Upload
ashley-stokes
View
237
Download
0
Embed Size (px)
Citation preview
1
Syslog-ng
Next-generation syslog server
2
Mode
• Polling– SNMP
• Notification– Syslog– Snmp trap
3
簡介• Syslog 透過 priority 及 facility 做分類
• Syslog-ng : Customization
Facility Priority
messagesbootcronuserlocal0 ~ local7
EmergencyAlertCriticalErrorWarningNotificationInformationDebugging
4
install
• 安裝 EPELrpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-7.noarch.rpm
• 安裝 syslog-ngyum install syslog-ng.i686
• 設定檔案/etc/syslog-ng.conf
5
iptable
• vi /etc/sysconfig/ip6tables-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
• vi /etc/sysconfig/iptables-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
6
source
source s_remote { udp( ip(10.10.4.19X) port(514) );};
source s_remote6 { udp6( ip("2001:e10:6840:4::1111") port(514) );};
7
filter
filter f_dlinkwlan { facility(user); };
filter f_ciscowlan { facility(local4); };
filter f_isg2000 {host (10.10.4.16X);};
filter f_jrouter {host ("2001:288:0:1659::2222"); };
8
destinationdestination d_router { file("/var/log/HOST/router/$HOST/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
destination d_jrouter { file("/var/log/HOST/router/JuniperMX960/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
destination d_isg2000 { file("/var/log/HOST/nat/$YEAR-$MONTH-$DAY/$HOUR/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
9
log• log { source(s_remote); filter(f_router); destination(d_router); };
• log { source(s_remote6); filter(f_jrouter); destination(d_jrouter); };
10
## 本地接收的 IP addresssource s_remote { udp( ip(10.10.4.19X) port(514) );};
## 遠端的 IP addressfilter f_isg2000 {host (10.10.4.16X);};
## 本地儲存的位置destination d_isg2000 { file("/var/log/HOST/nat/$YEAR-$MONTH-$DAY/$HOUR/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
## 整合各式條件log { source(s_remote); filter(f_isg2000); destination(d_isg2000); };
11
## 本地接收的 IP addresssource s_remote6 { udp6( ip("2001:e10:6840:4::1111") port(514) );};
## 遠端的 IP addressfilter f_jrouter {host ("2001:288:0:1659::2222"); };
## 本地儲存的位置destination d_jrouter { file("/var/log/HOST/router/JuniperMX960/$YEAR-$MONTH-$DAY/$LEVEL" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
## 整合各式條件log { source(s_remote6); filter(f_jrouter); destination(d_jrouter); };
12
13