Advertisement
Guest User

Untitled

a guest
Aug 1st, 2012
342
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # /etc/syslog-ng/syslog-ng.conf
  3. #
  4. # File format description can be found in syslog-ng.conf(5)
  5. # and in /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
  6. #
  7. # NOTE: The SuSEconfig script and its syslog-ng.conf.in
  8. # configuration template aren't used any more.
  9. #
  10. # Feel free to edit this file directly.
  11. #
  12. # Additional log sockets for chroot environments can
  13. # be declared in the /etc/sysconfig/syslog file using
  14. # SYSLOGD_ADDITIONAL_SOCKET<NAME>
  15. # variables. This way allows to define a socket from
  16. # RPM scripts and is used by several services, e.g.
  17. # bind and dhcpd.
  18. #
  19. # The sockets defined in /etc/sysconfig/syslog file
  20. # are added by the /etc/ini.d/syslog init-script using
  21. # "-a path" command line options while syslog-ng is
  22. # started.
  23. #
  24. # This syslog-ng contains an extension and appends the
  25. # sockets added by "-a" option to the same source group
  26. # and using the same socket type (unix-dgram) as the
  27. # "/dev/log" socket.
  28. # If one of the sockets added by "-a" option already
  29. # exists in any (other) source group in the config file,
  30. # then the socket added by "-a" option is ignored.
  31. #
  32.  
  33. #
  34. # Global options.
  35. #
  36. options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
  37.  
  38. #
  39. # 'src' is our main source definition. you can add
  40. # more sources driver definitions to it, or define
  41. # your own sources, i.e.:
  42. #
  43. #source my_src { .... };
  44. #
  45. source src {
  46. #
  47. # include internal syslog-ng messages
  48. # note: the internal() soure is required!
  49. #
  50. internal();
  51.  
  52. #
  53. # the default log socket for local logging:
  54. #
  55. unix-dgram("/dev/log");
  56.  
  57. #
  58. # uncomment to process log messages from network:
  59. #
  60. #udp(ip("0.0.0.0") port(514));
  61. };
  62.  
  63.  
  64. #
  65. # Filter definitions
  66. #
  67. filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
  68.  
  69. filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
  70. or level(err) and not facility(authpriv); };
  71.  
  72. filter f_newsnotice { level(notice) and facility(news); };
  73. filter f_newscrit { level(crit) and facility(news); };
  74. filter f_newserr { level(err) and facility(news); };
  75. filter f_news { facility(news); };
  76.  
  77. filter f_mailinfo { level(info) and facility(mail); };
  78. filter f_mailwarn { level(warn) and facility(mail); };
  79. filter f_mailerr { level(err, crit) and facility(mail); };
  80. filter f_mail { facility(mail); };
  81.  
  82. filter f_cron { facility(cron); };
  83.  
  84. filter f_local { facility(local0, local1, local2, local3,
  85. local4, local5, local6, local7); };
  86.  
  87. #
  88. # acpid messages
  89. #
  90. filter f_acpid_full { match('^acpid:'); };
  91. filter f_acpid { level(emerg..notice) and match('^acpid:'); };
  92.  
  93. # this is for the old acpid < 1.0.6
  94. filter f_acpid_old { match('^\[acpid\]:'); };
  95.  
  96. filter f_netmgm { match('^NetworkManager:'); };
  97.  
  98. filter f_messages { not facility(news, mail) and not filter(f_iptables); };
  99. filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
  100. filter f_alert { level(alert); };
  101.  
  102.  
  103. #
  104. # Enable this and adopt IP to send log messages to a log server.
  105. #
  106. #destination logserver { udp("10.10.10.10" port(514)); };
  107. #log { source(src); destination(logserver); };
  108.  
  109. #
  110. # Enable this, if you want to keep all messages in one file:
  111. # (don't forget to provide logrotation config)
  112. #
  113. #destination allmessages { file("/var/log/allmessages"); };
  114. #log { source(src); destination(allmessages); };
  115.  
  116. #
  117. # Most warning and errors on tty10 and on the xconsole pipe:
  118. #
  119. destination console { pipe("/dev/tty10" owner(-1) group(-1) perm(-1)); };
  120. log { source(src); filter(f_console); destination(console); };
  121.  
  122. destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
  123. log { source(src); filter(f_console); destination(xconsole); };
  124.  
  125. # Enable this, if you want that root is informed immediately,
  126. # e.g. of logins:
  127. #
  128. #destination root { usertty("root"); };
  129. #log { source(src); filter(f_alert); destination(root); };
  130.  
  131.  
  132. #
  133. # News-messages in separate files:
  134. #
  135. destination newscrit { file("/var/log/news/news.crit"
  136. owner(news) group(news)); };
  137. log { source(src); filter(f_newscrit); destination(newscrit); };
  138.  
  139. destination newserr { file("/var/log/news/news.err"
  140. owner(news) group(news)); };
  141. log { source(src); filter(f_newserr); destination(newserr); };
  142.  
  143. destination newsnotice { file("/var/log/news/news.notice"
  144. owner(news) group(news)); };
  145. log { source(src); filter(f_newsnotice); destination(newsnotice); };
  146.  
  147. #
  148. # and optionally also all in one file:
  149. # (don't forget to provide logrotation config)
  150. #
  151. #destination news { file("/var/log/news.all"); };
  152. #log { source(src); filter(f_news); destination(news); };
  153.  
  154.  
  155. #
  156. # Mail-messages in separate files:
  157. #
  158. destination mailinfo { file("/var/log/mail.info"); };
  159. log { source(src); filter(f_mailinfo); destination(mailinfo); };
  160.  
  161. destination mailwarn { file("/var/log/mail.warn"); };
  162. log { source(src); filter(f_mailwarn); destination(mailwarn); };
  163.  
  164. destination mailerr { file("/var/log/mail.err" fsync(yes)); };
  165. log { source(src); filter(f_mailerr); destination(mailerr); };
  166.  
  167. #
  168. # and also all in one file:
  169. #
  170. destination mail { file("/var/log/mail"); };
  171. log { source(src); filter(f_mail); destination(mail); };
  172.  
  173.  
  174. #
  175. # acpid messages in one file:
  176. #
  177. destination acpid { file("/var/log/acpid"); };
  178. destination null { };
  179. log { source(src); filter(f_acpid); destination(acpid); flags(final); };
  180. #
  181. # if you want more verbose acpid logging, comment the destination(null)
  182. # line and uncomment the destination(acpid) line
  183. #
  184. log { source(src); filter(f_acpid_full); destination(null); flags(final); };
  185. # log { source(src); filter(f_acpid_full); destination(acpid); flags(final); };
  186. #
  187. # old acpid < 1.0.6
  188. log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };
  189.  
  190. #
  191. # NetworkManager messages in one file:
  192. #
  193. destination netmgm { file("/var/log/NetworkManager"); };
  194. log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
  195.  
  196.  
  197. #
  198. # Cron-messages in one file:
  199. # (don't forget to provide logrotation config)
  200. #
  201. #destination cron { file("/var/log/cron"); };
  202. #log { source(src); filter(f_cron); destination(cron); };
  203.  
  204.  
  205. #
  206. # Some boot scripts use/require local[1-7]:
  207. #
  208. destination localmessages { file("/var/log/localmessages"); };
  209. log { source(src); filter(f_local); destination(localmessages); };
  210.  
  211.  
  212. #
  213. # All messages except iptables and the facilities news and mail:
  214. #
  215. destination messages { file("/var/log/messages"); };
  216. log { source(src); filter(f_messages); destination(messages); };
  217.  
  218.  
  219. #
  220. # Firewall (iptables) messages in one file:
  221. #
  222. destination firewall { file("/var/log/firewall"); };
  223. log { source(src); filter(f_iptables); destination(firewall); };
  224.  
  225.  
  226. #
  227. # Warnings (except iptables) in one file:
  228. #
  229. destination warn { file("/var/log/warn" fsync(yes)); };
  230. log { source(src); filter(f_warn); destination(warn); };
  231.  
  232. ## SSHguard
  233. # pass only entries with auth+authpriv facilities that contain sshd
  234. filter sshlogs { facility(auth, authpriv) and match("sshd"); };
  235.  
  236. ## SSHguard
  237. # pass to this process with this template (avoids <ID> prefixes)
  238. destination sshguardproc {
  239. program("/usr/sbin/sshguard"
  240. template("$DATE $FULLHOST $MESSAGE\n"));
  241. };
  242. log { source(src); filter(sshlogs); destination(sshguardproc); };
Advertisement
RAW Paste Data Copied
Advertisement