ng构建集中型日志服务器(3)

前面配置好了syslog-ng,下面简要的概述下如何将系统日志存入mysql
1：将mysql的头文件和库文件链接到/usr/local下
[root@server2 ~]# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql
[root@server2 ~]# ln -s /usr/local/mysql/include/mysql/ /usr/local/include
[root@server2 ~]# cd /usr/local/src/software/sqlsyslogd
2：下载sqlsyslogd源码包，由于是整个目录下载，所以会下载index.html打头的索引文件
[root@server2 software]# wget -d -r -np
[root@server2 software]# cd
[root@server2 sqlsyslogd]# rm -rf index.html*
[root@server2 sqlsyslogd]# cd contrib/
[root@server2 contrib]# rm -rf index.html*
[root@server2 contrib]# cd
[root@server2 ~]# mv /usr/local/src/software/www.frasunek.com/sources/security/sqlsyslogd/ /usr/
local/src/software/
3:make,复制sqlsyslogd二进制程序到/usr/local/sbin目录下
[root@server2 ~]# cd /usr/local/src/software/sqlsyslogd/
[root@server2 sqlsyslogd]# make
cc -O6 -Wall -pipe -I/usr/local/include -DCONF=\"/usr/local/etc/sqlsyslogd.conf\" -L/usr/local/lib/mysql -lmysqlclient sqlsyslogd.c   -o sqlsyslogd
[root@server2 sqlsyslogd]# cp sqlsyslogd /usr/local/sbin/
4：执行下sqlsyslogd程序，出现下面的命令选项则说明安装成功
[root@server2 sqlsyslogd]# sqlsyslogd
usage: sqlsyslogd [-h hostname] <-u username> [-p] <-t table> [database]

5：修改/etc/ld.so.conf文件，并使其生效，这个文件维护着编译的动态链接库位置
[root@server2 sqlsyslogd]# cat /etc/ld.so.conf
include ld.so.conf.d/*.conf
/usr/local/lib/mysql
[root@server2 sqlsyslogd]# ldconfig

6：在数据库中创建相应的库和表
[root@server2 sqlsyslogd]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 158
Server version: 5.1.36-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database syslog;
Query OK, 1 row affected (0.00 sec)

mysql> use syslog
Database changed
mysql> create table logs (Id int(10) NOT NULL auto_increment,Timestamp varchar(16),Host varchar(50),Prog varchar(50),Mesg text,PRIMARY KEY (id));
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye

7：该文件定义了连接数据库的密码
[root@server2 sqlsyslogd]# cat /usr/local/etc/sqlsyslogd.conf
123456

8：在syslog-ng主配置文件中添加下列配置
[root@server2 sqlsyslogd]# vi /usr/local/syslog-ng/etc/syslog-ng.conf

destination sqlsyslogd{
program("/usr/local/sbin/sqlsyslogd -u root -t logs syslog -p");
};

log {
        source(s_remote);
        destination(sqlsyslogd);
};

9:重启syslog-ng服务
[root@server2 sqlsyslogd]# service syslog-ng restart
Stopping Kernel Logger:                                    [ OK ]
Starting Kernel Logger:                                    [ OK ]

10:客户端发消息测试
[root@server2 sqlsyslogd]# tail -1 /var/log/syslog-ng/20100226/192.168.90.1/messages
Feb 26 14:25:47 192.168.90.1 root[6058]: just for fun