====== syslog-ng 當 Log Server(docker) ======
  * 安裝環境 alpine + docker compose
  * 預計安裝好的目錄結構 <cli>
.
├── docker-compose.yml
├── log
│   ├── demo-v2-66
│   │   ├── daemon-20250507.log
│   │   └── kern-20250507.log
│   ├── demo-v2-67
│   │   ├── authpriv-20250507.log
│   │   ├── daemon-20250507.log
│   │   └── kern-20250507.log
          :
          :
│   ├── demo-v2-79
│   │   ├── auth-20250507.log
│   │   ├── authpriv-20250507.log
│   │   ├── daemon-20250507.log
│   │   ├── kern-20250507.log
│   │   ├── syslog-20250507.log
│   │   └── user-20250507.log
│   ├── messages
│   └── messages-kv.log
└── syslog-ng
    └── config
        ├── log
        │   ├── current
        │   ├── lock
        │   └── state
        ├── syslog-ng.conf
        ├── syslog-ng.ctl
        ├── syslog-ng.persist
        └── syslog-ng.pid
</cli>

===== 安裝方式 =====
  * docker-compose.yml \\ {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/syslog-ng/docker-compose.yml}}
  * 設定檔 syslog-ng\configsyslog-ng.conf \\ {{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/syslog-ng/syslog-ng/config/syslog-ng.conf}}
    * 目前設定檔會依據不同來源主機, 自動依照主機名稱或 IP 建立各自的 log 目錄 Exp. log/demo-v2-66 , log/demo-v2-67
    * 保留三個月的 log 檔案
  * 啟動服務 <cli>
docker compose pull
docker compose up -d
</cli>

===== 將 log 目錄存放至另外一個硬碟 =====
  - 先在 host 加上一顆硬碟 Exp. sdb
  - 將 sdb 建立為 lvm + ext4 <cli>fdisk /dev/sdb</cli>
    * ++詳細處理畫面|<cli>
syslog-30:~# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI, OSF or GPT disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that the previous content
won't be recoverable.


The number of cylinders for this disk is set to 13054.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p
Disk /dev/sdb: 100 GB, 107374182400 bytes, 209715200 sectors
13054 cylinders, 255 heads, 63 sectors/track
Units: sectors of 1 * 512 = 512 bytes

Device  Boot StartCHS    EndCHS        StartLBA     EndLBA    Sectors  Size Id Type

Command (m for help): n
Partition type
   p   primary partition (1-4)
   e   extended
p
Partition number (1-4): 1
First sector (63-209715199, default 63):
Using default value 63
Last sector or +size{,K,M,G,T} (63-209715199, default 209715199):
Using default value 209715199

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)

Command (m for help): p
Disk /dev/sdb: 100 GB, 107374182400 bytes, 209715200 sectors
13054 cylinders, 255 heads, 63 sectors/track
Units: sectors of 1 * 512 = 512 bytes

Device  Boot StartCHS    EndCHS        StartLBA     EndLBA    Sectors  Size Id Type
/dev/sdb1    0,1,1       1023,254,63         63  209715199  209715137 99.9G 8e Linux LVM

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table
</cli>++
  - 參考 [[/tech/lvm]]<cli>
pvcreate /dev/sdb1
vgcreate vglogdata /dev/sdb1
lvcreate -l +100%FREE -nlogdata vglogdata
mkfs.ext4 /dev/vglogdata/logdata
</cli>
    * ++詳細處理畫面|<cli>
syslog-30:~# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.
syslog-30:~# vgcreate vglogdata /dev/sdb1
  Volume group "vglogdata" successfully created
syslog-30:~# lvcreate -l +100%FREE -nlogdata vglogdata
  Logical volume "logdata" created.
syslog-30:~# mkfs.ext4 /dev/vglogdata/logdata
mke2fs 1.47.1 (20-May-2024)
Discarding device blocks: done
Creating filesystem with 26213376 4k blocks and 6553600 inodes
Filesystem UUID: d89e5e2c-fb17-46d9-96be-f3a537662b1a
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done

</cli>++
  - 掛上路徑 Exp. /logdata <cli>
mkdir -p /logdata
chown 1000:1000 /logdata
vi /etc/fstab
</cli><file>
:
/dev/vglogdata/logdata  /logdata        ext4    rw      0 1
</file><cli>
mount /logdata
df -h
</cli>
  - 修改 docker-compose.yml 內容 <cli>
vi docker-compose.yml
</cli><file>
:
    volumes:
      - ./syslog-ng/config:/config
      - /logdata:/var/log #optional
:
</file><cli>
docker compose down
</cli>
  - 將原本 log 檔搬移到 /logdata <cli>
cp -a ./log/* /logdata/
ln -s /logdata .
</cli>
  - 重新啟動 syslog-ng <cli>
docker compose up -d
</cli>
===== 參考網址 =====
  * https://hub.docker.com/r/linuxserver/syslog-ng

{{tag>logserver}}