| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 1 | @version: 3.15 | 
|  | 2 | # | 
|  | 3 | # Syslog-ng configuration file, compatible with default Debian syslogd | 
|  | 4 | # installation. Originally written by anonymous (I can't find his name) | 
|  | 5 | # Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>) | 
|  | 6 |  | 
|  | 7 | # First, set some global options. | 
|  | 8 | options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); | 
|  | 9 | owner("root"); group("adm"); perm(0640); stats_freq(0); | 
|  | 10 | bad_hostname("^gconfd$"); | 
|  | 11 | }; | 
|  | 12 |  | 
|  | 13 | ######################## | 
|  | 14 | # Sources | 
|  | 15 | ######################## | 
|  | 16 | # This is the default behavior of sysklogd package | 
|  | 17 | # Logs may come from unix stream, but not from another machine. | 
|  | 18 | # | 
|  | 19 | source s_src { systemd_journal(); internal(); | 
|  | 20 | file("/proc/kmsg" program_override("kernel")); | 
|  | 21 | }; | 
|  | 22 |  | 
|  | 23 | # If you wish to get logs from remote machine you should uncomment | 
|  | 24 | # this and comment the above source line. | 
|  | 25 | # | 
|  | 26 | #source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); }; | 
|  | 27 |  | 
|  | 28 | ######################## | 
|  | 29 | # Destinations | 
|  | 30 | ######################## | 
|  | 31 | # First some standard logfile | 
|  | 32 | # | 
|  | 33 | destination d_auth { file("/var/log/auth.log"); }; | 
|  | 34 | destination d_cron { file("/var/log/cron.log"); }; | 
|  | 35 | destination d_daemon { file("/var/log/daemon.log"); }; | 
|  | 36 | destination d_kern { file("/var/log/kern.log"); }; | 
|  | 37 | destination d_lpr { file("/var/log/lpr.log"); }; | 
|  | 38 | destination d_mail { file("/var/log/mail.log"); }; | 
|  | 39 | destination d_syslog { file("/var/log/syslog"); }; | 
|  | 40 | destination d_user { file("/var/log/user.log"); }; | 
|  | 41 | destination d_uucp { file("/var/log/uucp.log"); }; | 
|  | 42 |  | 
|  | 43 | # This files are the log come from the mail subsystem. | 
|  | 44 | # | 
|  | 45 | destination d_mailinfo { file("/var/log/mail/mail.info"); }; | 
|  | 46 | destination d_mailwarn { file("/var/log/mail/mail.warn"); }; | 
|  | 47 | destination d_mailerr { file("/var/log/mail/mail.err"); }; | 
|  | 48 |  | 
|  | 49 | # Logging for INN news system | 
|  | 50 | # | 
|  | 51 | destination d_newscrit { file("/var/log/news/news.crit"); }; | 
|  | 52 | destination d_newserr { file("/var/log/news/news.err"); }; | 
|  | 53 | destination d_newsnotice { file("/var/log/news/news.notice"); }; | 
|  | 54 |  | 
|  | 55 | # Some 'catch-all' logfiles. | 
|  | 56 | # | 
|  | 57 | destination d_debug { file("/var/log/debug"); }; | 
|  | 58 | destination d_error { file("/var/log/error"); }; | 
|  | 59 | destination d_messages { file("/var/log/messages"); }; | 
|  | 60 |  | 
|  | 61 | # The root's console. | 
|  | 62 | # | 
|  | 63 | destination d_console { usertty("root"); }; | 
|  | 64 |  | 
|  | 65 | # Virtual console. | 
|  | 66 | # | 
|  | 67 | destination d_console_all { file("/dev/tty10"); }; | 
|  | 68 |  | 
|  | 69 | # The named pipe /dev/xconsole is for the nsole' utility.  To use it, | 
|  | 70 | # you must invoke nsole' with the -file' option: | 
|  | 71 | # | 
|  | 72 | #    $ xconsole -file /dev/xconsole [...] | 
|  | 73 | # | 
|  | 74 | destination d_xconsole { pipe("/dev/xconsole"); }; | 
|  | 75 |  | 
|  | 76 | # Send the messages to an other host | 
|  | 77 | # | 
|  | 78 | #destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); }; | 
|  | 79 |  | 
|  | 80 | # Debian only | 
|  | 81 | destination d_ppp { file("/var/log/ppp.log"); }; | 
|  | 82 |  | 
|  | 83 | ######################## | 
|  | 84 | # Filters | 
|  | 85 | ######################## | 
|  | 86 | # Here's come the filter options. With this rules, we can set which | 
|  | 87 | # message go where. | 
|  | 88 |  | 
|  | 89 | filter f_dbg { level(debug); }; | 
|  | 90 | filter f_info { level(info); }; | 
|  | 91 | filter f_notice { level(notice); }; | 
|  | 92 | filter f_warn { level(warn); }; | 
|  | 93 | filter f_err { level(err); }; | 
|  | 94 | filter f_crit { level(crit .. emerg); }; | 
|  | 95 |  | 
|  | 96 | filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; | 
|  | 97 | filter f_error { level(err .. emerg) ; }; | 
|  | 98 | filter f_messages { level(info,notice,warn) and | 
|  | 99 | not facility(auth,authpriv,cron,daemon,mail,news); }; | 
|  | 100 |  | 
|  | 101 | filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; | 
|  | 102 | filter f_cron { facility(cron) and not filter(f_debug); }; | 
|  | 103 | filter f_daemon { facility(daemon) and not filter(f_debug); }; | 
|  | 104 | filter f_kern { facility(kern) and not filter(f_debug); }; | 
|  | 105 | filter f_lpr { facility(lpr) and not filter(f_debug); }; | 
|  | 106 | filter f_local { facility(local0, local1, local3, local4, local5, | 
|  | 107 | local6, local7) and not filter(f_debug); }; | 
|  | 108 | filter f_mail { facility(mail) and not filter(f_debug); }; | 
|  | 109 | filter f_news { facility(news) and not filter(f_debug); }; | 
|  | 110 | filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; | 
|  | 111 | filter f_user { facility(user) and not filter(f_debug); }; | 
|  | 112 | filter f_uucp { facility(uucp) and not filter(f_debug); }; | 
|  | 113 |  | 
|  | 114 | filter f_cnews { level(notice, err, crit) and facility(news); }; | 
|  | 115 | filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; | 
|  | 116 |  | 
|  | 117 | filter f_ppp { facility(local2) and not filter(f_debug); }; | 
|  | 118 | filter f_console { level(warn .. emerg); }; | 
|  | 119 |  | 
|  | 120 | ######################## | 
|  | 121 | # Log paths | 
|  | 122 | ######################## | 
|  | 123 | log { source(s_src); filter(f_auth); destination(d_auth); }; | 
|  | 124 | log { source(s_src); filter(f_cron); destination(d_cron); }; | 
|  | 125 | log { source(s_src); filter(f_daemon); destination(d_daemon); }; | 
|  | 126 | log { source(s_src); filter(f_kern); destination(d_kern); }; | 
|  | 127 | log { source(s_src); filter(f_lpr); destination(d_lpr); }; | 
|  | 128 | log { source(s_src); filter(f_syslog3); destination(d_syslog); }; | 
|  | 129 | log { source(s_src); filter(f_user); destination(d_user); }; | 
|  | 130 | log { source(s_src); filter(f_uucp); destination(d_uucp); }; | 
|  | 131 |  | 
|  | 132 | log { source(s_src); filter(f_mail); destination(d_mail); }; | 
|  | 133 | #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; | 
|  | 134 | #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; | 
|  | 135 | #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; | 
|  | 136 |  | 
|  | 137 | log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; | 
|  | 138 | log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; | 
|  | 139 | log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; | 
|  | 140 | #log { source(s_src); filter(f_cnews); destination(d_console_all); }; | 
|  | 141 | #log { source(s_src); filter(f_cother); destination(d_console_all); }; | 
|  | 142 |  | 
|  | 143 | #log { source(s_src); filter(f_ppp); destination(d_ppp); }; | 
|  | 144 |  | 
|  | 145 | log { source(s_src); filter(f_debug); destination(d_debug); }; | 
|  | 146 | log { source(s_src); filter(f_error); destination(d_error); }; | 
|  | 147 | log { source(s_src); filter(f_messages); destination(d_messages); }; | 
|  | 148 |  | 
|  | 149 | log { source(s_src); filter(f_console); destination(d_console_all); | 
|  | 150 | destination(d_xconsole); }; | 
|  | 151 | log { source(s_src); filter(f_crit); destination(d_console); }; | 
|  | 152 |  | 
|  | 153 | # All messages send to a remote site | 
|  | 154 | # | 
|  | 155 | #log { source(s_src); destination(d_net); }; |