©2023 yushei.net
- Installation @hc4nas02.yushei.net
# sudo apt install syslog-ng
- check
alexlai@hc4nas02:~$ syslog-ng --version
syslog-ng 3 (3.25.1)
Config version: 3.25
Installer-Version: 3.25.1
Revision: 3.25.1-3
Compile-Date: Mar 3 2020 19:39:43
Module-Directory: /usr/lib/syslog-ng/3.25
Module-Path: /usr/lib/syslog-ng/3.25
Include-Path: /usr/share/syslog-ng/include
Available-Modules: snmptrapd-parser,affile,afprog,afsocket,afuser,appmodel,basicfuncs,cef,confgen,cryptofuncs,csvparser,dbparser,disk-buffer,hook-commands,http,json-plugin,kvformat,linux-kmsg-format,pseudofile,sdjournal,syslogformat,system-source,timestamp,examples,geoip2-plugin,pacctformat,tags-parser,xml,afsql,afmongodb,add-contextual-data,afamqp,tfgetent,graphite,map-value-pairs,mod-python,redis,riemann,afsmtp,stardate,afstomp
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on
- backup
$ sudo cp -v /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.backup
- ç°¡å˜ãªsyslog-ng.conf:
options {
stats_freq (0);
source src {
system();
internal();
};
destination d_authlog { file("/var/log/auth.log"); };
filter f_auth { facility(auth); };
log { source(src); filter(f_iptables); destination(d_iptables); };
-
source â—‹â—‹{...}ã§ãƒã‚°(log)ã®å—ã‘å–り方法を〠(This defines what will be accepted into loggong)
-
filter â—‹â—‹{...}ã§å¯¾è±¡ã¨ã™ã‚‹ãƒã‚°ã®åˆ†åˆ¥æ¡ä»¶ã‚’ã€
-
destination â—‹â—‹{...}ã§å‡ºåŠ›(output)方法を定義ã—ã¾ã™ã€‚定義ã ã‘ã§ã¯ãƒã‚®ãƒ³ã‚°ã¯è¡Œã‚ã‚Œã¾ã›ã‚“。定義ã•ã‚ŒãŸå„æ¡ä»¶ã‚’
-
log { source(â—‹â—‹); filter(â—‹â—‹); destination(â—‹â—‹); };ã®ã‚ˆã†ã«çµ„ã¿ç«‹ã¦ã‚‹ã“ã¨ã§ã€ãƒã‚®ãƒ³ã‚°ãŒæ©Ÿèƒ½ã—ã¾ã™ã€‚
ãªãŠã€å®šç¾©ã•ã‚ŒãŸsourceï¼filterï¼destinationã¯ä½•åº¦ã§ã‚‚使用ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚åŒä¸€ã®sourceã«å¯¾ã—ç•°ãªã‚‹filterを組ã¿åˆã‚ã›ã€å¤šé¢çš„ã«ã‚·ã‚¹ãƒã‚°ã‚’åŽé›†ã™ã‚‹ã¨ã„ã£ãŸåˆ©ç”¨æ³•ã‚‚å¯èƒ½ã§ã™ã€‚
syslog-ngã®å‹•ä½œã«ã‹ã‹ã‚ã‚‹è¨å®šã¯options {...}ã§è¡Œã„ã¾ã™ã€‚
