vMA 5.0 custom syslog-ng.conf

1. #
2. # /etc/syslog-ng/syslog-ng.conf
3. #
4. # File format description can be found in syslog-ng.conf(5)
5. # and in /usr/share/doc/packages/syslog-ng/syslog-ng.txt.
6. #
7. # NOTE: The SuSEconfig script and its syslog-ng.conf.in
8. # configuration template aren't used any more.
9. #
10. # Feel free to edit this file directly.
11. #
12. # Additional log sockets for chroot environments can
13. # be declared in the /etc/sysconfig/syslog file using
14. # SYSLOGD_ADDITIONAL_SOCKET<NAME>
15. # variables. This way allows to define a socket from
16. # RPM scripts and is used by several services, e.g.
17. # bind and dhcpd.
18. #
19. # The sockets defined in /etc/sysconfig/syslog file
20. # are added by the /etc/ini.d/syslog init-script using
21. # "-a path" command line options while syslog-ng is
22. # started.
23. #
24. # This syslog-ng contains an extension and appends the
25. # sockets added by "-a" option to the same source group
26. # and using the same socket type (unix-dgram) as the
27. # "/dev/log" socket.
28. # If one of the sockets added by "-a" option already
29. # exists in any (other) source group in the config file,
30. # then the socket added by "-a" option is ignored.
31. #
32.  
33. #
34. # Global options.
35. #
36. options { keep_hostname(yes); long_hostnames(off); use_fqdn(yes); sync(0); perm(0644); dir_perm(0755); stats(3600); };
37.  
38. #
39. # 'src' is our main source definition. you can add
40. # more sources driver definitions to it, or define
41. # your own sources, i.e.:
42. #
43. #source my_src { .... };
44. #
45. source src {
46. #
47. # include internal syslog-ng messages
48. # note: the internal() soure is required!
49. #
50. internal();
51.  
52. #
53. # the default log socket for local logging:
54. #
55. unix-dgram("/dev/log");
56.  
57. #
58. # uncomment to process log messages from network:
59. #
60. #udp(ip("0.0.0.0") port(514));
61. };
62.  
63.  
64. #
65. # Filter definitions
66. #
67. filter f_iptables { facility(kern) and match("IN=") and match("OUT="); };
68.  
69. filter f_console { level(warn) and facility(kern) and not filter(f_iptables)
70. or level(err) and not facility(authpriv); };
71.  
72. filter f_newsnotice { level(notice) and facility(news); };
73. filter f_newscrit { level(crit) and facility(news); };
74. filter f_newserr { level(err) and facility(news); };
75. filter f_news { facility(news); };
76.  
77. filter f_mailinfo { level(info) and facility(mail); };
78. filter f_mailwarn { level(warn) and facility(mail); };
79. filter f_mailerr { level(err, crit) and facility(mail); };
80. filter f_mail { facility(mail); };
81.  
82. filter f_cron { facility(cron); };
83.  
84. filter f_local { facility(local0, local1, local2, local3,
85. local4, local5, local6, local7); };
86.  
87. #
88. # acpid messages
89. #
90. filter f_acpid_full { match('^acpid:'); };
91. filter f_acpid { level(emerg..notice) and match('^acpid:'); };
92.  
93. # this is for the old acpid < 1.0.6
94. filter f_acpid_old { match('^\[acpid\]:'); };
95.  
96. filter f_netmgm { match('^NetworkManager:'); };
97.  
98. filter f_messages { not facility(news, mail) and not filter(f_iptables); };
99. filter f_warn { level(warn, err, crit) and not filter(f_iptables); };
100. filter f_alert { level(alert); };
101.  
102.  
103. #
104. # Enable this and adopt IP to send log messages to a log server.
105. #
106. #destination logserver { udp("10.10.10.10" port(514)); };
107. #log { source(src); destination(logserver); };
108.  
109. #
110. # Enable this, if you want to keep all messages in one file:
111. # (don't forget to provide logrotation config)
112. #
113. #destination allmessages { file("/var/log/allmessages"); };
114. #log { source(src); destination(allmessages); };
115.  
116. #
117. # Most warning and errors on tty10 and on the xconsole pipe:
118. #
119. destination console { pipe("/dev/tty10" owner(-1) group(-1) perm(-1)); };
120. log { source(src); filter(f_console); destination(console); };
121.  
122. destination xconsole { pipe("/dev/xconsole" owner(-1) group(-1) perm(-1)); };
123. log { source(src); filter(f_console); destination(xconsole); };
124.  
125. # Enable this, if you want that root is informed immediately,
126. # e.g. of logins:
127. #
128. #destination root { usertty("root"); };
129. #log { source(src); filter(f_alert); destination(root); };
130.  
131.  
132. #
133. # News-messages in separate files:
134. #
135. destination newscrit { file("/var/log/news/news.crit"); };
136.  
137. log { source(src); filter(f_newscrit); destination(newscrit); };
138.  
139. destination newserr { file("/var/log/news/news.err"); };
140.  
141. log { source(src); filter(f_newserr); destination(newserr); };
142.  
143. destination newsnotice { file("/var/log/news/news.notice"); };
144.  
145. log { source(src); filter(f_newsnotice); destination(newsnotice); };
146.  
147. #
148. # and optionally also all in one file:
149. # (don't forget to provide logrotation config)
150. #
151. #destination news { file("/var/log/news.all"); };
152. #log { source(src); filter(f_news); destination(news); };
153.  
154.  
155. #
156. # Mail-messages in separate files:
157. #
158. destination mailinfo { file("/var/log/mail.info"); };
159. log { source(src); filter(f_mailinfo); destination(mailinfo); };
160.  
161. destination mailwarn { file("/var/log/mail.warn"); };
162. log { source(src); filter(f_mailwarn); destination(mailwarn); };
163.  
164. destination mailerr { file("/var/log/mail.err" fsync(yes)); };
165. log { source(src); filter(f_mailerr); destination(mailerr); };
166.  
167. #
168. # and also all in one file:
169. #
170. destination mail { file("/var/log/mail"); };
171. log { source(src); filter(f_mail); destination(mail); };
172.  
173.  
174. #
175. # acpid messages in one file:
176. #
177. destination acpid { file("/var/log/acpid"); };
178. destination null { };
179. log { source(src); filter(f_acpid); destination(acpid); flags(final); };
180. #
181. # if you want more verbose acpid logging, comment the destination(null)
182. # line and uncomment the destination(acpid) line
183. #
184. log { source(src); filter(f_acpid_full); destination(null); flags(final); };
185. # log { source(src); filter(f_acpid_full); destination(acpid); flags(final); };
186. #
187. # old acpid < 1.0.6
188. log { source(src); filter(f_acpid_old); destination(acpid); flags(final); };
189.  
190. #
191. # NetworkManager messages in one file:
192. #
193. destination netmgm { file("/var/log/NetworkManager"); };
194. log { source(src); filter(f_netmgm); destination(netmgm); flags(final); };
195.  
196.  
197. #
198. # Cron-messages in one file:
199. # (don't forget to provide logrotation config)
200. #
201. #destination cron { file("/var/log/cron"); };
202. #log { source(src); filter(f_cron); destination(cron); };
203.  
204.  
205. #
206. # Some boot scripts use/require local[1-7]:
207. #
208. destination localmessages { file("/var/log/localmessages"); };
209. log { source(src); filter(f_local); destination(localmessages); };
210.  
211.  
212. #
213. # All messages except iptables and the facilities news and mail:
214. #
215. destination messages { file("/var/log/messages"); };
216. log { source(src); filter(f_messages); destination(messages); };
217.  
218.  
219. #
220. # Firewall (iptables) messages in one file:
221. #
222. destination firewall { file("/var/log/firewall"); };
223. log { source(src); filter(f_iptables); destination(firewall); };
224.  
225.  
226. #
227. # Warnings (except iptables) in one file:
228. #
229. destination warn { file("/var/log/warn" fsync(yes)); };
230. log { source(src); filter(f_warn); destination(warn); };
231.  
232.  
233. destination cron { file("/var/log/cron"); };
234. log { source(src); filter(f_cron); destination(cron); };
235.  
236.  
237.  
238. ##########
239. source esxihosts { udp(ip("0.0.0.0") port(514)); }; #listen on ordinary UDP connections
240.  
241.  
242. ########## Definitions for each logfile ##############
243. destination vpxa_log {
244. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/vpxa-$YEAR-$MONTH-$DAY"
245. create_dirs(yes) frac-digits(3)
246. template("$ISODATE $PROGRAM $MSGONLY\n")
247. template_escape(no)
248. );
249. };
250. filter vpxa_filter { match("Vpxa") and not match("verbose"); }; #don't blow up the log with verbose boring crap
251. log { source(esxihosts); filter(vpxa_filter); destination(vpxa_log); };
252.  
253.  
254.  
255. destination hostd_log {
256. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/hostd-$YEAR-$MONTH-$DAY"
257. create_dirs(yes) frac-digits(3)
258. template("$ISODATE $PROGRAM $MSGONLY\n")
259. template_escape(no)
260. );
261. };
262. filter hostd_filter { match("Hostd") and not match("Power policy is unset") and not match("Responded to service state request") and not match ("Hbrsvc") and not match ("Default resource used for \'EsxHostAdvSettings") and not match ("convert IP Address of type 0") ; }; #may want to filter verbose junk in general too | Hbrsvc = host based replication service, not even enabled/used but still crapping all over the logs
263. log { source(esxihosts); filter(hostd_filter); destination(hostd_log); };
264.  
265.  
266.  
267. destination vmkernel_log {
268. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/vmkernel-$YEAR-$MONTH-$DAY"
269. create_dirs(yes) frac-digits(3)
270. template("$ISODATE $PROGRAM $MSGONLY\n")
271. template_escape(no)
272. );
273. };
274. filter vmkernel_filter { match("vmkernel"); };
275. log { source(esxihosts); filter(vmkernel_filter); destination(vmkernel_log); };
276.  
277.  
278. destination vmkwarning_log {
279. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/vmkwarning-$YEAR-$MONTH-$DAY"
280. create_dirs(yes) frac-digits(3)
281. template("$ISODATE $PROGRAM $MSGONLY\n")
282. template_escape(no)
283. );
284. };
285. filter vmkwarning_filter { match("vmkwarning"); };
286. log { source(esxihosts); filter(vmkwarning_filter); destination(vmkwarning_log); };
287.  
288.  
289. destination fdm_log {
290. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/fdm-$YEAR-$MONTH-$DAY"
291. create_dirs(yes) frac-digits(3)
292. template("$ISODATE $PROGRAM $MSGONLY\n")
293. template_escape(no)
294. );
295. };
296. filter fdm_filter { match("Fdm"); };
297. log { source(esxihosts); filter(fdm_filter); destination(fdm_log); };
298.  
299. destination vobd_log {
300. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/vobd-$YEAR-$MONTH-$DAY"
301. create_dirs(yes) frac-digits(3)
302. template("$ISODATE $PROGRAM $MSGONLY\n")
303. template_escape(no)
304. );
305. };
306. filter vobd_filter { match("vobd"); };
307. log { source(esxihosts); filter(vobd_filter); destination(vobd_log); };
308.  
309.  
310. destination esxupdate_log {
311. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/esxupdate-$YEAR-$MONTH-$DAY"
312. create_dirs(yes) frac-digits(3)
313. template("$ISODATE $PROGRAM $MSGONLY\n")
314. template_escape(no)
315. );
316. };
317. filter esxupdate_filter { match("esxupdate"); };
318. log { source(esxihosts); filter(esxupdate_filter); destination(esxupdate_log); };
319.  
320.  
321.  
322. destination other_log {
323. file("/var/log/esxi-syslog/$HOST/$YEAR-$MONTH/other-$YEAR-$MONTH-$DAY"
324. create_dirs(yes) frac-digits(3)
325. template("$ISODATE $PROGRAM $MSGONLY\n")
326. template_escape(no)
327. );
328. };
329. filter other_filter { not match("Vpxa") and not match("Hostd") and not match("vmkernel") and not match("vmkwarning") and not match("vobd") and not match("esxupdate") and not match("Fdm"); };
330. log { source(esxihosts); filter(other_filter); destination(other_log); };