ยง2024-05-29
- I have a mongoDB replcation Server replSetName: "odroid01" as follow:
- hc4Jammy.yushei.com.tw:27017 192.168.2.195
- N2Jammy.yushei.com.tw:27017 192.168.2.177
- x8664Arch.yushei.com.tw:27017 192.168.2.132
- n2Bookworm.yushei.com.tw:27017 192.168.2.239
$ dig +short SRV _mongodb._tcp.inLaneCatch.yushei.com.tw
0 0 27017 hc4Jammy.yushei.com.tw.
0 0 27017 x8664Arch.yushei.com.tw.
0 0 27017 n2Boookworm.yushei.com.tw.
0 0 27017 n2Jammy.yushei.com.tw.
- install syslog-ng on each replicationSet members
$ sudo apt install syslog-ng
- We will send all log files to hc4Jammy.yushei.com.tw
- /var/log/mongoDB-odroid01.log using syslog-ng program.
$ sudo apt install syslog-ng
- @hc4Jammy.yushei.com.tw, /etc/syslog-ng/syslog-ng.conf is as,
$ sudo cp -v /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.backup
'/etc/syslog-ng/syslog-ng.conf' -> '/etc/syslog-ng/syslog-ng.conf.backup'
@version: 3.27
@include "scl.conf"
# Sources
source s_net {
network(ip(0.0.0.0) port(514) transport("udp"));
};
# Destinations
destination d_mongoDB {
file("/var/log/mongoDB-odroid-01.log");
};
# Filters
filter f_Mongo01 {
host("hc4Jammy.yushei.com.tw");
};
filter f_Mongo02 {
host("n2Jammy.yushei.com.tw");
};
filter f_Mongo03 {
host("x8664Arch3.yushei.com.tw");
};
filter f_Mongo04 {
host("n2Bookworm.yushei.com.tw");
};
# Bind Sources, Destinations, and Filters
log {
source(s_net);
# filter(f_Mongo01);
destination(d_mongoDB);
};
# log {
# source(s_net);
# filter(f_Mongo02);
# destination(d_mongoDB);
# };
# log {
# source(s_net);
# filter(f_Mongo03);
# destination(d_mongoDB);
# };
# log {
# source(s_net);
# filter(f_Mongo04);
# destination(d_mongoDB);
# };
- @hc4Jammy.yushei.com.tw
$ sudo systemctl restart syslog-ng
root@hc4Jammy:/home/alexlai# nano /etc/syslog-ng/syslog-ng.conf
root@hc4Jammy:/home/alexlai# systemctl restart syslog-ng
root@hc4Jammy:/home/alexlai# systemctl status syslog-ng
โ syslog-ng.service - System Logger Daemon
Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-05-29 12:51:54 CST; 10s ago
Docs: man:syslog-ng(8)
Main PID: 5598 (syslog-ng)
Tasks: 1 (limit: 3413)
Memory: 2.8M
CPU: 109ms
CGroup: /system.slice/syslog-ng.service
โโ5598 /usr/sbin/syslog-ng -F
May 29 12:51:54 hc4Jammy systemd[1]: Starting System Logger Daemon...
May 29 12:51:54 hc4Jammy syslog-ng[5598]: [2024-05-29T12:51:54.349728] WARNING: Configuration file format is too old, syslog-ng is running in compatibil>
May 29 12:51:54 hc4Jammy syslog-ng[5598]: DIGEST-MD5 common mech free
May 29 12:51:54 hc4Jammy systemd[1]: Started System Logger Daemon.
- n2Jammy.yushei.com.tw it had a /var/log/mongodb/mongod.log file that is mongoDB log file. We would like to send it to hc4Jammy.yushei.com.tw syslog-ng, what will be the configuration file /etc/syslog-ng/syslog-ng.conf?
$ sudo apt install syslog-ng
alexlai@n2Jammy:~$ sudo cp -v /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf.backup
'/etc/syslog-ng/syslog-ng.conf' -> '/etc/syslog-ng/syslog-ng.conf.backup'
- /etc//syslog-ng/syslog-ng.conf as,
@version: 3.27
@include "scl.conf"
# Sources
source s_net {
network(ip(0.0.0.0) port(514) transport("udp"));
};
source s_mongo_log {
file("/var/log/mongodb/mongod.log" flags(no-parse));
};
# Destinations
destination d_hc4Jammy {
syslog("hc4Jammy.yushei.com.tw" transport("udp") port(514));
};
# Filters
filter f_hc4Jammy {
host("hc4Jammyyushei.com.tw");
};
# Bind Sources, Destinations, and Filters
# Send mongod.log from redismongo03.yushei.com.tw to hc4nas02.yushei.net
log {
source(s_net);
source(s_mongo_log);
filter(f_hc4Jammy);
destination(d_hc4Jammy);
};
sudo tcpdump -i any port 514
@version: 3.25
@include "scl.conf"
# Sources
source s_local {
system();
internal();
};
# Destinations
destination d_hc4nas02 {
syslog("hc4nas02.yushei.net" transport("udp") port(514));
};
# Bind the source and destination together
log {
source(s_local);
destination(d_hc4nas02);
};