Syslog-ng : mini how-to de serveur de log centralisé

Written by admin on November 27, 2013 Categories: Linux, RedHat, Service Tags: , , ,

Mise en place de syslog-ng sur RHEL6

Trouver un mirror EPEL pour RHEL6, par exemple : http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/

Télécharger les RPMs (eventlog, libnet, syslog-ng, syslog-ng-libdbi) en version i686 et x86_64.

# yum install /path/ eventlog*.rpm /path/libnet*.rpm /path/syslog-ng*.rpm /path/syslog-ng-libdbi*.rpm
# yum remove rsyslog

 

Edition de la conf

Dans options {}, changer

create_dirs (yes);

 

Puis ajout de

source s_net { udp(); };
destination d_esxi { file("/var/log/vmware/$YEAR.$MONTH.$DAY/$HOST.log"); };
filter f_esxi { netmask("192.168.0.0/255.255.255.0") and level(warn..emerg); };
log { source(s_net); filter(f_esxi); destination(d_esxi); };

 

# cat > /etc/cron.daily/syslog-ng_esxi <<EOF
#!/bin/sh
find /var/log/vmware/ -ctime +30 -exec rm -rf {} \;
EOF
# chmod +x /etc/cron.daily/syslog-ng_esxi

# service syslog-ng start
# chkconfig syslog-ng on

 

No Comments on Syslog-ng : mini how-to de serveur de log centralisé

Leave a Reply

Your email address will not be published. Required fields are marked *