Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to configure syslog-ng in centos, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

As the next generation of system logging tool, Syslog_ng is compatible with syslog, and its configuration is more clear and flexible. It adopts tcp protocol, supports regular message filtering and multiple archiving methods.

1. Environment

Linux host: CentOS 5.3, ip is 192.168.92.1

Syslog server:, ip is 192.168.92.3

2. Software installation

Open source version download page: https://www.balabit.com/network-security/syslog-ng/opensource-logging-system/, you can choose the appropriate version according to your system.

The installation method is very simple, such as syslog-ng-client-3.0.4-1.rhel5.i386.rpm, which is installed using rpm-ivh syslog-ng-client-3.0.4-1.rhel5.i386.rpm. Syslog_NG removes the Syslog service, and then starts the syslog-ng service.

3. Syslog-ng configuration

The default installation directory for the software is / opt/syslog-ng, and the configuration file is in the / opt/syslog-ng/etc directory.

Syslog is using the UDP protocol to use the destination port is 514 Sysloglogng to send messages over TCP, there is no standard port, of course, you can also set to use port 514 or something else.

The format used by Syslog.conf is.. and the format used by Syslog_ng.conf is {Source;filter;destination;}. Each of these fields must be defined in the syslog_ng.conf file.

Define the remote destination address to be used

The format of the default named destination is dcards, which is not required. Add the following command line after the last destination defined in the syslog_ng.conf file:

Destination d_lab {tcp ("192.168.92.3" port);}

Firewall configuration

Linux host:

Iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

Iptables-An OUTPUT-p tcp-d 192.168.92.3-- dport 514-j ACCEPT

Syslog server:

Iptables-An INPUT-p tcp-s 192.168.92.0 dport 24-- dport 514-j ACCEPT

Modify syslog_ng.conf and configure filtering

In the filter section, you can define a filter for any drug applied to the log, and the following filter will trigger all log messages with severity levels from emerg (0) to info (6), including almost all messages except debugging. It is common practice for names to start with f _. Define a filter named f_no_debug.

Filter f_no-debug {level (info..emerg);}

Modify syslog_ng.conf to add log command line

Log {source (s_local); filter (f_no-debug); destination (d_lab);}

This command sets the information source to s_local, using the filter f_no-debug and destination d_lab I just defined.

Restart the syslog-ng service

After installing using the rpm package under centos, use the command service syslog-ng start to start.

test

Under Linux, you can use logger to generate test information in the format logger-p facility.severity message, for example:

Logger-p cron.emerg test message here

Thank you for reading this article carefully. I hope the article "how to configure syslog-ng in centos" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.