { source(s_device); destination(d_device); };
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
};
# mo rules tren iptables neu mo?
- A INPUT -p tcp -m tcp --dport 514 -j ACCEPT
- A INPUT -p udp -m udp --dport 514 -j ACCEPT
service restart iptables