-->

2011-07-21

/etc/X11/xorg.confの修正

参考URL。
http://www.gentoo.org/doc/ja/xorg-config.xml

バージョン。
$ eix xorg -cI
[I] x11-base/xorg-drivers (1.10@2011年06月26日): Meta package containing deps on all xorg drivers
[I] x11-base/xorg-server (1.10.2@2011年06月26日): X.Org X servers
[I] x11-base/xorg-x11 (7.4-r1@2011年03月28日): An X11 implementation maintained by the X.Org Foundation (meta package)
Found 3 matches.

グラフィックのハードウェア。ディスプレイはRDG17X(古い)
$ lspci|grep -i gra
01:05.0 VGA compatible controller: ATI Technologies Inc Radeon HD 3200 Graphics

make.confの設定。
$ grep -P "^(INPUT_DEVICES|VIDEO_CARDS)" /etc/make.conf
INPUT_DEVICES="evdev keyboard mouse"
VIDEO_CARDS="radeon"

設定用コマンドで設定の雛形を作成する。
キーボードの設定を追加する。
解像度と色の設定を追加する。
### Ctrl + Alt + F1 などでCUIの画面を表示する。
$ /etc/init.d/xdm stop
$ Xorg -configure
$ cp -i xorg.conf.new /etc/X11/xorg.conf
$ emacs /etc/X11/xorg.conf
$ diff -u xorg.conf.new /etc/X11/xorg.conf
--- xorg.conf.new       2011-07-21 16:12:41.319315470 +0900
+++ /etc/X11/xorg.conf  2011-07-21 16:32:41.389584448 +0900
@@ -27,6 +27,8 @@
 Section "InputDevice"
        Identifier  "Keyboard0"
        Driver      "kbd"
+       Option    "XkbModel"  "jp106"
+       Option    "XkbLayout" "jp"
 EndSection

 Section "InputDevice"
@@ -122,6 +124,7 @@
        Identifier "Screen0"
        Device     "Card0"
        Monitor    "Monitor0"
+       DefaultDepth  24
        SubSection "Display"
                Viewport   0 0
                Depth     1
@@ -145,6 +148,7 @@
        SubSection "Display"
                Viewport   0 0
                Depth     24
+               Modes   "1280x1024"
        EndSubSection
 EndSection

$ /etc/init.d/xdm start
### Ctrl + Alt + F7 などで戻る。








以下はメモです。

現在halを使っていない。たぶん更新時のメッセージに従って何かしたように思う。
$ eix -e hal -c
[N] sys-apps/hal (0.5.14-r4): Hardware Abstraction Layer

$ grep -P "^(INPUT_DEVICES|VIDEO_CARDS)" /etc/make.conf
INPUT_DEVICES="evdev keyboard mouse"
VIDEO_CARDS="radeon"

http://www.gentoo.org/doc/ja/xorg-config.xml
$ grep jp /etc/X11/xorg.conf
        Option    "XkbModel"  "jp106"
        Option    "XkbLayout" "jp"

エラーが出ている。
$ grep -P "WW|EE" /var/log/Xorg.0.log
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[    33.404] (WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled.
[    33.404] (WW) Disabling Mouse0
[    33.404] (WW) Disabling Keyboard0
[    33.406] (WW) Open ACPI failed (/var/run/acpid.socket) (No such file or directory)
[    33.637] (WW) Warning, couldn't open module xtrap
[    33.637] (EE) Failed to load module "xtrap" (module does not exist, 0)
[    33.648] (II) Loading extension MIT-SCREEN-SAVER
[    33.901] (WW) Warning, couldn't open module vesa
[    33.901] (EE) Failed to load module "vesa" (module does not exist, 0)
[    33.901] (WW) Warning, couldn't open module fbdev
[    33.901] (EE) Failed to load module "fbdev" (module does not exist, 0)
[    34.785] (EE) RADEON(0): [dri] RADEONDRIGetVersion failed to open the DRM
[    35.173] (WW) RADEON(0): Direct rendering disabled
[    35.173] (EE) RADEON(0): Acceleration initialization failed
[    35.334] (WW) RADEON(0): Option "XAANoOffscreenPixmaps" is not used

たぶん以前必要だった設定が残っているだけ。
$ grep -P "Section.*Module" -A6 /etc/X11/xorg.conf
Section "Module"
        Load  "dbe"
        Load  "record"
        Load  "xtrap"
        Load  "extmod"
        Load  "dri"
EndSection


現在の状態でデフォルトの設定ファイルを作成した。
# /etc/init.d/xdm stop
# Xorg -configure

キーボード関連以外そのまま使っても動きそうに見える。
# diff xorg.conf.new /etc/X11/xorg.conf
12c12
<       FontPath     "/usr/share/fonts/OTF/"
---
>       FontPath     "/usr/share/fonts/OTF"
20a21
>       Load  "xtrap"
23,24d23
<       Load  "dri2"
<       Load  "glx"
29a29,30
>       Option    "XkbModel"  "jp106"
>       Option    "XkbLayout" "jp"
53,54c54
<         ### <string>: "String", <freq>: "<f> Hz/kHz/MHz",
<         ### <percent>: "<f>%"
---
>         ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
78d77
<         #Option     "CustomEDID"              # [<str>]
94c93,94
<         #Option     "ClockGating"             # [<bool>]
---
>         #Option     "ShowCache"               # [<bool>]
>         #Option     "DynamicClocks"           # [<bool>]
112,115d111
<         #Option     "ForceLowPowerMode"       # [<bool>]
<         #Option     "DynamicPM"               # [<bool>]
<         #Option     "NewPLL"                  # [<bool>]
<         #Option     "ZaphodHeads"             # <str>
117c113,115
<       Driver      "radeon"
---
>       #Driver      "fglrx"
>       VendorName  "ATI Technologies Inc"
>       BoardName   "Radeon HD 3200 Graphics"
118a117
>       Option "XAANoOffscreenPixmaps" "true"
124a124
>       DefaultDepth  24
143a144
>               Modes   "1280x1024"
147a149
>               Modes   "1280x1024"
150a153,159
> Section "Extensions"
>       Option  "Composite"  "Enable"
> EndSection
>
> #Section "ServerFlags"
> #     Option "AllowEmptyInput" "off"
> #EndSection

コピーして再起動したところ、映らなくなった。
# cp -i xorg.conf.new /etc/X11/xorg.conf
# /etc/init.d/xdm restart

http://www.gentoo.org/doc/ja/xorg-config.xml

追加した。半角/全角のキーも動作した。
# diff -u xorg.conf.new /etc/X11/xorg.conf
--- xorg.conf.new       2011-07-21 16:12:41.319315470 +0900
+++ /etc/X11/xorg.conf  2011-07-21 16:32:41.389584448 +0900
@@ -27,6 +27,8 @@
 Section "InputDevice"
        Identifier  "Keyboard0"
        Driver      "kbd"
+       Option    "XkbModel"  "jp106"
+       Option    "XkbLayout" "jp"
 EndSection

 Section "InputDevice"
@@ -122,6 +124,7 @@
        Identifier "Screen0"
        Device     "Card0"
        Monitor    "Monitor0"
+       DefaultDepth  24
        SubSection "Display"
                Viewport   0 0
                Depth     1
@@ -145,6 +148,7 @@
        SubSection "Display"
                Viewport   0 0
                Depth     24
+               Modes   "1280x1024"
        EndSubSection
 EndSection

2011-07-12

kuroboxHGのファンの回転数

kuroboxHGのファンの回転数の変更を細かくする。

netcat6, hddtempをインストールしてncコマンドで温度を取得する。
$ rcsdiff -r1.1 /etc/config-archive/etc/conf.d/hddtemp,v /etc/conf.d/hddtemp
===================================================================
RCS file: /etc/config-archive/etc/conf.d/hddtemp,v
retrieving revision 1.1
diff -r1.1 /etc/conf.d/hddtemp
12c12
< HDDTEMP_DRIVES="/dev/hda /dev/hdb"
---
> HDDTEMP_DRIVES="/dev/sda"
$ nc localhost 7634;echo
nc: using stream socket
|/dev/sda|ST3250823A|48|C|

rc.localファイルのようなファイルを設置するディレクトリにshスクリプトを設置する。
$ cat /etc/local.d/hddtemp.start | grep -v ^$ | grep -vP '^#(?!!)'
#!/bin/sh
TEMPLIMIT=48
SLEEP=30
PATH="/bin:/usr/bin"
CURRENT_SLEEP=0
BUF=""
IFS='|'
HDDTEMP=0
CHANGE_MODE=""
CURRENT_MODE=""
while true
do
    CURRENT_SLEEP=$SLEEP
    BUF=$(nc localhost 7634 2>/dev/null)
    set -- $BUF
    HDDTEMP=$4
    if [ "$HDDTEMP" -le $TEMPLIMIT ]; then
        CHANGE_MODE="low"
    else
        CHANGE_MODE="high"
    fi
    if [ "$CHANGE_MODE" != "$CURRENT_MODE" ]; then
        if [ "$CHANGE_MODE" = "low" ]; then
            logger -t hddtemp "Temperature is Low.  Setting Fan Low  "`echo $HDDTEMP C`
            echo -n '\\\\' > /dev/ttyS0
            echo -n 'ffff' > /dev/ttyS0
        else
            logger -t hddtemp "Temperature is High. Setting Fan High "`echo $HDDTEMP C`
            echo -n ']]]]' > /dev/ttyS0
            echo -n 'gggg' > /dev/ttyS0
            CURRENT_SLEEP=$[ $SLEEP * 10 ]
        fi
    fi
    CURRENT_MODE=$CHANGE_MODE
    sleep $CURRENT_SLEEP
done &

shスクリプトを起動する。
$ sudo chmod +x /etc/local.d/hddtemp.start
$ ll /etc/local.d/hddtemp.start
-rwxr-xr-x 1 root root 1560 2011-07-11 15:39:23 /etc/local.d/hddtemp.start*
$ sudo /etc/local.d/hddtemp.start

確認する。
$ sudo tail -n30 /var/log/messages|grep hddtemp
Jul 12 00:54:26 kuroboxhg hddtemp: Temperature is High. Setting Fan High 49 C
Jul 12 00:59:26 kuroboxhg hddtemp: Temperature is Low.  Setting Fan Low  48 C
Jul 12 01:12:28 kuroboxhg hddtemp: Temperature is High. Setting Fan High 49 C
Jul 12 01:17:28 kuroboxhg hddtemp: Temperature is Low.  Setting Fan Low  48 C
Jul 12 02:36:07 kuroboxhg hddtemp: Temperature is High. Setting Fan High 49 C
Jul 12 02:41:07 kuroboxhg hddtemp: Temperature is Low.  Setting Fan Low  48 C
$ pstree -pal 8902
hddtemp.start,8902 /etc/local.d/hddtemp.start
  └─sleep,17012 30

2.6.25と比べて ttyS0, ttyS1 が違う。
$ uname -a
Linux kuroboxhg 2.6.38-gentoo-r6 #2 Wed Jun 15 02:04:57 JST 2011 ppc 82xx Linkstation I/Kurobox(HG) GNU/Linux

2011-07-09

syslog-ngのログをmysqlに記録する Part2

追記: しばらくすると記録されなくなったので、このページの説明では問題があります。
Jul  9 17:51:38 amdgentoo logger: 4
Jul  9 17:51:38 amdgentoo syslog-ng[15407]: Error running SQL query; type='mysql', host='localhost', port='', user='syslogappend', database='syslog', error='2006: MySQL server has gone away', query='INSERT INTO logs (crtm, seq, host, addr, facility, level, pri, program, pid, msghdr, msg) VALUES (\'2011-07-09T17:51:38+09:00\', \'5\', \'amdgentoo\', \'127.0.0.1\', \'1\', \'5\', \'13\', \'logger\', \'\', \'logger: \', \'4\')'
Jul  9 17:51:38 amdgentoo syslog-ng[15407]: Error running SQL query; type='mysql', host='localhost', port='', user='syslogappend', database='syslog', error='2006: MySQL server has gone away', query='INSERT INTO logs (crtm, seq, host, addr, facility, level, pri, program, pid, msghdr, msg) VALUES (\'2011-07-09T17:51:38+09:00\', \'5\', \'amdgentoo\', \'127.0.0.1\', \'1\', \'5\', \'13\', \'logger\', \'\', \'logger: \', \'4\')'
Jul  9 17:51:38 amdgentoo syslog-ng[15407]: Error running SQL query; type='mysql', host='localhost', port='', user='syslogappend', database='syslog', error='2006: MySQL server has gone away', query='INSERT INTO logs (crtm, seq, host, addr, facility, level, pri, program, pid, msghdr, msg) VALUES (\'2011-07-09T17:51:38+09:00\', \'5\', \'amdgentoo\', \'127.0.0.1\', \'1\', \'5\', \'13\', \'logger\', \'\', \'logger: \', \'4\')'
Jul  9 17:51:38 amdgentoo syslog-ng[15407]: Multiple failures while inserting this record into the database, message dropped; attempts='3'

デフォルト値を変更しても大丈夫であれば回避できそう。
$ php -r '$l=mysql_connect("localhost","syslogappend","syslogappendpasswd");var_dump($l);$s=0;do{$end=true;if($res=mysql_query("SELECT {$s}")){while($row=mysql_fetch_assoc($res)){print array_pop($row)."\n";$end=false;}}if($end){die(mysql_errno($l).": ".mysql_error($l)."\n"."\$s={$s}. end.\n");}sleep($s);$s+=10;}while(1);'
resource(4) of type (mysql link)
0
10
20
30
40
50
60
2006: MySQL server has gone away
$s=70. end.
$ grep -i timeout /etc/mysql/my.cnf|grep "[5-7]0"
innodb_lock_wait_timeout = 50
wait_timeout = 60
$ mysqladmin variables|grep -i timeout|grep "[5-7]0"
| innodb_lock_wait_timeout                | 50                                                                                        |
| net_write_timeout                       | 60                                                                                        |
| slave_net_timeout                       | 3600                                                                                      |
| table_lock_wait_timeout                 | 50                                                                                        |
| wait_timeout                            | 60                                                                                        |

参考URL。
http://en.gentoo-wiki.com/wiki/Syslog-ng_directly_to_MySQL

再インストール。
$ sudo USE="sql mysql" emerge --oneshot -avt syslog-ng

設定。
$ rcsdiff /etc/config-archive/etc/syslog-ng/syslog-ng.conf,v /etc/syslog-ng/syslog-ng.conf
===================================================================
RCS file: /etc/config-archive/etc/syslog-ng/syslog-ng.conf,v
retrieving revision 1.18
diff -r1.18 /etc/syslog-ng/syslog-ng.conf
64a65,74
> destination d_mysql {
> sql(type(mysql)
> host("localhost") username("syslogappend") password("syslogappendpasswd")
> database("syslog")
> table("logs")
> columns("crtm", "seq", "host", "addr", "facility", "level", "pri", "program", "pid", "msghdr", "msg")
> values("$ISODATE", "$SEQNUM", "$HOST", "$SOURCEIP", "$FACILITY_NUM", "$LEVEL_NUM", "$PRI", "$PROGRAM", "$PID", "$MSGHDR", "$MSG")
> indexes());
> };
>
126a137
> log { source(src); source(kernsrc); source(net); filter(f_database); destination(d_mysql); };

テーブル作成。
$ head -n2 bin/syslog.sql
-- CREATE DATABASE syslog;
-- GRANT SELECT,INSERT ON syslog.* TO syslogappend@localhost IDENTIFIED BY 'syslogappendpasswd';
$ cat bin/syslog2.sql
DROP TABLE IF EXISTS logs;
CREATE TABLE logs (
id       INT UNSIGNED      NOT NULL AUTO_INCREMENT,
crtm     TIMESTAMP         NOT NULL,
seq      INT UNSIGNED      NOT NULL,
host     VARBINARY(63)     NOT NULL,
addr     VARBINARY(15)     NOT NULL,
addrnum  INT UNSIGNED      NOT NULL,
facility TINYINT           NOT NULL,
level    TINYINT           NOT NULL,
pri      INT               NOT NULL,
program  VARBINARY(31)     NOT NULL,
pid      SMALLINT UNSIGNED NOT NULL,
msghdr   VARBINARY(63)     NOT NULL,
msg      BLOB              NOT NULL,
PRIMARY KEY (id)
) ENGINE=MyISAM DEFAULT CHARSET=binary;

DROP TRIGGER IF EXISTS trigger_logs_before_insert;
DROP TRIGGER IF EXISTS trigger_logs_before_update;
DROP TRIGGER IF EXISTS trigger_logs_before_delete;
DELIMITER |
CREATE TRIGGER trigger_logs_before_insert BEFORE INSERT ON logs
  FOR EACH ROW BEGIN
    SET NEW.addrnum = INET_ATON(NEW.addr);
  END;
|
CREATE TRIGGER trigger_logs_before_update BEFORE UPDATE ON logs
  FOR EACH ROW BEGIN
    CALL ERROR_UPDATE_NOT_ALLOWED();
  END;
|
CREATE TRIGGER trigger_logs_before_delete BEFORE DELETE ON logs
  FOR EACH ROW BEGIN
    CALL ERROR_DELETE_NOT_ALLOWED();
  END;
|
DELIMITER ;
$ cat bin/syslog2.sql | mysql -uroot syslog

再起動。
$ sudo /etc/init.d/syslog-ng reload

記録する。
$ logger 111
$ logger 222
$ logger 333

確認する。
$ mysql -uroot syslog
...
mysql> select * from logs order by id desc;
+----+---------------------+-----+-----------+-----------+------------+----------+-------+-----+---------+-----+----------+-----+
| id | crtm                | seq | host      | addr      | addrnum    | facility | level | pri | program | pid | msghdr   | msg |
+----+---------------------+-----+-----------+-----------+------------+----------+-------+-----+---------+-----+----------+-----+
|  3 | 2011-07-09 12:25:33 |   3 | amdgentoo | 127.0.0.1 | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | 333 |
|  2 | 2011-07-09 12:25:30 |   2 | amdgentoo | 127.0.0.1 | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | 222 |
|  1 | 2011-07-09 12:25:28 |   1 | amdgentoo | 127.0.0.1 | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | 111 |
+----+---------------------+-----+-----------+-----------+------------+----------+-------+-----+---------+-----+----------+-----+
3 rows in set (0.00 sec)

seqは同じcrtmで並べかえをする場合に必要かもしれない。(order by crtm, seq)
addrnumは検索で必要かもしれない。(addrnum between inet_aton('127.0.0.0') and inet_aton('127.255.255.255'))
pri, msghdr は必要ないかもしれない。

pri => facility, level
$ php -r '$pri=13;printf("%04b\n%04b\n%04b\n%d\n---\n%010b\n%010b\n%010b\n%010b\n%d\n",$pri,0x07,$x=($pri & 0x07),$x,$pri,0x03f8,($pri & 0x03f8),$x=(($pri & 0x03f8) >> 3),$x);'
1101
0111
0101
5
---
0000001101
1111111000
0000001000
0000000001
1

2011-07-07

syslog-ngのログをmysqlに記録する

syslog-ng.confの修正。
必要な場合、tcp経由で記録する設定を追加する。
mysqlのINSERT文をログフォーマットにする。1秒ごとに個別のファイルに残す。
フィルターでloggerコマンドのデフォルト値などの場合のみに記録するようにする。
src, kernsrc, net のログをフィルターを通した後にINSERT文のフォーマットで記録する。
$ rcsdiff -r1.15 /etc/config-archive/etc/syslog-ng/syslog-ng.conf,v /etc/syslog-ng/syslog-ng.conf
===================================================================
RCS file: /etc/config-archive/etc/syslog-ng/syslog-ng.conf,v
retrieving revision 1.15
diff -r1.15 /etc/syslog-ng/syslog-ng.conf
23c23
< source net { udp(); };
---
> source net { udp(); tcp(port(4800) keep-alive(yes) max_connections(256)); };
60a61,64
> destination database { file("/var/log/dblog/fulllog.$YEAR.$MONTH.$DAY.$HOUR.$MIN.$SEC"
> template("INSERT INTO logs$YEAR$MONTH (crtm, host, addr, facility, level, pri, program, pid, msghdr, msg) VALUES('$ISODATE', '$HOST', INET_ATON('$SOURCEIP'), '$FACILITY_NUM', '$LEVEL_NUM', '$PRI', '$PROGRAM', '$PID', '$MSGHDR', '$MSG');\n")
> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) template-escape(yes)); };
>
91a96,97
> filter f_database { facility(user) and level(notice) };
>
117a124,125
>
> log { source(src); source(kernsrc); source(net); filter(f_database); destination(database); };

mysqlの設定。
データベース作成、専用書き込みユーザー作成、テーブルとトリガー(update,deleteを邪魔する)作成。
$ cat bin/syslog.sql
-- CREATE DATABASE syslog;
-- GRANT SELECT,INSERT ON syslog.* TO syslogappend@localhost IDENTIFIED BY 'syslogappendpasswd';

DROP TABLE IF EXISTS logs201107;
CREATE TABLE logs201107 (
id       INT UNSIGNED      NOT NULL AUTO_INCREMENT,
crtm     TIMESTAMP         NOT NULL,
host     VARBINARY(63)     NOT NULL,
addr     INT UNSIGNED      NOT NULL,
facility TINYINT           NOT NULL,
level    TINYINT           NOT NULL,
pri      INT               NOT NULL,
program  VARBINARY(31)     NOT NULL,
pid      SMALLINT UNSIGNED NOT NULL,
msghdr   VARBINARY(63)     NOT NULL,
msg      BLOB              NOT NULL,
PRIMARY KEY (id)
) ENGINE=MyISAM DEFAULT CHARSET=binary;

DROP TRIGGER IF EXISTS trigger_logs201107_before_update;
DROP TRIGGER IF EXISTS trigger_logs201107_before_delete;
DELIMITER |
CREATE TRIGGER trigger_logs201107_before_update BEFORE UPDATE ON logs201107
  FOR EACH ROW BEGIN
    CALL ERROR_UPDATE_NOT_ALLOWED();
  END;
|
CREATE TRIGGER trigger_logs201107_before_delete BEFORE DELETE ON logs201107
  FOR EACH ROW BEGIN
    CALL ERROR_DELETE_NOT_ALLOWED();
  END;
|
DELIMITER ;

ログをDBに書きこむスクリプト。
$ cat bin/syslog.sh
#!/bin/sh

LANG=C
LC_ALL=C
PATH="/bin:/usr/bin"

SLEEP=1

while true
do
    FILE=$(find /var/log/dblog/ -name "fulllog*" | sort | head -n1)
    if [ -f "$FILE" ]; then
        echo $FILE"を処理します。"
        cat $FILE | mysql -usyslogappend -psyslogappendpasswd syslog
        if [ $? -ne 0 ]; then
            echo "失敗"
            exit 1
        fi
        echo $FILE"を消します。"
        rm -f $FILE;
    else
        echo $SLEEP"秒休みます。"
        sleep $SLEEP
    fi
done

テスト。書き込みスクリプトの起動。
$ sudo sh bin/syslog.sh
1秒休みます。
...
1秒休みます。
/var/log/dblog/fulllog.2011.07.07.01.06.12を処理します。
/var/log/dblog/fulllog.2011.07.07.01.06.12を消します。
1秒休みます。
1秒休みます。
/var/log/dblog/fulllog.2011.07.07.01.06.14を処理します。
/var/log/dblog/fulllog.2011.07.07.01.06.14を消します。
1秒休みます。
/var/log/dblog/fulllog.2011.07.07.01.06.15を処理します。
/var/log/dblog/fulllog.2011.07.07.01.06.15を消します。
1秒休みます。
...

別コンソールでログを書きこむ。
$ logger "hello1"
$ logger "hello2"
$ logger "hello3"

確認する。
mysql> select *,INET_NTOA(addr) from logs201107 order by id desc limit 10;
+----+---------------------+-----------+------------+----------+-------+-----+---------+-----+----------+--------+-----------------+
| id | crtm                | host      | addr       | facility | level | pri | program | pid | msghdr   | msg    | INET_NTOA(addr) |
+----+---------------------+-----------+------------+----------+-------+-----+---------+-----+----------+--------+-----------------+
|  3 | 2011-07-07 01:06:15 | amdgentoo | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | hello3 | 127.0.0.1       |
|  2 | 2011-07-07 01:06:14 | amdgentoo | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | hello2 | 127.0.0.1       |
|  1 | 2011-07-07 01:06:12 | amdgentoo | 2130706433 |        1 |     5 |  13 | logger  |   0 | logger:  | hello1 | 127.0.0.1       |
+----+---------------------+-----------+------------+----------+-------+-----+---------+-----+----------+--------+-----------------+
3 rows in set (0.00 sec)

全部記録する場合 syslog-ng.conf の filter(f_database); の部分を消します。
記録が追いつかない場合、ログをファイルに書きこむやり方以外の方法もあります。
名前付きパイプ、プログラムに渡す、など。
もしくは別の言語などで複数の書き込み用のプロセスを起動します。
何かおかしい場合などは公式のマニュアルかソースを見ると古い情報を観る場合が減ります。



以下は詳細。

リモートの場合、日付はどうなる?
$ sudo /etc/init.d/syslog-ng reload
syslog-ng       |Your configuration file uses an obsoleted keyword, please update your configuration; keyword='use_time_recvd', change='Use R_ or S_ prefixed macros in templates or keep_timestamp(no)'
syslog-ng       |Error parsing main, syntax error, unexpected KW_USE_TIME_RECVD, expecting '}' in /etc/syslog-ng/syslog-ng.conf at line 13, column 9:
syslog-ng       |
syslog-ng       |        use_time_recvd (yes);
syslog-ng       |        ^^^^^^^^^^^^^^
syslog-ng       |
syslog-ng       |syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
syslog-ng       |mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
syslog-ng       | * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)                     [ !! ]

keep_timestamp(no) で $ISODATE などを全体的に変更する。古い場合 use_time_recvd(yes);
または $R_ISODATE, $S_ISODATE など手動で指定する。

古い場合 $MSG => $MSGONLY など。

$HOST or $SOURCEIP だけにするなど。$SOURCEIPは文字が良いなど。
($FACILITY_NUM, $LEVEL_NUM) or $PRI だけにするなど。もしくは$TAGにするなど。
($PROGRAM, $PID) or $MSGHDR だけにするなど。

フィルター変更
filter f_database { ... };
or
フィルター無しなど。
log { source(src); source(kernsrc); source(net); destination(database); };

タブ区切りなどにして、insertする側で色々加工するなど。$MSGからindex対象の取り出し、文字コード統一など。

ログの取得方法変更 => 1秒ごとにファイル => 名前付きパイプ、デーモンの指定など。

ドキュメント。
/usr/share/doc/syslog-ng-3.2.4/syslog-ng.conf.doc.bz2
syslog-ng-3.2.4/contrib/syslog-ng.conf.doc
など。

他の変数。
./lib/templates.c
./lib/logmsg.c
など。

テスト用設定の例。
template("FACILITY          = '$FACILITY'\nFACILITY_NUM      = '$FACILITY_NUM'\nPRIORITY          = '$PRIORITY'\nLEVEL             = '$LEVEL'\nLEVEL_NUM         = '$LEVEL_NUM'\nTAG               = '$TAG'\nTAGS              = '$TAGS'\nBSDTAG            = '$BSDTAG'\nPRI               = '$PRI'\nDATE              = '$DATE'\nFULLDATE          = '$FULLDATE'\nISODATE           = '$ISODATE'\nSTAMP             = '$STAMP'\nYEAR              = '$YEAR'\nYEAR_DAY          = '$YEAR_DAY'\nMONTH             = '$MONTH'\nMONTH_WEEK        = '$MONTH_WEEK'\nMONTH_ABBREV      = '$MONTH_ABBREV'\nMONTH_NAME        = '$MONTH_NAME'\nDAY               = '$DAY'\nHOUR              = '$HOUR'\nMIN               = '$MIN'\nSEC               = '$SEC'\nWEEKDAY           = '$WEEKDAY'\nWEEK_DAY          = '$WEEK_DAY'\nWEEK_DAY_ABBREV   = '$WEEK_DAY_ABBREV'\nWEEK_DAY_NAME     = '$WEEK_DAY_NAME'\nWEEK              = '$WEEK'\nTZOFFSET          = '$TZOFFSET'\nTZ                = '$TZ'\nUNIXTIME          = '$UNIXTIME'\nR_DATE            = '$R_DATE'\nR_FULLDATE        = '$R_FULLDATE'\nR_ISODATE         = '$R_ISODATE'\nR_STAMP           = '$R_STAMP'\nR_YEAR            = '$R_YEAR'\nR_YEAR_DAY        = '$R_YEAR_DAY'\nR_MONTH           = '$R_MONTH'\nR_MONTH_WEEK      = '$R_MONTH_WEEK'\nR_MONTH_ABBREV    = '$R_MONTH_ABBREV'\nR_MONTH_NAME      = '$R_MONTH_NAME'\nR_DAY             = '$R_DAY'\nR_HOUR            = '$R_HOUR'\nR_MIN             = '$R_MIN'\nR_SEC             = '$R_SEC'\nR_WEEKDAY         = '$R_WEEKDAY'\nR_WEEK_DAY        = '$R_WEEK_DAY'\nR_WEEK_DAY_ABBREV = '$R_WEEK_DAY_ABBREV'\nR_WEEK_DAY_NAME   = '$R_WEEK_DAY_NAME'\nR_WEEK            = '$R_WEEK'\nR_TZOFFSET        = '$R_TZOFFSET'\nR_TZ              = '$R_TZ'\nR_UNIXTIME        = '$R_UNIXTIME'\nS_DATE            = '$S_DATE'\nS_FULLDATE        = '$S_FULLDATE'\nS_ISODATE         = '$S_ISODATE'\nS_STAMP           = '$S_STAMP'\nS_YEAR            = '$S_YEAR'\nS_YEAR_DAY        = '$S_YEAR_DAY'\nS_MONTH           = '$S_MONTH'\nS_MONTH_WEEK      = '$S_MONTH_WEEK'\nS_MONTH_ABBREV    = '$S_MONTH_ABBREV'\nS_MONTH_NAME      = '$S_MONTH_NAME'\nS_DAY             = '$S_DAY'\nS_HOUR            = '$S_HOUR'\nS_MIN             = '$S_MIN'\nS_SEC             = '$S_SEC'\nS_WEEKDAY         = '$S_WEEKDAY'\nS_WEEK_DAY        = '$S_WEEK_DAY'\nS_WEEK_DAY_ABBREV = '$S_WEEK_DAY_ABBREV'\nS_WEEK_DAY_NAME   = '$S_WEEK_DAY_NAME'\nS_WEEK            = '$S_WEEK'\nS_TZOFFSET        = '$S_TZOFFSET'\nS_TZ              = '$S_TZ'\nS_UNIXTIME        = '$S_UNIXTIME'\nSDATA             = '$SDATA'\nMSGHDR            = '$MSGHDR'\nSOURCEIP          = '$SOURCEIP'\nSEQNUM            = '$SEQNUM'\nMSG               = '$MSG'\nMESSAGE           = '$MESSAGE'\nHOST              = '$HOST'\n\nHOST          = '$HOST'\nHOST_FROM     = '$HOST_FROM'\nMESSAGE       = '$MESSAGE'\nPROGRAM       = '$PROGRAM'\nPID           = '$PID'\nMSGID         = '$MSGID'\nSOURCE        = '$SOURCE'\nLEGACY_MSGHDR = '$LEGACY_MSGHDR'\n---separate---\n")

結果。
$ logger "debug"
$ sudo cat /var/log/dblog/fulllog.2011.07.07.01.30.48
FACILITY          = 'user'
FACILITY_NUM      = '1'
PRIORITY          = 'notice'
LEVEL             = 'notice'
LEVEL_NUM         = '5'
TAG               = '0d'
TAGS              = '.source.src'
BSDTAG            = '5B'
PRI               = '13'
DATE              = 'Jul  7 01:30:48'
FULLDATE          = '2011 Jul  7 01:30:48'
ISODATE           = '2011-07-07T01:30:48+09:00'
STAMP             = 'Jul  7 01:30:48'
YEAR              = '2011'
YEAR_DAY          = '188'
MONTH             = '07'
MONTH_WEEK        = '1'
MONTH_ABBREV      = 'Jul'
MONTH_NAME        = 'July'
DAY               = '07'
HOUR              = '01'
MIN               = '30'
SEC               = '48'
WEEKDAY           = 'Thu'
WEEK_DAY          = '5'
WEEK_DAY_ABBREV   = 'Thu'
WEEK_DAY_NAME     = 'Thursday'
WEEK              = '27'
TZOFFSET          = '+09:00'
TZ                = '+09:00'
UNIXTIME          = '1309969848'
R_DATE            = 'Jul  7 01:30:48'
R_FULLDATE        = '2011 Jul  7 01:30:48'
R_ISODATE         = '2011-07-07T01:30:48+09:00'
R_STAMP           = 'Jul  7 01:30:48'
R_YEAR            = '2011'
R_YEAR_DAY        = '188'
R_MONTH           = '07'
R_MONTH_WEEK      = '1'
R_MONTH_ABBREV    = 'Jul'
R_MONTH_NAME      = 'July'
R_DAY             = '07'
R_HOUR            = '01'
R_MIN             = '30'
R_SEC             = '48'
R_WEEKDAY         = 'Thu'
R_WEEK_DAY        = '5'
R_WEEK_DAY_ABBREV = 'Thu'
R_WEEK_DAY_NAME   = 'Thursday'
R_WEEK            = '27'
R_TZOFFSET        = '+09:00'
R_TZ              = '+09:00'
R_UNIXTIME        = '1309969848'
S_DATE            = 'Jul  7 01:30:48'
S_FULLDATE        = '2011 Jul  7 01:30:48'
S_ISODATE         = '2011-07-07T01:30:48+09:00'
S_STAMP           = 'Jul  7 01:30:48'
S_YEAR            = '2011'
S_YEAR_DAY        = '188'
S_MONTH           = '07'
S_MONTH_WEEK      = '1'
S_MONTH_ABBREV    = 'Jul'
S_MONTH_NAME      = 'July'
S_DAY             = '07'
S_HOUR            = '01'
S_MIN             = '30'
S_SEC             = '48'
S_WEEKDAY         = 'Thu'
S_WEEK_DAY        = '5'
S_WEEK_DAY_ABBREV = 'Thu'
S_WEEK_DAY_NAME   = 'Thursday'
S_WEEK            = '27'
S_TZOFFSET        = '+09:00'
S_TZ              = '+09:00'
S_UNIXTIME        = '1309969848'
SDATA             = ''
MSGHDR            = 'logger: '
SOURCEIP          = '127.0.0.1'
SEQNUM            = ''
MSG               = 'debug'
MESSAGE           = 'debug'
HOST              = 'amdgentoo'

HOST          = 'amdgentoo'
HOST_FROM     = 'amdgentoo'
MESSAGE       = 'debug'
PROGRAM       = 'logger'
PID           = ''
MSGID         = ''
SOURCE        = 'src'
LEGACY_MSGHDR = 'logger: '
---separate---

テーブル名をどうするか?
全部logs, logsYYYYMM, 名前はlogsでmysqlパーティショニングなど。
全部logsの場合でdeleteする場合myisamは重い。
logsYYYYMMなどは検索が面倒かもしれない。手動で検索する場合。
パーティショニングは手動インストールが必要かもしれない。
mysql> SHOW VARIABLES LIKE '%partition%';
+-------------------+-------+
| Variable_name     | Value |
+-------------------+-------+
| have_partitioning | NO    |
+-------------------+-------+
1 row in set (0.00 sec)

24ヶ月先までテーブル作成。(seq 0 24 で今月分も含む。存在する場合、初期化される)
$ for num in $(seq 1 24); do cat bin/syslog.sql | sed "s/logs201107/logs$(date --date "${num} months" "+%Y%m")/g" | mysql -uroot syslog; done
mysql> show tables;
+------------------+
| Tables_in_syslog |
+------------------+
| logs201107       |
| logs201108       |
| logs201109       |
| logs201110       |
| logs201111       |
| logs201112       |
| logs201201       |
| logs201202       |
| logs201203       |
| logs201204       |
| logs201205       |
| logs201206       |
| logs201207       |
| logs201208       |
| logs201209       |
| logs201210       |
| logs201211       |
| logs201212       |
| logs201301       |
| logs201302       |
| logs201303       |
| logs201304       |
| logs201305       |
| logs201306       |
| logs201307       |
+------------------+
25 rows in set (0.00 sec)

追記: OS起動時に起動する例。
$ ll /usr/local/bin/sqlsyslogd
-rwxr-xr-x 1 root root 507 2011-07-07 05:35:50 /usr/local/bin/sqlsyslogd*

ファイルは上記の例とおなしshスクリプト。
$ head -n1 /usr/local/bin/sqlsyslogd
#!/bin/sh

起動してバックグラウンドに移動させる。
$ cat /etc/local.d/sqlsyslogd.start
/usr/local/bin/sqlsyslogd > /dev/null 2>&1 &

確認する。
$ pstree -pal 9743
sqlsyslogd,9743 /usr/local/bin/sqlsyslogd
  └─sleep,10672 1

ディストリビューションごとに書く場所が違う。
$ cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

ダイレクトにデータベースに入れる機能があるように見えます。
これが良さそうなので、このページの例は使わないほうがいいかもしれません。
$ find ./syslog-ng-3.2.4/ -iname "*sql*"
./syslog-ng-3.2.4/tests/functional/test_sql.py
./syslog-ng-3.2.4/modules/afsql
./syslog-ng-3.2.4/modules/afsql/afsql.c
./syslog-ng-3.2.4/modules/afsql/afsql-grammar.h
./syslog-ng-3.2.4/modules/afsql/afsql-grammar.ym
./syslog-ng-3.2.4/modules/afsql/afsql.h
./syslog-ng-3.2.4/modules/afsql/afsql-grammar.c
./syslog-ng-3.2.4/modules/afsql/afsql-parser.c
./syslog-ng-3.2.4/modules/afsql/afsql-grammar.y
./syslog-ng-3.2.4/modules/afsql/afsql-parser.h
./syslog-ng-3.2.4/modules/afsql/afsql-plugin.c

$ grep -nriP "mysql|postgresql" ./syslog-ng-3.2.4/modules/afsql
./syslog-ng-3.2.4/modules/afsql/afsql.c:1146:  self->type = g_strdup("mysql");

2011-07-01

arpwatchのインストール

これはIPアドレスとMACアドレスをチェックします。

インストールする。
$ sudo emerge --oneshot -avt arpwatch

ユーザーが追加される。
$ grep arpwatch /etc/passwd
arpwatch:x:116:116:added by portage for arpwatch:/dev/null:/sbin/nologin

必要な場合、設定を修正する。
$ rcsdiff /etc/config-archive/etc/conf.d/arpwatch,v /etc/conf.d/arpwatch
===================================================================
RCS file: /etc/config-archive/etc/conf.d/arpwatch,v
retrieving revision 1.1
diff -r1.1 /etc/conf.d/arpwatch
5c5
< IFACES="eth0"
---
> IFACES="br0"

起動する。
$ sudo rc-update add arpwatch default
$ sudo /etc/init.d/arpwatch start

プロセスを確認する。
$ pstree -pal arpwatch
arpwatch,29661 -i br0 -u arpwatch -f /var/lib/arpwatch/br0.dat -P /var/run/arpwatch.br0.pid -N -p
$ ps auxwww|grep [a]rpwatch
arpwatch 29661  0.0  0.0  19464  3752 ?        S    09:05   0:00 /usr/sbin/arpwatch -i br0 -u arpwatch -f /var/lib/arpwatch/br0.dat -P /var/run/arpwatch.br0.pid -N -p

ログを閲覧する。
$ sudo grep -iP "\sarpwatch:\s" /var/log/messages|perl -pe 's/\d+(?:\.\d+){3}/xxx.xxx.xxx.xxx/'|perl -pe 's/[0-9A-Fa-f]{1,2}(?:\:[0-9A-Fa-f]{1,2}){5}/xx:xx:xx:xx:xx:xx/'
Jul  1 08:39:47 amdgentoo arpwatch: Wrote pid 23655 to /var/run/arpwatch.br0.pid
Jul  1 08:39:47 amdgentoo arpwatch: Running as uid=116 gid=116
Jul  1 08:39:47 amdgentoo arpwatch: listening on br0
Jul  1 08:39:49 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:39:49 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:39:56 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:39:57 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:40:00 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:40:02 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:40:21 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:40:27 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:40:32 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:45:18 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:49:11 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul  1 08:51:52 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0

メールが来る。(たぶん -m xxx を指定しない場合 -u xxx ではなくローカルのroot)
件名: new station (kuroboxhg.localnet) br0
            hostname: kuroboxhg.localnet
          ip address: xxx.xxx.xxx.xxx
           interface: br0
    ethernet address: xx:xx:xx:xx:xx:xx
     ethernet vendor: Buffalo Inc.
           timestamp: Friday, July 1, 2011 8:51:52 +0900

件名: new station (router.localnet) br0
            hostname: router.localnet
          ip address: xxx.xxx.xxx.xxx
           interface: br0
    ethernet address: xx:xx:xx:xx:xx:xx
     ethernet vendor: NEC AccessTechnica, Ltd.
           timestamp: Friday, July 1, 2011 8:40:32 +0900

再起動してもメールは来ない。キャッシュあり。
$ ll /var/lib/arpwatch/
合計 8
-rw-r--r-- 1 root     root       0 2011-06-29 07:30:22 .keep_net-analyzer_arpwatch-0
-rw-r--r-- 1 arpwatch arpwatch 653 2011-07-01 09:05:03 br0.dat
-rw-r--r-- 1 arpwatch arpwatch 653 2011-07-01 08:54:47 br0.dat-
-rw-r--r-- 1 arpwatch root       0 2011-07-01 08:38:15 eth0.dat

使いそうであれば/var/lib/portage/worldに登録する。(--oneshotの場合)
$ sudo emerge --noreplace arpwatch