16 ноября 2019

Настройка syslog-ng в Oracle Linux 9

По ряду причин, rsyslog устанавливаемый в Oracle linux по умолчанию, мне не нравится. Я люблю когда логи упорядочиваются по хостам, facility, приоритетам.

Поэтому первым делом я меняю rsyslog на syslog-ng. Для этого сделаем следующее:

$sudo dnf install oracle-epel-release-el9
$sudo dnf install syslog-ng

$ nano -w /etc/syslog-ng/syslog-ng.conf

@version: 3.35
@include "scl.conf"

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
#       located in /etc/syslog-ng/conf.d/

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (1000);
    chain_hostnames (off);
    use_dns (yes);
    use_fqdn (no);
    create_dirs (yes);
    long_hostnames(off);
    #dir_owner ("root");
    #dir_group ("zabbix");
    #dir_perm (0750);
};

source s_sys {
    system();
    internal();
};

source s_tcp { tcp (ip ("127.0.0.1") port (514) max-connections (1) ); };
source s_udp { udp (ip ("0.0.0.0") port (514)); };

destination d_everything { file("/var/log/syslog-$HOST/$FACILITY.$PRIORITY.log"
#                                 template("$FULLDATE $MSGHDR$MSG\n")
#                                 template_escape(no)
                               );
                         };

filter f_emergency { level(emerg); };

log { source(s_sys); destination(d_everything);};
log { source(s_tcp); destination(d_everything); };
log { source(s_udp); destination(d_everything); };

# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"


# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

$sudo dnf install oracle-epel-release-el9

$sudo dnf install syslog-ng

$ nano -w /etc/syslog-ng/syslog-ng.conf

@version: 3.35

@include "scl.conf"

# syslog-ng configuration file.

# This should behave pretty much like the original syslog on RedHat. But

# it could be configured a lot smarter.

# See syslog-ng(8) and syslog-ng.conf(5) for more information.

# Note: it also sources additional configuration files (*.conf)

# located in /etc/syslog-ng/conf.d/

options {

flush_lines (0);

time_reopen (10);

log_fifo_size (1000);

chain_hostnames (off);

use_dns (yes);

use_fqdn (no);

create_dirs (yes);

long_hostnames(off);

#dir_owner ("root");

#dir_group ("zabbix");

#dir_perm (0750);

};

source s_sys {

system();

internal();

};

source s_tcp { tcp (ip ("127.0.0.1") port (514) max-connections (1) ); };

source s_udp { udp (ip ("0.0.0.0") port (514)); };

destination d_everything { file("/var/log/syslog-$HOST/$FACILITY.$PRIORITY.log"

# template("$FULLDATE $MSGHDR$MSG\n")

# template_escape(no)

);

};

filter f_emergency { level(emerg); };

log { source(s_sys); destination(d_everything);};

log { source(s_tcp); destination(d_everything); };

log { source(s_udp); destination(d_everything); };

# Source additional configuration files (.conf extension only)

@include "/etc/syslog-ng/conf.d/*.conf"

# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

Демон логирования syslog-ng не пишет логи. Не все логи, а большую часть, которую получал через механизм syslog. Но исправить эту ситуацию достаточно просто, для этого нужно выполнить следующие команды:

$ nano -w /etc/systemd/journald.conf
[Journal]
ForwardToSyslog=yes
$ systemctl restart systemd-journald.service
$ systemctl restart syslog-ng.service

$ nano -w /etc/systemd/journald.conf

[Journal]

ForwardToSyslog=yes

$ systemctl restart systemd-journald.service

$ systemctl restart syslog-ng.service

Метки: LOG

Опубликовано 16.11.2019 от evgeniyalf в категории "Linux