SYSLOG-NG adalah daemon yang bisa digunakan untuk menggantikan syslogd di FreeBSD atau di Linux yang berfungsi untuk merekam log2 yang ada, baik itu server berbasis linux, bsd ataupun mikrotik ;)
Dengan SYSLOG-NG yang digabung dengan database MySQL maka kita bisa menyimpan semua log secara terpusat dalam satu database, sehingga mudah untuk di manage.
Untuk Web Interface tampilan log saya memakai php-syslog-ng yg bisa di download di http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz
Syaratnya server anda sudah ada webserver support php
# cd /usr/local/www
# fetch http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz
# tar -xzvf php-syslog-ng-2.9.8.tgz
# chown -R www:www php-syslog-ng
# edit httpd.conf
Alias /log "/usr/local/www/php-syslog-ng/html/"
Options None
AllowOverride None
Order allow,deny
Allow from all
Jika sudah selesai langsung restart webserver dan akses http://ipserver/log
Akan muncul menu instalasi php-syslog, pastikan fitur2 PHP dan file web sudah sesuai (tidak ada warning) klik next, centang konfirmasi, next.
Isikan user root dan password mysql, nama database yang akan digunakan untuk menyimpan log, dan user untuk database dan password (user dan password ini diingat2 yah, karena untuk
konfigurasi syslog servernya),
Misalkan disini
user mysql : syslog
pass mysql : 123abc
nama db : syslogserv
Hilangkan centang dimenu bawah, klik next. next akan muncul :
URL : http://ipserver/log
site : log/ (ingat belakang harus ada backslash)
email : abc@aaaa.com
passwd : syslogadmin
Klik next, akan muncul user : admin passwd: syslogadmin
Selesaaiiii.. hehe untuk web interface sama database doang hehe..
Selanjutnya install via port :
# cd /usr/ports/sysutils/syslog-ng
# make install clean
# cd /usr/local/etc/syslog-ng/
# cp syslog-ng.conf.sample syslog-ng.conf
options { long_hostnames(off);
sync(0);
use_dns(yes);
use_fqdn(no); };
#
# sources
#
source src { unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
internal(); file("/dev/klog"); };
source netsrc { udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(514)); };
#
# destinations
#
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };
destination authlog { file("/var/log/auth.log"); };
destination maillog { file("/var/log/maillog"); };
destination lpd-errs { file("/var/log/lpd-errs"); };
destination xferlog { file("/var/log/xferlog"); };
destination cron { file("/var/log/cron"); };
destination debuglog { file("/var/log/debug.log"); };
destination consolelog { file("/var/log/console.log"); };
destination all { file("/var/log/all.log"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
# CISCO Destinations...
destination netlog { file("/var/log/network/$HOST/$YEAR$MONTH$DAY.log" owner(root) group(wheel) perm(0644) create_dirs(yes)); };
destination netsql
{
program("/usr/local/bin/mysql --user=syslog --password=123abc syslogserv < /var/log/mysql.pipe");
pipe ("/var/log/mysql.pipe"
template ("INSERT INTO syslogserv.logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$ISODATE', '$PROGRAM', '$MESSAGE' );\n")
template_escape(yes));
};
#
# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_not_authpriv { not facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
filter f_is_debug { level(debug); };
#
# program filters
#
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
#
# host filters
#
# CISCO Filters
filter f_netswitch001 {host("10.1.5.1"); };
filter f_netswitch002 {host("10.1.5.2"); };
filter f_netswitch003 {host("10.1.5.3"); };
filter f_netswitch004 {host("10.1.5.4"); };
filter f_netswitch005 {host("172.16.4.1"); };
filter f_netrouter001 {host("10.1.5.9"); };
filter f_netrouter002 {host("172.16.4.2"); };
filter f_netserver001 {host("server1.example.com"); };
filter f_netserver002 {host("server2.example.com"); };
#
# *.err;kern.warning;auth.notice;mail.crit /dev/console
#
log { source(src); filter(f_err); destination(console); };
log { source(src); filter(f_kern); filter(f_warning); destination(console); };
log { source(src); filter(f_auth); filter(f_notice); destination(console); };
log { source(src); filter(f_mail); filter(f_crit); destination(console); };
#
# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
#
log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
log { source(src); filter(f_news); filter(f_err); destination(messages); };
#
# security.* /var/log/security
#
log { source(src); filter(f_security); destination(security); };
#
# auth.info;authpriv.info /var/log/auth.log
log { source(src); filter(f_auth); filter(f_info); destination(authlog); };
log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };
#
# mail.info /var/log/maillog
#
log { source(src); filter(f_mail); filter(f_info); destination(maillog); };
#
# lpr.info /var/log/lpd-errs
#
log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };
#
# ftp.info /var/log/xferlog
#
log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };
#
# cron.* /var/log/cron
#
log { source(src); filter(f_cron); destination(cron); };
#
# *.=debug /var/log/debug.log
#
log { source(src); filter(f_is_debug); destination(debuglog); };
#
# *.emerg *
#
log { source(src); filter(f_emerg); destination(allusers); };
#
# !startslip
# *.* /var/log/slip.log
#
log { source(src); filter(f_slip); destination(slip); };
#
# !ppp
# *.* /var/log/ppp.log
#
log { source(src); filter(f_ppp); destination(ppp); };
#
# CISCO Program Filters
#
log { source(netsrc); destination(netlog); };
log { source(netsrc); destination(netsql); };
taken from : http://www.freebsdwiki.net/index.php/Syslog-NG_Installation#Installation
# mkfifo /var/log/mysql.pipe
# ee /etc/rc.conf
syslogd_enable="NO"
syslog_ng_enable="YES"
syslogd_program="/usr/local/sbin/syslog-ng"
syslogd_flags=""
Setelah saya cek ternyata field yg digenerate oleh php-syslog ada yg kurang jadi silahkan login ke mysql server dan tambahkan sbb :
CREATE TABLE `logs` (
`host` varchar(128) default NULL,
`facility` varchar(10) default NULL,
`priority` varchar(10) default NULL,
`level` varchar(10) default NULL,
`tag` varchar(10) default NULL,
`datetime` datetime default NULL,
`program` varchar(15) default NULL,
`msg` text,
`seq` bigint(20) unsigned NOT NULL auto_increment,
`counter` int(11) NOT NULL default '1',
`fo` datetime default NULL,
`lo` datetime default NULL,
PRIMARY KEY (`seq`),
KEY `host` (`host`),
KEY `program` (`program`),
KEY `datetime` (`datetime`),
KEY `priority` (`priority`),
KEY `facility` (`facility`)
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;
Ok insya Allah sudah finish. Silahkan reboot server anda. Pastikan mysql server jalan dulu baru syslog-ng server.
bersambungg...
Instalasi dan Konfigurasi SYSLOG-NG dengan database MYSQL.
| Saturday, July 02, 2011
This entry was posted on 1:07 PM
You can follow any responses to this entry through
the RSS 2.0 feed.
You can leave a response,
or trackback from your own site.
Subscribe to:
Post Comments (Atom)
0 komentar:
Post a Comment