作業系統版本 : centos 6.5 x64
# rpm -i bash-4.1.2-15.el6_4.src.rpm
#安裝報警告可以忽略。
warning: bash-4.1.2-15.el6_4.src.rpm: header v3 rsa/sha1 signature, key id c105b9de: nokey
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
...
warning: user mockbuild does not exist - using root
[root@localhost soft]#
安裝完成後,會在目前使用者主目錄下建立如下目錄結構。
[root@localhost ~]# pwd
/root
# ls
anaconda-ks.cfg bash-4.1.2-15.el6_4.src.rpm install.log install.log.syslog rpmbuild 公共的 模闆 視訊 圖檔 文檔 下載下傳 音樂 桌面
[root@localhost ~]# tree rpmbuild/
rpmbuild/
├── sources
│ ├── bash-2.02-security.patch
│ ├── bash-2.03-paths.patch
│ ├── bash-2.03-profile.patch
│ ├── bash-2.05a-interpreter.patch
│ ├── bash-2.05b-debuginfo.patch
│ ├── bash-2.05b-manso.patch
│ ├── bash-2.05b-pgrp_sync.patch
│ ├── bash-2.05b-readline-oom.patch
│ ├── bash-2.05b-xcc.patch
│ ├── bash-3.2-audit.patch
│ ├── bash-3.2-ssh_source_bash.patch
│ ├── bash-4.0-nobits.patch
│ ├── bash41-001
│ ├── bash41-002
│ ├── bash-4.1-bind_int_variable.patch
│ ├── bash-4.1-broken_pipe.patch
│ ├── bash-4.1-defer-sigchld-trap.patch
│ ├── bash-4.1-examples.patch
│ ├── bash-4.1-logout.patch
│ ├── bash-4.1-manpage.patch
│ ├── bash-4.1-manpage_trap.patch
│ ├── bash-4.1-signal.patch
│ ├── bash-4.1.tar.gz
│ ├── bash-4.1-trap.patch
│ ├── bash-bashbug.patch
│ ├── bash-infotags.patch
│ ├── bash-requires.patch
│ ├── bash-setlocale.patch
│ ├── bash-tty-tests.patch
│ ├── dot-bash_logout
│ ├── dot-bash_profile
│ └── dot-bashrc
└── specs
└── bash.spec
2 directories, 33 files
[root@localhost ~]# cd /root/rpmbuild/sources/
[root@localhost sources]# tar zxvf bash-4.1.tar.gz
[root@localhost sources]# cp -a bash-4.1 bash-4.1-orig
[root@localhost sources]#
[root@localhost sources]# cd bash-4.1
[root@localhost bash-4.1]#
# vim config-top.h
#取消104行的注釋,并将下面代碼修改為如下内容,預設情況下日志記錄在/var/log/message檔案中,這調整為local1.debug指定的檔案中。
/* #define syslog_history */
#if defined (syslog_history)
# define syslog_facility log_local1
# define syslog_level log_debug
#endif
# vim bashhist.c
#找到701行開始的程式段
701 void
702 bash_syslog_history (line)
703 const char *line;
704 {
705 char trunc[syslog_maxlen];
706
707 if (strlen(line) < syslog_maxlen)
708 syslog (syslog_facility|syslog_level, "history: pid=%d uid=%d %s", getpid(), current_user.uid, line);
709 else
710 {
711 strncpy (trunc, line, syslog_maxlen);
712 trunc[syslog_maxlen - 1] = '\0';
713 syslog (syslog_facility|syslog_level, "history (truncated): pid=%d uid=%d %s", getpid(), current_user.uid, trunc);
714 }
715 }
716 #endif
修改為如下内容:
void
bash_syslog_history (line)
const char *line;
{
char trunc[syslog_maxlen];
if (strlen(line) < syslog_maxlen)
syslog (syslog_facility|syslog_level, "history: ppid=%d pid=%d sid=%d uid=%d user=%s %s", getppid(), getpid(), getsid(getpid()), current_user.uid, current_user.user_name, line);
else
strncpy (trunc, line, syslog_maxlen);
trunc[syslog_maxlen - 1] = '\0';
syslog (syslog_facility|syslog_level, "history (truncated): ppid=%d pid=%d sid=%d uid=%d user=%s %s", getppid(), getpid(), getsid(getpid()), current_user.uid, current_user.user_name, trunc);
}
}
[root@localhost sources]# diff -npru bash-4.1-orig bash-4.1 > bash_history_syslog.patch
# cd ~/rpmbuild/specs/
# vim bash.spec
#加入兩行内容,按如下格式如下,儲存退出。
patch119: bash_history_syslog.patch
…
%patch119 -p1 -b .history_syslog
…
[root@localhost specs]# rpmbuild -ba bash.spec
error: failed build dependencies:
texinfo is needed by bash-4.1.2-15.el6.x86_64
再開一個視窗安裝texinfo軟體包。
[root@localhost specs]# rpmbuild -ba bash.spec
[root@localhost specs]# cd ~/rpmbuild/rpms/x86_64/
[root@localhost ~]# cd ~/rpmbuild/rpms/x86_64/
[root@localhost x86_64]# ls
bash-4.1.2-15.el6.x86_64.rpm bash-debuginfo-4.1.2-15.el6.x86_64.rpm bash-doc-4.1.2-15.el6.x86_64.rpm
[root@localhost x86_64]#
[root@localhost x86_64]# rpm -uvh --force bash-4.1.2-15.el6.x86_64.rpm
preparing... ########################################### [100%]
1:bash ########################################### [100%]
[root@localhost x86_64]#
[root@localhost x86_64]# vi /etc/rsyslog.conf
#加入如下内容:
local1.debug /var/log/bash
[root@localhost x86_64]# service rsyslog restart
關閉系統日志記錄器: [确定]
啟動系統日志記錄器: [确定]
[root@localhost ~]# tail -f /var/log/bash
apr 13 00:47:11 localhost bash: history: ppid=2471 pid=2473 sid=2473 uid=0 user=root ifconfig
apr 13 00:47:12 localhost bash: history: ppid=2471 pid=2473 sid=2473 uid=0 user=root ls
apr 13 00:47:13 localhost bash: history: ppid=2471 pid=2473 sid=2473 uid=0 user=root df -h
apr 13 00:47:15 localhost bash: history: ppid=2471 pid=2473 sid=2473 uid=0 user=root history
apr 13 00:47:24 localhost bash: history: ppid=2471 pid=2473 sid=2473 uid=0 user=root cat /var/log/bash
apr 13 01:19:47 localhost bash: history: ppid=26139 pid=26141 sid=26141 uid=0 user=root cat /var/log/bash
apr 13 01:19:57 localhost bash: history: ppid=26139 pid=26141 sid=26141 uid=0 user=root ifconfig
apr 13 01:21:07 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root ifconfig
apr 13 01:21:17 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root w
apr 13 01:21:20 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root df -h
apr 13 01:21:33 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root useradd abc
apr 13 01:21:38 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root passwd abc
apr 13 01:21:42 localhost -bash: history: ppid=26157 pid=26159 sid=26159 uid=0 user=root su - abc
apr 13 01:21:44 localhost -bash: history: ppid=26192 pid=26193 sid=26159 uid=500 user=abc exit
1. 日志伺服器配置
# vi /etc/rsyslog.conf
将其中下面四行的注釋取消
$modload imudp
$udpserverrun 514
$modload imtcp
$inputtcpserverrun 514
在#### global directives ####中加入如下内容:
$template iptemplate,"/var/log/%fromhost-ip%.log"
*.* ?iptemplate
& ~
說明:實作在接收遠端的日志為用戶端ip位址命名。
然後重新啟動rsyslogd服務
# service rsyslog restart
2. 日志用戶端配置
local1.debug @@192.168.0.66
# 然後重新啟動rsyslogd服務
3. 檢視結果,已經可以接收結果了。
[root@testdb log]# cd /var/log
[root@testdb log]# ll
908
-rw------- 1 root root 1718 412 09:51 127.0.0.1.log
-rw------- 1 root root 272 412 09:43 192.168.0.65.log
-rw------- 1 root root 3754 412 09:51 66_history_bash
-rw-------. 1 root root 2368 109 16:55 anaconda.ifcfg.log
-rw-------. 1 root root 29331 109 16:55 anaconda.log
[root@testdb log]# tail -f 192.168.0.65.log
apr 13 17:41:13 localhost -bash: history: ppid=2166 pid=2168 sid=2168 uid=0 user=root 192.168
apr 13 17:42:40 localhost -bash: history: ppid=2166 pid=2168 sid=2168 uid=0 user=root sss
apr 13 17:43:38 localhost -bash: history: ppid=2166 pid=2168 sid=2168 uid=0 user=root s
apr 13 17:52:27 localhost -bash: history: ppid=2166 pid=2168 sid=2168 uid=0 user=root ifconfig
apr 13 17:52:27 localhost -bash: history: ppid=2166 pid=2168 sid=2168 uid=0 user=root w
![Eclipse搭建Web Service服務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)