Jul 22 13:55:49 server sshd[1234]: Accepted publickey for me from 12.34.56.78 po

1. Jul 22 13:55:49 server sshd[1234]: Accepted publickey for me from 12.34.56.78 port 12345 ssh2: RSA <<key signature elided>>
2. Jul 22 13:55:49 server sshd[1234]: pam_unix(sshd:session): session opened for user me by (uid=0)
3.  
4. [me@server ~]$ dpkg -l | grep syslog
5. ii syslog-ng 3.5.3-1 all
6. ii syslog-ng-core 3.5.3-1 i386
7. ii syslog-ng-mod-geoip 3.5.3-1 i386
8. ii syslog-ng-mod-json 3.5.3-1 i386
9. ii syslog-ng-mod-mongodb 3.5.3-1 i386
10. ii syslog-ng-mod-smtp 3.5.3-1 i386
11. ii syslog-ng-mod-sql 3.5.3-1 i386
12. [me@server ~]$ dpkg -l | grep exim
13. ii exim4 4.82-3ubuntu2 all
14. ii exim4-base 4.82-3ubuntu2 i386
15. ii exim4-config 4.82-3ubuntu2 all
16. ii exim4-daemon-light 4.82-3ubuntu2 i386
17.  
18. [me@server ~]$ cat /etc/syslog-ng/conf.d/smtp_for_ssh.conf
19. filter f_ssh_login {
20. host("server") and filter(f_auth) and not filter(f_cron);
21. };
22.  
23. destination d_smtp {
24. smtp(
25. host("localhost")
26. port(25)
27. from("Syslog-NG Alert Service" "syslog-ng@mydomain.com")
28. to("Me" "me@mydomain.com")
29. subject("[ALERT] Important log message of $LEVEL condition received from $HOST/$PROGRAM!")
30. body("Hi!nThe syslog-ng alerting service detected the following important log message:n $MSGn-- nSyslog-NGn")
31. log_fifo_size(5)
32. );
33. };
34.  
35. log {
36. source(s_src);
37. filter(f_ssh_login);
38. destination(d_smtp);
39. };
40.  
41. [me@server syslog-ng]$ cat syslog-ng.conf
42. @version: 3.5
43. @include "scl.conf"
44. @include "`scl-root`/system/tty10.conf"
45.  
46. # Syslog-ng configuration file, compatible with default Debian syslogd
47. # installation.
48.  
49. # First, set some global options.
50. options { chain_hostnames(off); flush_lines(5); use_dns(no); use_fqdn(no);
51. owner("root"); group("adm"); perm(0640); stats_freq(0);
52. bad_hostname("^gconfd$");
53. };