syslog配置说明

[root@:Active] alertd # more /etc/syslog-ng/syslog-ng.conf
#全局配置

options {
   dir_perm(0755);
   perm(0644);
   chain_hostnames(no);
   keep_hostname(yes);
   stats(0);
   log_fifo_size(2048);
};

#定义所有日志信息来源

source local {
   unix-stream("/dev/log");
   pipe("/proc/kmsg");
   udp(ip(127.0.0.1) port(514));
   udp(ip(127.2.0.2) port(514));
   internal();
};

# local0.none,local2.none;local4.none;local5.none;local6.none \
#                                               /var/log/messages
filter f_notLocal0 {
   not facility(local0);
};

filter f_notLocal1 {
   not facility(local1);
};

filter f_notLocal2 {
   not facility(local2);
};

filter f_notLocal3 {
   not facility(local3);
};

filter f_notLocal4 {
   not facility(local4);
};

filter f_notLocal5 {
   not facility(local5);
};

filter f_notLocal6 {
   not facility(local6);
};

filter f_notLocal7 {
   not facility(local7);
};

filter f_messages {
   level(notice..warn)
   and not facility(auth, authpriv, cron, daemon, mail, news);
};

destination d_messages {
   file("/var/log/messages" create_dirs(yes));
};

log {#所有非BIGIP功能上的日志信息，主要是系统级信息。
   source(local);
   filter(f_notLocal0);
   filter(f_notLocal1);
   filter(f_notLocal2);
   filter(f_notLocal3);
   filter(f_notLocal4);
   filter(f_notLocal5);
   filter(f_notLocal6);
   filter(f_notLocal7);
   filter(f_messages);
   destination(d_messages);
};

# authpriv.*                                    /var/log/secure
filter f_authpriv {
   facility(auth, authpriv) and level(notice..emerg);
};

destination d_secure {
   file("/var/log/secure" create_dirs(yes));
};

log {
   source(local);
   filter(f_authpriv);
   destination(d_secure);
};

# mail.*                                        /var/log/maillog
filter f_mail {
   facility(mail) and level(notice..emerg);
};

destination d_maillog {
   file("/var/log/maillog" create_dirs(yes));
};

log {
   source(local);
   filter(f_mail);
   destination(d_maillog);
};

# cron.warning                                  /var/log/cron
filter f_cron {
   facility(cron) and level(warning..emerg);
};

destination d_cron {
   file("/var/log/cron" create_dirs(yes));
};

log {
   source(local);
   filter(f_cron);
   destination(d_cron);
};

# *daemon.*
filter f_daemon {
   facility(daemon) and level(notice..emerg);
};

destination d_daemon {
   file("/var/log/daemon.log");
};

log {
   source(local);
   filter(f_daemon);
   destination(d_daemon);
};

# kern.*
filter f_kern {
   facility(kern) and level(notice..emerg);
};

destination d_kern {
   file("/var/log/kern.log");
};

log {
   source(local);
   filter(f_kern);
   destination(d_kern);
};

# user.info..                                   /var/log/user.log
filter f_user {
   facility(user)
   and level(notice..emerg);
};

destination d_user {
   file("/var/log/user.log");
};

log {
   source(local);
   filter(f_user);
   destination(d_user);
};

# *.debug                                       /var/log/debug
#filter f_debug {
#   level(debug)
#   and not facility(auth, authpriv, news, mail);
#};

#destination d_debug {
#   file("/var/log/debug");
#};

#log {
#   source(local);
#   filter(f_debug);
#   destination(d_debug);
#};

# *.emerg                                       *
filter f_emerg {
   level(emerg);
};

destination d_console {
   usertty("*");
};

log {
   source(local);
   filter(f_emerg);
   destination(d_console);
};

# local7.*                                      /var/log/boot.log
filter f_local7 {
   facility(local7) and level(notice..emerg);
};

destination d_boot {
   file("/var/log/boot.log" create_dirs(yes));
};

log {
   source(local);
   filter(f_local7);
   destination(d_boot);
};

# local0.*                                      /var/log/ltm
filter f_local0 {
   facility(local0) and level(info..emerg);
};

destination d_ltm {
   file("/var/log/ltm" create_dirs(yes));
};

log {
   source(local);
   filter(f_local0);
   destination(d_ltm);
};

# local1.*                                      /var/log/em
filter f_local1 {
   facility(local1) and level(debug..emerg);
};

destination d_em {
   file("/var/log/em" create_dirs(yes));
};

log {
   source(local);
   filter(f_local1);
   destination(d_em);
};

#

local2.*   
;                                   /var/log/gtm
# capture output from gtmd and put it in /var/log/gtm
source s_gtm {
   pipe("/var/run/gtmd.pipe");
};
filter f_local2 {
   facility(local2) and level(debug..emerg);
};

destination d_gtm {
   file("/var/log/gtm" create_dirs(yes));
};

log {
   source(local);
   filter(f_local2);
   destination(d_gtm);
};

log {
    source(s_gtm);
    destination(d_gtm);
};

# local3.*                                      /var/log/asm
filter f_local3 {
   facility(local3) and level(info..emerg);
};

destination d_asm {
   file("/var/log/asm" create_dirs(yes));
};

log {
   source(local);
   filter(f_local3);
   destination(d_asm);
};

# local4.*                                      /var/log/ltm
filter f_local4 {
   facility(local4) and level(notice..emerg);
};

log {
   source(local);
   filter(f_local4);
   destination(d_ltm);
};

# local5.*                                      /var/log/pktfilter
filter f_local5 {
   facility(local5) and level(notice..emerg);
};

destination d_pktfilter {
   file("/var/log/pktfilter" create_dirs(yes));
};

log {
   source(local);
   filter(f_local5);
   destination(d_pktfilter);
};

# local6.*                                      /var/log/httpd/httpd_errors
filter f_local6_httpd_err {
   facility(local6) and level(notice..emerg) and (match("\\[warn\\]") or match("\\[error\\]"));
};
                                                                               
destination d_httpd_err {
   file("/var/log/httpd/httpd_errors" create_dirs(yes));
};
                                                                               
log {
   source(local);
   filter(f_local6_httpd_err);
   destination(d_httpd_err);
};
                                                                               
filter f_local6_httpd_acc {
   facility(local6) and match("\\[acc\\]");
};
                                                                               
destination d_httpd_acc {
   file("/var/log/httpd/access_log" create_dirs(yes));
};
                                                                               
log {
   source(local);
   filter(f_local6_httpd_acc);
   destination(d_httpd_acc);
};
                                                                               
filter f_local6_httpd_ssl_acc {
   facility(local6) and match("\\[ssl_acc\\]");
};
                                                                               
destination d_httpd_ssl_acc {
   file("/var/log/httpd/ssl_access_log" create_dirs(yes));
};

log {
   source(local);
   filter(f_local6_httpd_ssl_acc);
   destination(d_httpd_ssl_acc);
};
                                                                               
filter f_local6_httpd_ssl_req {
   facility(local6) and match("\\[ssl_req\\]");
};
                          &nbs

p;                                                    
destination d_httpd_ssl_req {
   file("/var/log/httpd/ssl_request_log" create_dirs(yes));
};
                                                                               
log {
   source(local);
   filter(f_local6_httpd_ssl_req);
   destination(d_httpd_ssl_req);
};

# 定义将所有日志信息发送给alert进程，以便alert执行snmp trap,lcd屏幕显示，或者邮件发送日志                                          |/var/run/alert.pipe
filter f_catchall {
   level(debug..emerg);
};

destination d_alertd {
   pipe("/var/run/alert.pipe");
};

log {
   source(local);
   filter(f_catchall);
   destination(d_alertd);
};

# capture output from tmm and put it in /var/log/tmm
source s_tmm {
   pipe("/var/run/tmm.pipe");
};
destination d_tmm {
   file("/var/log/tmm" create_dirs(yes));
};
log {
    source(s_tmm);
    destination(d_tmm);
};

# capture output from bcm56xxd and put it in /var/log/bcm56xxxd
source s_bcm56xxd {
   pipe("/var/run/bcm56xxd.pipe");
};
destination d_bcm56xxd {
   file("/var/log/bcm56xxd" create_dirs(yes));
};
log {
   source(s_bcm56xxd);
   destination(d_bcm56xxd);
};
[root@cdgdc:Active] alertd #