LibreNMS 啟用 Syslog 服務 (CentOS)

 LibreNMS (CentOS) 啟用 Syslog 服務，請用本文依序操作。

> 安裝 syslog-ng

sudo yum install syslog-ng

> 遷移舊有的 syslog-ng.conf

sudo mv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.bak

> 編輯 syslog-ng.conf

sudo vi /etc/syslog-ng/syslog-ng.conf

> 加入以下內容

==============================================

@version:3.5

@include "scl.conf"

# syslog-ng configuration file.

#

# This should behave pretty much like the original syslog on RedHat. But

# it could be configured a lot smarter.

#

# See syslog-ng(8) and syslog-ng.conf(5) for more information.

#

# Note: it also sources additional configuration files (*.conf)

#       located in /etc/syslog-ng/conf.d/

options {

        chain_hostnames(off);

        flush_lines(0);

        use_dns(no);

        use_fqdn(no);

        owner("root");

        group("adm");

        perm(0640);

        stats_freq(0);

        bad_hostname("^gconfd$");

};

source s_sys {

    system();

    internal();

};

source s_net {

        tcp(port(514) flags(syslog-protocol));

        udp(port(514) flags(syslog-protocol));

};

########################

# Destinations

########################

destination d_librenms {

        program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes));

};

filter f_kernel     { facility(kern); };

filter f_default    { level(info..emerg) and

                        not (facility(mail)

                        or facility(authpriv)

                        or facility(cron)); };

filter f_auth       { facility(authpriv); };

filter f_mail       { facility(mail); };

filter f_emergency  { level(emerg); };

filter f_news       { facility(uucp) or

                        (facility(news)

                        and level(crit..emerg)); };

filter f_boot   { facility(local7); };

filter f_cron   { facility(cron); };

########################

# Log paths

########################

log {

        source(s_net);

        source(s_sys);

        destination(d_librenms);

};

# Source additional configuration files (.conf extension only)

@include "/etc/syslog-ng/conf.d/*.conf"

# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:

==============================================

> 重新啟動 syslog-ng

sudo service syslog-ng restart

> 編輯 config.php

sudo vi /opt/librenms/config.php

==============================================

$config['enable_syslog'] = 1;

==============================================

> 編輯 mycustom-librenms-rsyslog.te

sudo vi mycustom-librenms-rsyslog.te

==============================================

module mycustom-librenms-rsyslog 1.0;

require {

        type syslogd_t;

        type httpd_sys_rw_content_t;

        type ping_exec_t;

        class process execmem;

        class dir { getattr search write };

        class file { append getattr execute open read };

}

#============= syslogd_t ==============

allow syslogd_t httpd_sys_rw_content_t:dir { getattr search write };

allow syslogd_t httpd_sys_rw_content_t:file { open read append getattr };

allow syslogd_t self:process execmem;

allow syslogd_t ping_exec_t:file execute;

==============================================

> 執行以下指令

sudo checkmodule -M -m -o mycustom-librenms-rsyslog.mod mycustom-librenms-rsyslog.te

sudo semodule_package -o mycustom-librenms-rsyslog.pp -m mycustom-librenms-rsyslog.mod

sudo semodule -i mycustom-librenms-rsyslog.pp