contrib/syslog-ng/syslog-ng.conf
2015-03-21 15:26:15 +01:00

87 lines
3.5 KiB
Plaintext

@version: 3.5
#
# /etc/syslog-ng: syslog-ng(8) configration file, based on a gentoo template
# use logger to test new rules:
# logger -p daemon.crit testmessage
# use loggen to produce log messages remotely
# on busy systems you may have to adjus flush_lines and suppress() to avoid
# heavy disc i/o
# to change default permissions/owner/group for newly created files add
# options like this: owner(root); group(sys); perm(0644);
options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); };
#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
#define templates
template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); };
#define destinations
destination authlog { file("/var/log/auth.log" suppress(5)); };
destination sudo { file("/var/log/sudo.log" suppress(5)); };
destination cron { file("/var/log/cron.log" suppress(5)); };
destination kern { file("/var/log/kern.log" suppress(5)); };
destination mail { file("/var/log/mail.log" suppress(5)); };
destination mailinfo { file("/var/log/mail.info" suppress(5)); };
destination mailwarn { file("/var/log/mail.warn" suppress(5)); };
destination mailerr { file("/var/log/mail.err" suppress(5)); };
#destination newscrit { file("/var/log/news/news.crit" suppress(5)); };
#destination newserr { file("/var/log/news/news.err" suppress(5)); };
#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); };
destination debug { file("/var/log/debug" template(t_debug) suppress(5)); };
destination messages { file("/var/log/messages" suppress(5)); };
destination errors { file("/var/log/error.log" suppress(5)); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12" suppress(5)); };
destination xconsole { pipe("/dev/xconsole" suppress(5)); };
#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); };
filter f_debug { not facility(mail) and not program(sudo); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail) and not program(sudo); };
filter f_sudo { program(sudo); };
filter f_errors { level(err..emerg); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
# examples for text-matching (beware of performance issues)
#filter f_failed { match("failed"); };
#filter f_denied { match("denied"); };
#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_sudo); destination(sudo); };
log { source(src); filter(f_cron); destination(cron); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
#log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_errors); destination(errors); };
log { source(src); filter(f_emergency); destination(console); };
#default log
#log { source(src); destination(console_all); };