顯示頁面舊版反向連結Fold/unfold all回到頁頂 本頁是唯讀的,您可以看到原始碼,但不能更動它。您如果覺得它不應被鎖上,請詢問管理員。 ====== syslog-ng 當 Log Server(docker) ====== * 安裝環境 alpine + docker compose * 預計安裝好的目錄結構 <cli> . ├── docker-compose.yml ├── log │ ├── demo-v2-66 │ │ ├── daemon-20250507.log │ │ └── kern-20250507.log │ ├── demo-v2-67 │ │ ├── authpriv-20250507.log │ │ ├── daemon-20250507.log │ │ └── kern-20250507.log : : │ ├── demo-v2-79 │ │ ├── auth-20250507.log │ │ ├── authpriv-20250507.log │ │ ├── daemon-20250507.log │ │ ├── kern-20250507.log │ │ ├── syslog-20250507.log │ │ └── user-20250507.log │ ├── messages │ └── messages-kv.log └── syslog-ng └── config ├── log │ ├── current │ ├── lock │ └── state ├── syslog-ng.conf ├── syslog-ng.ctl ├── syslog-ng.persist └── syslog-ng.pid </cli> ===== 安裝方式 ===== * docker-compose.yml \\ {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/syslog-ng/docker-compose.yml}} * 設定檔 syslog-ng\configsyslog-ng.conf \\ {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/syslog-ng/syslog-ng/config/syslog-ng.conf}} * 目前設定檔會依據不同來源主機, 自動依照主機名稱或 IP 建立各自的 log 目錄 Exp. log/demo-v2-66 , log/demo-v2-67 * 保留三個月的 log 檔案 * 啟動服務 <cli> docker compose pull docker compose up -d </cli> ===== 將 log 目錄存放至另外一個硬碟 ===== - 先在 host 加上一顆硬碟 Exp. sdb - 將 sdb 建立為 lvm + ext4 <cli>fdisk /dev/sdb</cli> * ++詳細處理畫面|<cli> syslog-30:~# fdisk /dev/sdb Device contains neither a valid DOS partition table, nor Sun, SGI, OSF or GPT disklabel Building a new DOS disklabel. Changes will remain in memory only, until you decide to write them. After that the previous content won't be recoverable. The number of cylinders for this disk is set to 13054. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help): p Disk /dev/sdb: 100 GB, 107374182400 bytes, 209715200 sectors 13054 cylinders, 255 heads, 63 sectors/track Units: sectors of 1 * 512 = 512 bytes Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type Command (m for help): n Partition type p primary partition (1-4) e extended p Partition number (1-4): 1 First sector (63-209715199, default 63): Using default value 63 Last sector or +size{,K,M,G,T} (63-209715199, default 209715199): Using default value 209715199 Command (m for help): t Selected partition 1 Hex code (type L to list codes): 8e Changed system type of partition 1 to 8e (Linux LVM) Command (m for help): p Disk /dev/sdb: 100 GB, 107374182400 bytes, 209715200 sectors 13054 cylinders, 255 heads, 63 sectors/track Units: sectors of 1 * 512 = 512 bytes Device Boot StartCHS EndCHS StartLBA EndLBA Sectors Size Id Type /dev/sdb1 0,1,1 1023,254,63 63 209715199 209715137 99.9G 8e Linux LVM Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table </cli>++ - 參考 [[/tech/lvm]]<cli> pvcreate /dev/sdb1 vgcreate vglogdata /dev/sdb1 lvcreate -l +100%FREE -nlogdata vglogdata mkfs.ext4 /dev/vglogdata/logdata </cli> * ++詳細處理畫面|<cli> syslog-30:~# pvcreate /dev/sdb1 Physical volume "/dev/sdb1" successfully created. syslog-30:~# vgcreate vglogdata /dev/sdb1 Volume group "vglogdata" successfully created syslog-30:~# lvcreate -l +100%FREE -nlogdata vglogdata Logical volume "logdata" created. syslog-30:~# mkfs.ext4 /dev/vglogdata/logdata mke2fs 1.47.1 (20-May-2024) Discarding device blocks: done Creating filesystem with 26213376 4k blocks and 6553600 inodes Filesystem UUID: d89e5e2c-fb17-46d9-96be-f3a537662b1a Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872 Allocating group tables: done Writing inode tables: done Creating journal (131072 blocks): done Writing superblocks and filesystem accounting information: done </cli>++ - 掛上路徑 Exp. /logdata <cli> mkdir -p /logdata chown 1000:1000 /logdata vi /etc/fstab </cli><file> : /dev/vglogdata/logdata /logdata ext4 rw 0 1 </file><cli> mount /logdata df -h </cli> - 修改 docker-compose.yml 內容 <cli> vi docker-compose.yml </cli><file> : volumes: - ./syslog-ng/config:/config - /logdata:/var/log #optional : </file><cli> docker compose down </cli> - 將原本 log 檔搬移到 /logdata <cli> cp -a ./log/* /logdata/ ln -s /logdata . </cli> - 重新啟動 syslog-ng <cli> docker compose up -d </cli> ===== 參考網址 ===== * https://hub.docker.com/r/linuxserver/syslog-ng {{tag>logserver}} tech/logsrv_docker.txt 上一次變更: 2025/05/09 02:21由 jonathan