Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @version:3.2
- # syslog-ng configuration file.
- #
- # This should behave pretty much like the original syslog on RedHat. But
- # it could be configured a lot smarter.
- #
- # See syslog-ng(8) and syslog-ng.conf(5) for more information.
- #
- options {
- stats_freq (43200);
- flush_lines (0);
- time_reopen (10);
- log_fifo_size (1000);
- long_hostnames (off);
- use_dns (no);
- use_fqdn (no);
- create_dirs (no);
- keep_hostname (yes);
- };
- source s_sys {
- file ("/proc/kmsg" program_override("kernel: "));
- unix-stream ("/dev/log");
- internal();
- udp(ip(0.0.0.0) port(5555));
- tcp(ip(0.0.0.0) port(2010));
- };
- destination d_cons { file("/dev/console"); };
- destination d_mesg { file("/var/log/messages"); };
- destination d_auth { file("/var/log/secure"); };
- destination d_mail { file("/var/log/maillog" flush_lines(10)); };
- destination d_spol { file("/var/log/spooler"); };
- destination d_boot { file("/var/log/boot.log"); };
- destination d_cron { file("/var/log/cron"); };
- destination d_kern { file("/var/log/kern"); };
- destination d_mlal { usertty("*"); };
- filter f_kernel { facility(kern); };
- filter f_default { level(info..emerg) and
- not (facility(mail)
- or facility(authpriv)
- or facility(cron)) and
- not (netmask(192.168.20.20/32)) and
- not (netmask(192.168.20.111/32)) and
- not (netmask(192.168.241.33/32)) and
- not (netmask(192.168.254.219/32)) and
- not (netmask(192.168.243.101/32)) and
- not (netmask(172.16.80.50/32)) and
- not (netmask(192.168.80.100/32)) and
- not (netmask(192.168.80.2/32)); };
- filter f_auth { facility(authpriv) and
- not (netmask(192.168.241.33/32)); };
- filter f_mail { facility(mail); };
- filter f_emergency { level(emerg); };
- filter f_news { facility(uucp) or
- (facility(news)
- and level(crit..emerg)); };
- filter f_boot { facility(local7); };
- filter f_cron { facility(cron); };
- #log { source(s_sys); filter(f_kernel); destination(d_cons); };
- log { source(s_sys); filter(f_kernel); destination(d_kern); };
- log { source(s_sys); filter(f_default); destination(d_mesg); };
- log { source(s_sys); filter(f_auth); destination(d_auth); };
- log { source(s_sys); filter(f_mail); destination(d_mail); };
- log { source(s_sys); filter(f_emergency); destination(d_mlal); };
- log { source(s_sys); filter(f_news); destination(d_spol); };
- log { source(s_sys); filter(f_boot); destination(d_boot); };
- log { source(s_sys); filter(f_cron); destination(d_cron); };
- #filter f_f5 { (netmask(192.168.241.33/32)) };
- #destination d_f5 { file ("/var/log/testf5.log"); };
- #log { source(s_sys); filter(f_f5); destination(d_f5); };
- ###
- filter f_pa { (netmask(192.168.20.20/32)) and not message("AppThreat"); };
- destination d_pa { file ("/var/log/pa.log"); };
- log { source(s_sys); filter(f_pa); destination(d_pa); };
- ###
- #filter f_prod_cisco { (netmask(192.168.90.1/32)) };
- #filter f_prod_cisco { (netmask(192.168.90.1/32)) and message("mismatch"); };
- #destination d_prod_cisco { file ("/var/log/switch.log"); };
- #log { source(s_sys); filter(f_prod_cisco); destination(d_test_cisco); };
- ###
- #filter f_remote_iptables { (netmask(192.168.241.7/32)) and facility(kern) and message("IN"); };
- #log { source(s_sys); filter(f_remote_iptables); destination(d_test_cisco); };
- #####################################
- #filter f_aci { (netmask(192.168.80.100/32)) };
- #destination d_aci { file ("/var/log/aci.log"); };
- #log { source(s_sys); filter(f_aci); destination(d_aci); };
- #####################################
- filter f_AppThreat { (netmask(192.168.20.20/32)) and message("AppThreat"); };
- destination d_AppThreat { file ("/var/log/AppThreat.log"); };
- log { source(s_sys); filter(f_AppThreat); destination(d_AppThreat); };
- #####################################
- filter f_dfwpktlogs { (netmask(192.168.254.219/32)) ; };
- destination d_dfwpktlogs { file ("/var/log/dfwpkt.log"); };
- log { source(s_sys); filter(f_dfwpktlogs); destination(d_dfwpktlogs); };
- ####################################
- filter f_ise { (netmask(192.168.20.111/32)) ; };
- destination d_ise { file ("/var/log/ise.log"); };
- log { source(s_sys); filter(f_ise); destination(d_ise); };
- ############################################################################
- #/var/log/switch.log
- #/var/log/testf5.log
- /var/log/A*.log
- /var/log/dfwp*.log
- {
- daily
- rotate 108
- #size 500k
- maxsize 1000M
- create
- notifempty
- compress
- create 640
- sharedscripts
- postrotate
- /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
- endscript
- }
- ############################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement