API tools faq
paste
Advertisement
thantzinz

central_syslog-ng

thantzinz
May 3rd, 2018
187
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.67 KB | None | 0 0
raw download clone embed print report
  1. @version:3.2
  2.  
  3. # syslog-ng configuration file.
  4. #
  5. # This should behave pretty much like the original syslog on RedHat. But
  6. # it could be configured a lot smarter.
  7. #
  8. # See syslog-ng(8) and syslog-ng.conf(5) for more information.
  9. #
  10.  
  11. options {
  12.     stats_freq (43200);
  13.     flush_lines (0);
  14.     time_reopen (10);
  15.     log_fifo_size (1000);
  16.     long_hostnames (off);
  17.     use_dns (no);
  18.     use_fqdn (no);
  19.     create_dirs (no);
  20.     keep_hostname (yes);
  21. };
  22.  
  23. source s_sys {
  24.     file ("/proc/kmsg" program_override("kernel: "));
  25.     unix-stream ("/dev/log");
  26.     internal();
  27.     udp(ip(0.0.0.0) port(5555));
  28.     tcp(ip(0.0.0.0) port(2010));
  29. };
  30.  
  31. destination d_cons { file("/dev/console"); };
  32. destination d_mesg { file("/var/log/messages"); };
  33. destination d_auth { file("/var/log/secure"); };
  34. destination d_mail { file("/var/log/maillog" flush_lines(10)); };
  35. destination d_spol { file("/var/log/spooler"); };
  36. destination d_boot { file("/var/log/boot.log"); };
  37. destination d_cron { file("/var/log/cron"); };
  38. destination d_kern { file("/var/log/kern"); };
  39. destination d_mlal { usertty("*"); };
  40.  
  41. filter f_kernel     { facility(kern); };
  42. filter f_default    { level(info..emerg) and
  43.                         not (facility(mail)
  44.                         or facility(authpriv)
  45.                         or facility(cron)) and
  46.             not (netmask(192.168.20.20/32)) and
  47.             not (netmask(192.168.20.111/32)) and
  48.             not (netmask(192.168.241.33/32)) and
  49.             not (netmask(192.168.254.219/32)) and
  50.             not (netmask(192.168.243.101/32)) and
  51.             not (netmask(172.16.80.50/32)) and
  52.             not (netmask(192.168.80.100/32)) and
  53.             not (netmask(192.168.80.2/32)); };
  54. filter f_auth       { facility(authpriv) and
  55.             not (netmask(192.168.241.33/32)); };
  56. filter f_mail       { facility(mail); };
  57. filter f_emergency  { level(emerg); };
  58. filter f_news       { facility(uucp) or
  59.                         (facility(news)
  60.                         and level(crit..emerg)); };
  61. filter f_boot   { facility(local7); };
  62. filter f_cron   { facility(cron); };
  63.  
  64. #log { source(s_sys); filter(f_kernel); destination(d_cons); };
  65. log { source(s_sys); filter(f_kernel); destination(d_kern); };
  66. log { source(s_sys); filter(f_default); destination(d_mesg); };
  67. log { source(s_sys); filter(f_auth); destination(d_auth); };
  68. log { source(s_sys); filter(f_mail); destination(d_mail); };
  69. log { source(s_sys); filter(f_emergency); destination(d_mlal); };
  70. log { source(s_sys); filter(f_news); destination(d_spol); };
  71. log { source(s_sys); filter(f_boot); destination(d_boot); };
  72. log { source(s_sys); filter(f_cron); destination(d_cron); };
  73.  
  74. #filter f_f5 { (netmask(192.168.241.33/32)) };
  75. #destination d_f5 { file ("/var/log/testf5.log"); };
  76. #log { source(s_sys); filter(f_f5); destination(d_f5); };
  77. ###
  78. filter f_pa { (netmask(192.168.20.20/32)) and not message("AppThreat"); };
  79. destination d_pa { file ("/var/log/pa.log"); };
  80. log { source(s_sys); filter(f_pa); destination(d_pa); };
  81. ###
  82. #filter f_prod_cisco { (netmask(192.168.90.1/32)) };
  83. #filter f_prod_cisco { (netmask(192.168.90.1/32)) and message("mismatch"); };
  84. #destination d_prod_cisco { file ("/var/log/switch.log"); };
  85. #log { source(s_sys); filter(f_prod_cisco); destination(d_test_cisco); };
  86. ###
  87. #filter f_remote_iptables { (netmask(192.168.241.7/32)) and facility(kern) and message("IN"); };
  88. #log { source(s_sys); filter(f_remote_iptables); destination(d_test_cisco); };
  89. #####################################
  90. #filter f_aci { (netmask(192.168.80.100/32)) };
  91. #destination d_aci { file ("/var/log/aci.log"); };
  92. #log { source(s_sys); filter(f_aci); destination(d_aci); };
  93. #####################################
  94. filter f_AppThreat { (netmask(192.168.20.20/32)) and message("AppThreat"); };
  95. destination d_AppThreat { file ("/var/log/AppThreat.log"); };
  96. log { source(s_sys); filter(f_AppThreat); destination(d_AppThreat); };
  97. #####################################
  98. filter f_dfwpktlogs { (netmask(192.168.254.219/32)) ; };
  99. destination d_dfwpktlogs { file ("/var/log/dfwpkt.log"); };
  100. log { source(s_sys); filter(f_dfwpktlogs); destination(d_dfwpktlogs); };
  101. ####################################
  102. filter f_ise { (netmask(192.168.20.111/32)) ; };
  103. destination d_ise { file ("/var/log/ise.log"); };
  104. log { source(s_sys); filter(f_ise); destination(d_ise); };
  105. ############################################################################
  106. #/var/log/switch.log
  107. #/var/log/testf5.log
  108. /var/log/A*.log
  109. /var/log/dfwp*.log
  110. {
  111.     daily
  112.     rotate 108
  113.     #size 500k
  114.     maxsize 1000M
  115.     create
  116.     notifempty
  117.     compress
  118.     create 640
  119.     sharedscripts
  120.     postrotate
  121.         /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
  122.     endscript
  123. }
  124. ############################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!