當前位置:網站首頁>syslog-ng配置方式

syslog-ng配置方式

2022-01-28 08:02:44 曉鎂

nginx目前的日志存儲方式是通過syslog發送到日志服務器,日志服務器上使用的程序是syslog-ng。

配置文件路徑:/etc/syslog-ng/syslog-ng.conf

// options是日志的一些基本選項

options {

        flush_lines (0);

        time_reopen (10);

        log_fifo_size (1024);

        long_hostnames (off);

        owner (root);

        group (root);

        perm (0600);

        dir_perm (0700);

        use_dns (no);

        dns_cache (no);

        use_fqdn (no);

        create_dirs (yes);

        keep_hostname (no);

        chain_hostnames (off);

};

// source是控制來源的ip和port

source net {

        udp(ip(0.0.0.0) port(514));

};

// destination 是目的文件

destination http_acc {

        file("/var/log/nginx/olwaf-$HOST-acc.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));

};

destination http_err {

        file("/var/log/nginx/olwaf-$HOST-err.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));

};

// filter是過濾規則

filter f_http_acc {

        facility(local3) and level(info);

};

filter f_http_err {

        facility(local3) and level(warn..emerg);

};

// log將這三個組合,構成記錄方式

log {

        source(net); filter(f_http_acc); destination(http_acc);

};

log {

        source(net); filter(f_http_err); destination(http_err);

};

nginx.conf中使用的syslog作為access log的變量

access_log syslog:facility=local3,severity=info,server=127.0.0.1:514,tag=tag_127_0_0_3_82 proxyformat;

facility:Sets facility of syslog messages, as defined in RFC 3164. Facility can be one of “kern”, “user”, “mail”, “daemon”, “auth”, “intern”, “lpr”, “news”, “uucp”, “clock”, “authpriv”, “ftp”, “ntp”, “audit”, “alert”, “cron”, “local0”..“local7”. Default is “local7

server:指定的機器

tag:打在日志的標簽

日志格式:

Jan 15 14:54:35 netproxy090050.olwaf.com tag_127_0_0_3_82: 2019-01-15T14:54:35+08:00 127.0.0.3:45483 127.0.0.3:82 - 0.000 - 200 - 156 8 "GET http://127.0.0.3:82/ HTTP/1.1" "-" "curl/1.0

(curl 7.19.7) (x86_64-unknown-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3"

Jan 15 14:54:35 netproxy090050.olwaf.com tag_127_0_0_3_82: 2019-01-15T14:54:35+08:00 127.0.0.3:45484 127.0.0.3:82 - 0.000 - 200 - 156 8 "GET http://127.0.0.3:82/ HTTP/1.1" "-" "curl/1.0

(curl 7.19.7) (x86_64-unknown-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3"

syslog-ng中可以使用的變量:

$HOST:netproxy090050.olwaf.com

$SOURCE:s_sys

$HOST_FROM:127.0.0.1

$LEGACY_MSGHDR:tag_127_0_0_3_82\:\ 

要想使用這個作為文件名的話,需要處理一下最後的":"和空格。

版權聲明
本文為[曉鎂]所創,轉載請帶上原文鏈接,感謝
https://cht.chowdera.com/2022/01/202201280802440471.html

隨機推薦