API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2012
389
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.43 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # /etc/syslog-ng/syslog-ng.conf
  3. #
  4. # File format description can be found in syslog-ng.conf(5)
  5. # and in /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
  6. #
  7. # NOTE: The SuSEconfig script and its syslog-ng.conf.in
  8. # configuration template aren't used any more.
  9. #
  10. # Feel free to edit this file directly.
  11. #
  12. # Additional log sockets for chroot environments can
  13. # be declared in the /etc/sysconfig/syslog file using
  14. # SYSLOGD_ADDITIONAL_SOCKET<NAME>
  15. # variables. This way allows to define a socket from
  16. # RPM scripts and is used by several services, e.g.
  17. # bind and dhcpd.
  18. #
  19. # The sockets defined in /etc/sysconfig/syslog file
  20. # are added by the /etc/ini.d/syslog init-script using
  21. # "-a path" command line options while syslog-ng is
  22. # started.
  23. #
  24. # This syslog-ng contains an extension and appends the
  25. # sockets added by "-a" option to the same source group
  26. # and using the same socket type (unix-dgram) as the
  27. # "/dev/log" socket.
  28. # If one of the sockets added by "-a" option already
  29. # exists in any (other) source group in the config file,
  30. # then the socket added by "-a" option is ignored.
  31. #
  32.  
  33. #
  34. # Global options.
  35. #
  36. options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
  37.  
  38. #
  39. # 'src' is our main source definition. you can add
  40. # more sources driver definitions to it, or define
  41. # your own sources, i.e.:
  42. #
  43. #source my_src { .... };
  44. #
  45. source src {
  46. #
  47. # include internal syslog-ng messages
  48. # note: the internal() soure is required!
  49. #
  50. internal();
  51.  
  52. #
  53. # the default log socket for local logging:
  54. #
  55. unix-dgram("/dev/log");
  56.  
  57. #
  58. # uncomment to process log messages from network:
  59. #
  60. #udp(ip("0.0.0.0") port(514));
  61. };
  62.  
  63.  
  64. #
  65. # Filter definitions
  66. #
  67. filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
  68.  
  69. filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
  70. or level(err) and not facility(authpriv); };
  71.  
  72. filter f_newsnotice { level(notice) and facility(news); };
  73. filter f_newscrit { level(crit) and facility(news); };
  74. filter f_newserr { level(err) and facility(news); };
  75. filter f_news { facility(news); };
  76.  
  77. filter f_mailinfo { level(info) and facility(mail); };
  78. filter f_mailwarn { level(warn) and facility(mail); };
  79. filter f_mailerr { level(err, crit) and facility(mail); };
  80. filter f_mail { facility(mail); };
  81.  
  82. filter f_cron { facility(cron); };
  83.  
  84. filter f_local { facility(local0, local1, local2, local3,
  85. local4, local5, local6, local7); };
  86.  
  87. #
  88. # acpid messages
  89. #
  90. filter f_acpid_full { match('^acpid:'); };
  91. filter f_acpid { level(emerg..notice) and match('^acpid:'); };
  92.  
  93. # this is for the old acpid < 1.0.6
  94. filter f_acpid_old { match('^\[acpid\]:'); };
  95.  
  96. filter f_netmgm { match('^NetworkManager:'); };
  97.  
  98. filter f_messages { not facility(news, mail) and not filter(f_iptables); };
  99. filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
  100. filter f_alert { level(alert); };
  101.  
  102.  
  103. #
  104. # Enable this and adopt IP to send log messages to a log server.
  105. #
  106. #destination logserver { udp("10.10.10.10" port(514)); };
  107. #log { source(src); destination(logserver); };
  108.  
  109. #
  110. # Enable this, if you want to keep all messages in one file:
  111. # (don't forget to provide logrotation config)
  112. #
  113. #destination allmessages { file("/var/log/allmessages"); };
  114. #log { source(src); destination(allmessages); };
  115.  
  116. #
  117. # Most warning and errors on tty10 and on the xconsole pipe:
  118. #
  119. destination console { pipe("/dev/tty10" owner(-1) group(-1) perm(-1)); };
  120. log { source(src); filter(f_console); destination(console); };
  121.  
  122. destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
  123. log { source(src); filter(f_console); destination(xconsole); };
  124.  
  125. # Enable this, if you want that root is informed immediately,
  126. # e.g. of logins:
  127. #
  128. #destination root { usertty("root"); };
  129. #log { source(src); filter(f_alert); destination(root); };
  130.  
  131.  
  132. #
  133. # News-messages in separate files:
  134. #
  135. destination newscrit { file("/var/log/news/news.crit"
  136. owner(news) group(news)); };
  137. log { source(src); filter(f_newscrit); destination(newscrit); };
  138.  
  139. destination newserr { file("/var/log/news/news.err"
  140. owner(news) group(news)); };
  141. log { source(src); filter(f_newserr); destination(newserr); };
  142.  
  143. destination newsnotice { file("/var/log/news/news.notice"
  144. owner(news) group(news)); };
  145. log { source(src); filter(f_newsnotice); destination(newsnotice); };
  146.  
  147. #
  148. # and optionally also all in one file:
  149. # (don't forget to provide logrotation config)
  150. #
  151. #destination news { file("/var/log/news.all"); };
  152. #log { source(src); filter(f_news); destination(news); };
  153.  
  154.  
  155. #
  156. # Mail-messages in separate files:
  157. #
  158. destination mailinfo { file("/var/log/mail.info"); };
  159. log { source(src); filter(f_mailinfo); destination(mailinfo); };
  160.  
  161. destination mailwarn { file("/var/log/mail.warn"); };
  162. log { source(src); filter(f_mailwarn); destination(mailwarn); };
  163.  
  164. destination mailerr { file("/var/log/mail.err" fsync(yes)); };
  165. log { source(src); filter(f_mailerr); destination(mailerr); };
  166.  
  167. #
  168. # and also all in one file:
  169. #
  170. destination mail { file("/var/log/mail"); };
  171. log { source(src); filter(f_mail); destination(mail); };
  172.  
  173.  
  174. #
  175. # acpid messages in one file:
  176. #
  177. destination acpid { file("/var/log/acpid"); };
  178. destination null { };
  179. log { source(src); filter(f_acpid); destination(acpid); flags(final); };
  180. #
  181. # if you want more verbose acpid logging, comment the destination(null)
  182. # line and uncomment the destination(acpid) line
  183. #
  184. log { source(src); filter(f_acpid_full); destination(null); flags(final); };
  185. # log { source(src); filter(f_acpid_full); destination(acpid); flags(final); };
  186. #
  187. # old acpid < 1.0.6
  188. log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };
  189.  
  190. #
  191. # NetworkManager messages in one file:
  192. #
  193. destination netmgm { file("/var/log/NetworkManager"); };
  194. log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
  195.  
  196.  
  197. #
  198. # Cron-messages in one file:
  199. # (don't forget to provide logrotation config)
  200. #
  201. #destination cron { file("/var/log/cron"); };
  202. #log { source(src); filter(f_cron); destination(cron); };
  203.  
  204.  
  205. #
  206. # Some boot scripts use/require local[1-7]:
  207. #
  208. destination localmessages { file("/var/log/localmessages"); };
  209. log { source(src); filter(f_local); destination(localmessages); };
  210.  
  211.  
  212. #
  213. # All messages except iptables and the facilities news and mail:
  214. #
  215. destination messages { file("/var/log/messages"); };
  216. log { source(src); filter(f_messages); destination(messages); };
  217.  
  218.  
  219. #
  220. # Firewall (iptables) messages in one file:
  221. #
  222. destination firewall { file("/var/log/firewall"); };
  223. log { source(src); filter(f_iptables); destination(firewall); };
  224.  
  225.  
  226. #
  227. # Warnings (except iptables) in one file:
  228. #
  229. destination warn { file("/var/log/warn" fsync(yes)); };
  230. log { source(src); filter(f_warn); destination(warn); };
  231.  
  232. ## SSHguard
  233. # pass only entries with auth+authpriv facilities that contain sshd
  234. filter sshlogs { facility(auth, authpriv) and match("sshd"); };
  235.  
  236. ## SSHguard
  237. # pass to this process with this template (avoids <ID> prefixes)
  238. destination sshguardproc {
  239. program("/usr/sbin/sshguard"
  240. template("$DATE $FULLHOST $MESSAGE\n"));
  241. };
  242. log { source(src); filter(sshlogs); destination(sshguardproc); };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!