Centralized Log ภาคที่ 3 : Syslog-NG

-
1.ติดตั้ง Syslog-NG ที่ Log Server และ Server อื่น ๆ ที่เป็น linux
apt-get install syslog-ng

2.Config Log Server (/etc/syslog-ng/syslog-ng.conf)

options {
recv_time_zone (+07:00);
send_time_zone (+07:00);
sync (0);
time_reopen (100);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
chain_hostnames(yes);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(514) keep-alive(yes));
};

destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};

filter f_filter1 { facility (kern); };
filter f_filter2 { level(info..emerg) and not facility(mail,authpriv,cron); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };

log { source(s_sys); filter(f_filter1); destination(d_mysql); };
log { source(s_sys); filter(f_filter2); destination(d_mysql); };
log { source(s_sys); filter(f_filter3); destination(d_mysql); };
log { source(s_sys); filter(f_filter4); destination(d_mysql); };
log { source(s_sys); filter(f_filter5); destination(d_mysql); };
log { source(s_sys); filter(f_filter6); destination(d_mysql); };
log { source(s_sys); filter(f_filter7); destination(d_mysql); };
log { source(s_sys); filter(f_filter8); destination(d_mysql); };
#####################################################################

# Source from remote client
source s_client {
tcp(ip(0.0.0.0) port(514) keep-alive(yes) max-connections(300));
udp(ip(0.0.0.0) port(514));
};
log {source(s_client); destination(d_mysql); };


3.สร้างคำสั่งสำหรับเขียนลง mysql

vi syslog2mysql.sh
#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root --password=xxx syslogng < /var/log/mysql.pipe >/dev/null
done

chmod +x syslog2mysql.sh
./syslog2mysql.sh &
/etc/init.d/syslog-ng start


4.Config Server อื่น ๆ ให้ส่ง log ไปให้ Log Server(/etc/syslog-ng/syslog-ng.conf)

options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(5149) keep-alive(yes));
};

destination logserver { tcp("192.168.0.251" port(514)); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };

filter f_filter1 { facility(kern); };
filter f_filter2 { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
# Remove the 'squid' log entries from 'user' log facility
filter f_remove { not program("squid"); };

log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_kern); };
log { source(s_sys); filter(f_filter2); filter(f_remove); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

filter f_squid { program("squid") and facility(user); };

destination d_squid {
file("/var/log/$HOST/$YEAR/$MONTH/squid.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); destination(logserver); };


5.ส่ง Log จาก Windows Server
5.1 Download Lasso (Windows Event Collector) จาก http://open.loglogic.com/
5.2 ตั้งค่า hostlist.ini
localhost,*6
5.3 ตั้งค่า lasso.ini

SkipInitDLLScan,0
LogAppliance,192.168.0.251
RepositoryPath,C:\Program Files\Lasso\LassoRepository\
SpoolPath,C:\Program Files\Lasso\LassoRepository\Spool\
EventPollInterval,10
SpoolFileSize,1.0
WatermarkWriteInterval,100
MaxTraceFileSize,20
MaxNumWorkerThreads,4
DllLoadInterval,3600
HighWaterMarks,ON
#DefaultLassoShare,LassoShare=C:\LassoTemp
CheckHostListInterval,3600
NewHostSkipHistorical,0
EnableShareDlls,1
CheckRemHostAvail,0
EnableAdminSharesIfDisabled,0
DebugLevel,0
LogLevel,1
DebugHostFileSize,20
AccessReport,0

5.4 start service Lasso Windows Event Collector

Comments

Post a Comment

Popular posts from this blog

Set IP from command line

-
netsh interface ip Usage : set address [name=] [[source=]dhcp | [source=] static [addr=]IP address [mask=]IP subnet mask] [[gateway=] |none [gwmetric=]integer] Parameters : * name - The name of the interface. * source - One of the following values: o dhcp: Sets DHCP as the source for configuring IP addresses for the specific interface. o static: Sets the source for configuring IP addresses to local static configuration. * gateway - One of the following values: o : A specific default gateway for the static IP address you are setting. o none: No default gateways are set. * gwmetric - The metric for the default gateway. This field should not be set if gateway is set to 'none'. The following options are used only if source is 'static': * addr - An IP address for the specified interface. * mask - The subnet mask for the specified IP address. Remarks : Used to change the IP address configuration mode from either ...
Read more

Linux Mint and HDMI Sound

-
กรณีที่ติดตั้ง Linux Mint แล้วไม่มีเสียงออกทาง HDMI (หลังจากที่ติดตั้ง Driver และเลือก Output Device ถูกต้องแล้ว) ให้ลองติดตั้ง Package ที่ชื่อ oem-audio-hda-daily-dkms ดูครับ (ทดลองกับ Linux Mint 15 แล้ว ใช้ได้)
Read more

Axapta : Enable/Disable Dialog Control at runtime

-
Image
วิธี Enable/Disable หรือ Dialog Control ในขณะ runtime ทำได้โดย ดังนี้ 1.classDeclaration class SCI_Costing extends RunBase { FormStringControl SalesIdCtrl, ItemIdCtrl; FormCheckBoxControl bAllCtrl; SalesId salesId; ItemId itemId; NoYes bAll; #define.CurrentVersion(1) #localmacro.CurrentList salesId, itemId, bAll #endmacro } 2.สร้าง dialog แบบอนุญาตให้ update control ได้ โดยใช้ dialog.allowUpdateOnSelectCtrl(true) protected Object dialog(Dialog dialog, boolean forceOnClient) { DialogRunBase ret; ; ret = super(dialog, forceOnClient); ret.caption('Costing report by order'); ret.allowUpdateOnSelectCtrl(true); //อนุญาตให้ update control ได้ SalesIdCtrl = ret.formBuildDesign().addControl(FormControlType::String,'SalesId'); SalesIdCtrl.extendedDataType(extendedTypeNum('SalesId')); bAllCtrl = ret.formBuildDesign().addControl(FormControlType::CheckBox,'bAll');...
Read more