syslog收集:eventlog+syslog-ng+mongodb
系统:Redhat5 64bit Server
1.安装 eventlog$ tar xvfz eventlog_0.2.12.tar.gz //解压$ export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH //配置编译路径$ ./configure //配置编译环境,预编译$ make //编译$ make install //安装2.安装syslog-ng$ tar xvfz syslog-ng_3.3.7.tar.gz //解压$ ./configure //配置编译环境,预编译$ make //编译$ make install //安装#配置syslog-ng作为服务方式启动#进入contrib目录$ cd contrib#复制服务启动脚本到init.d目录$ cp init.d.RedHat-7.3 /etc/init.d/syslog-ng$ chmod 755 /etc/init.d/syslog-ng$ chown root:root /etc/init.d/syslog-ng$ chkconfig —add syslog-ng$ chkconfig --level 345 syslog-ng on$ service syslog-ng start3.配置syslog-ng,主要配置两个文件//以UDP方式接收syslog消息,并发送到mongodb中syslog-ng.conf:127.0.0.1是mongodb的IP,默认端口是27017,数据库是syslog,表是messagesmodule.conf:#开启mongodb接收@module afmongodb 详情请见附件。4.安装mongodb#解压,安装,服务$ tar zxvf mongodb-linux-x86_64-2.0.8.tgz$ mv mongodb-linux-x86_64-2.0.8 /usr/local/mongodb$ mkdir /data$ mkdir /data/db$ mkdir /data/logs$ cp mongodb.txt /etc/init.d/mongodb$ chmod 755 /etc/init.d/mongodb$ chown root:root /etc/init.d/mongodb$ chkconfig —add mongodb$ chkconfig --level 345 mongodb on$ service mongodb start#创建索引$ cd /usr/local/mongodb/bin$ ./mongo$ show dbs$ use syslog$ db.messages.find()$ db.messages.ensureIndex({"DATE":-1,"HOST":-1,"SOURCEIP":-1,"PRIORITY":-1,"FACILITY":-1})