87 lines
3.5 KiB
Plaintext
87 lines
3.5 KiB
Plaintext
@version: 3.17
|
|
#
|
|
# /etc/syslog-ng: syslog-ng(8) configration file, based on a gentoo template
|
|
# use logger to test new rules:
|
|
# logger -p daemon.crit testmessage
|
|
# use loggen to produce log messages remotely
|
|
|
|
|
|
# on busy systems you may have to adjus flush_lines and suppress() to avoid
|
|
# heavy disc i/o
|
|
# to change default permissions/owner/group for newly created files add
|
|
# options like this: owner(root); group(sys); perm(0644);
|
|
|
|
options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); };
|
|
|
|
#source where to read log
|
|
source src { unix-stream("/dev/log"); internal(); };
|
|
source kernsrc { file("/proc/kmsg"); };
|
|
|
|
#define templates
|
|
template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); };
|
|
|
|
#define destinations
|
|
destination authlog { file("/var/log/auth.log" suppress(5)); };
|
|
destination sudo { file("/var/log/sudo.log" suppress(5)); };
|
|
destination cron { file("/var/log/cron.log" suppress(5)); };
|
|
destination kern { file("/var/log/kern.log" suppress(5)); };
|
|
destination mail { file("/var/log/mail.log" suppress(5)); };
|
|
|
|
destination mailinfo { file("/var/log/mail.info" suppress(5)); };
|
|
destination mailwarn { file("/var/log/mail.warn" suppress(5)); };
|
|
destination mailerr { file("/var/log/mail.err" suppress(5)); };
|
|
|
|
#destination newscrit { file("/var/log/news/news.crit" suppress(5)); };
|
|
#destination newserr { file("/var/log/news/news.err" suppress(5)); };
|
|
#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); };
|
|
|
|
destination debug { file("/var/log/debug" template(t_debug) suppress(5)); };
|
|
destination messages { file("/var/log/messages" suppress(5)); };
|
|
destination errors { file("/var/log/error.log" suppress(5)); };
|
|
destination console { usertty("root"); };
|
|
destination console_all { file("/dev/tty12" suppress(5)); };
|
|
destination xconsole { pipe("/dev/xconsole" suppress(5)); };
|
|
|
|
#create filters
|
|
filter f_authpriv { facility(auth, authpriv); };
|
|
filter f_cron { facility(cron); };
|
|
filter f_kern { facility(kern); };
|
|
filter f_mail { facility(mail); };
|
|
#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); };
|
|
filter f_debug { not facility(mail) and not program(sudo); };
|
|
filter f_messages { level(info..warn)
|
|
and not facility(auth, authpriv, mail) and not program(sudo); };
|
|
filter f_sudo { program(sudo); };
|
|
filter f_errors { level(err..emerg); };
|
|
|
|
filter f_emergency { level(emerg); };
|
|
|
|
filter f_info { level(info); };
|
|
filter f_notice { level(notice); };
|
|
filter f_warn { level(warn); };
|
|
filter f_crit { level(crit); };
|
|
filter f_err { level(err); };
|
|
|
|
# examples for text-matching (beware of performance issues)
|
|
#filter f_failed { match("failed"); };
|
|
#filter f_denied { match("denied"); };
|
|
|
|
#connect filter and destination
|
|
log { source(src); filter(f_authpriv); destination(authlog); };
|
|
log { source(src); filter(f_sudo); destination(sudo); };
|
|
log { source(src); filter(f_cron); destination(cron); };
|
|
log { source(kernsrc); filter(f_kern); destination(kern); };
|
|
log { source(src); filter(f_mail); destination(mail); };
|
|
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
|
|
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
|
|
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
|
|
|
|
#log { source(src); filter(f_debug); destination(debug); };
|
|
log { source(src); filter(f_messages); destination(messages); };
|
|
log { source(src); filter(f_errors); destination(errors); };
|
|
log { source(src); filter(f_emergency); destination(console); };
|
|
|
|
#default log
|
|
#log { source(src); destination(console_all); };
|
|
|