2010-02-07 18:11:06 +01:00
|
|
|
Dependencies
|
|
|
|
============
|
|
|
|
|
|
|
|
System
|
|
|
|
------
|
|
|
|
|
|
|
|
* ruby >= 1.9 (tested: 1.9.1, untested: 1.8 (maybe compatible))
|
2010-03-17 13:27:28 +01:00
|
|
|
* libdb >= 4.7 (tested: 4.7/4.8)
|
|
|
|
* C-Compiler (tested: gcc 4.4.1)
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-02-07 18:13:14 +01:00
|
|
|
### Debian/Ubuntu:
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
# aptitude ruby1.9.1 ruby1.9.1-dev libdb4.7-dev rubygems1.9.1
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
If you've installed ruby1.8 (yet), you should run ruby1.9.1 instead ruby and
|
2010-02-07 18:11:06 +01:00
|
|
|
gem1.9.1 instead gem.
|
|
|
|
Change shebash in s2l.rb to
|
|
|
|
|
|
|
|
#!/usr/bin/ruby1.9.1
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
or
|
|
|
|
|
|
|
|
#!/usr/bin/env ruby1.9.1
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
Ruby Gems
|
|
|
|
---------
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
You should install *dk-bdb* manualy:
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
# gem install dk-bdb -- --with-db-dir=/usr --with-db-include=/usr/include
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
Every other dependencies will be installed automaticaly,
|
|
|
|
if you install syslog2logan via gem.
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
Install
|
|
|
|
=======
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
# gem install syslog2logan
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
Usage
|
|
|
|
=====
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
First you should know, the database environments are in *this* directory,
|
|
|
|
where you call *s2l.rb*. You must use this directory for logan itself too!
|
|
|
|
Don't use this directory for anything else.
|
|
|
|
|
2010-02-07 18:11:06 +01:00
|
|
|
Start
|
|
|
|
-----
|
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
Simple on Ubuntu:
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
# /var/lib/gems/1.9*/gems/syslog2logan-*/bin/s2l.rb
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
Deamonized:
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
# sh -c 'nohup PATHTO/s2l.rb </dev/null >/dev/null 2>&1 &' &
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
Use it
|
|
|
|
------
|
|
|
|
|
|
|
|
Your Syslog-server should send everythin via tcp to port 1514.
|
|
|
|
UDP and TLS aren't possible yet.
|
|
|
|
If you want to use any of these, you can proxy it via a local syslog-ng.
|
|
|
|
|
2010-02-07 18:13:14 +01:00
|
|
|
### syslog-ng
|
2010-02-07 18:11:06 +01:00
|
|
|
|
|
|
|
You need these lines:
|
|
|
|
|
|
|
|
source s_server {
|
|
|
|
unix-stream( "/dev/log" max-connections(100));
|
2010-03-17 13:27:28 +01:00
|
|
|
# internal(); # Statistics about dests. It's unimportant for LogAn.
|
2010-02-07 18:11:06 +01:00
|
|
|
file( "/proc/kmsg");
|
|
|
|
};
|
|
|
|
|
|
|
|
destination d_server {
|
|
|
|
tcp( "SyslogServer.example.org" port (1514));
|
|
|
|
};
|
|
|
|
|
|
|
|
log {
|
|
|
|
source( s_server);
|
|
|
|
destination( d_server);
|
|
|
|
};
|
|
|
|
|
2010-02-07 18:13:14 +01:00
|
|
|
### rsyslog
|
2010-02-07 18:11:06 +01:00
|
|
|
|
2010-03-17 13:27:28 +01:00
|
|
|
I don't know. Please tell me, how to use.
|