syslog-ngでsyslogとsnmptrapを記録するように設定し、logrotateの設定を行いました。
≪パッケージインストール≫
root@ubuntu:~# sudo aptitude install syslog-ng snmpd
..snip..
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net
≪syslog-ngの設定≫
・受信したすべてのSyslogをソースアドレス毎に別ファイルで保存する。ついでにsnmptrap用の設定も行う。
root@ubuntu:~# cat /etc/syslog-ng/syslog-ng.conf
..snip..
source net { udp( ip(0.0.0.0) port(514) ); tcp( ip(0.0.0.0) port(514) ); };
destination d_net { file("/var/log/syslog-net/$HOST.log"); };
destination df_snmptrap { file("/var/log/snmptrapd.log"); };
filter f_snmptrap { facility(local6); };
log { source(net); destination(d_net); };
log { source(s_all); filter(f_snmptrap); destination(df_snmptrap); };
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net
root@ubuntu:~#
≪snmptrapdの設定≫
・受信したすべてのtrapをsyslogに送る。
root@ubuntu:~# cat /etc/default/snmpd
..snip..
TRAPDRUN=yes
# snmptrapd options (use syslog).
#TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
TRAPDOPTS='-Ls 6 -p /var/run/snmptrapd.pid'
root@ubuntu:~#
root@ubuntu:~# cat /etc/snmp/snmptrapd.conf
disableAuthorization yes
root@ubuntu:~#
≪logrotateの設定≫
root@ubuntu:~# cat /etc/logrotate.d/labo
/var/log/syslog-net/*.log {
monthly
rotate 36
compress
notifempty
missingok
olddir /var/log/syslog-net/old
}
/var/log/snmptrapd.log {
monthly
rotate 12
compress
notifempty
missingok
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net/old
root@ubuntu:~#
≪正常に動作するかを確認≫
root@ubuntu:~# logrotate -d /etc/logrotate.d/labo
reading config file /etc/logrotate.d/labo
reading config info for /var/log/syslog-net/*.log
olddir is now /var/log/syslog-net/old
reading config info for /var/log/snmptrapd.log
Handling 2 logs
rotating pattern: /var/log/syslog-net/*.log monthly (36 rotations)
olddir is /var/log/syslog-net/old, empty log files are not rotated, old logs are removed
considering log /var/log/syslog-net/192.168.1.1.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.2.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.3.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.4.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.5.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.6.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.7.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.8.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.9.log
log does not need rotating
rotating pattern: /var/log/snmptrapd.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/snmptrapd.log
log does not need rotating
root@ubuntu:~#
≪パッケージインストール≫
root@ubuntu:~# sudo aptitude install syslog-ng snmpd
..snip..
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net
≪syslog-ngの設定≫
・受信したすべてのSyslogをソースアドレス毎に別ファイルで保存する。ついでにsnmptrap用の設定も行う。
root@ubuntu:~# cat /etc/syslog-ng/syslog-ng.conf
..snip..
source net { udp( ip(0.0.0.0) port(514) ); tcp( ip(0.0.0.0) port(514) ); };
destination d_net { file("/var/log/syslog-net/$HOST.log"); };
destination df_snmptrap { file("/var/log/snmptrapd.log"); };
filter f_snmptrap { facility(local6); };
log { source(net); destination(d_net); };
log { source(s_all); filter(f_snmptrap); destination(df_snmptrap); };
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net
root@ubuntu:~#
≪snmptrapdの設定≫
・受信したすべてのtrapをsyslogに送る。
root@ubuntu:~# cat /etc/default/snmpd
..snip..
TRAPDRUN=yes
# snmptrapd options (use syslog).
#TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
TRAPDOPTS='-Ls 6 -p /var/run/snmptrapd.pid'
root@ubuntu:~#
root@ubuntu:~# cat /etc/snmp/snmptrapd.conf
disableAuthorization yes
root@ubuntu:~#
≪logrotateの設定≫
root@ubuntu:~# cat /etc/logrotate.d/labo
/var/log/syslog-net/*.log {
monthly
rotate 36
compress
notifempty
missingok
olddir /var/log/syslog-net/old
}
/var/log/snmptrapd.log {
monthly
rotate 12
compress
notifempty
missingok
postrotate
/etc/init.d/syslog-ng reload >/dev/null
endscript
}
root@ubuntu:~#
root@ubuntu:~# sudo mkdir /var/log/syslog-net/old
root@ubuntu:~#
≪正常に動作するかを確認≫
root@ubuntu:~# logrotate -d /etc/logrotate.d/labo
reading config file /etc/logrotate.d/labo
reading config info for /var/log/syslog-net/*.log
olddir is now /var/log/syslog-net/old
reading config info for /var/log/snmptrapd.log
Handling 2 logs
rotating pattern: /var/log/syslog-net/*.log monthly (36 rotations)
olddir is /var/log/syslog-net/old, empty log files are not rotated, old logs are removed
considering log /var/log/syslog-net/192.168.1.1.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.2.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.3.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.4.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.5.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.6.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.7.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.8.log
log does not need rotating
considering log /var/log/syslog-net/192.168.1.9.log
log does not need rotating
rotating pattern: /var/log/snmptrapd.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/snmptrapd.log
log does not need rotating
root@ubuntu:~#
