[652] | 1 | # |
---|
| 2 | # Configuration file for syslog-ng under Debian |
---|
| 3 | # |
---|
| 4 | # attempts at reproducing default syslog behavior |
---|
| 5 | |
---|
| 6 | # the standard syslog levels are (in descending order of priority): |
---|
| 7 | # emerg alert crit err warning notice info debug |
---|
| 8 | # the aliases "error", "panic", and "warn" are deprecated |
---|
| 9 | # the "none" priority found in the original syslogd configuration is |
---|
| 10 | # only used in internal messages created by syslogd |
---|
| 11 | |
---|
| 12 | |
---|
| 13 | ###### |
---|
| 14 | # options |
---|
| 15 | |
---|
| 16 | options { |
---|
| 17 | # disable the chained hostname format in logs |
---|
| 18 | # (default is enabled) |
---|
| 19 | chain_hostnames(0); |
---|
| 20 | |
---|
| 21 | # the time to wait before a died connection is re-established |
---|
| 22 | # (default is 60) |
---|
| 23 | time_reopen(10); |
---|
| 24 | |
---|
| 25 | # the time to wait before an idle destination file is closed |
---|
| 26 | # (default is 60) |
---|
| 27 | time_reap(360); |
---|
| 28 | |
---|
| 29 | # the number of lines buffered before written to file |
---|
| 30 | # you might want to increase this if your disk isn't catching with |
---|
| 31 | # all the log messages you get or if you want less disk activity |
---|
| 32 | # (say on a laptop) |
---|
| 33 | # (default is 0) |
---|
| 34 | #sync(0); |
---|
| 35 | |
---|
| 36 | # the number of lines fitting in the output queue |
---|
| 37 | log_fifo_size(2048); |
---|
| 38 | |
---|
| 39 | # enable or disable directory creation for destination files |
---|
| 40 | create_dirs(yes); |
---|
| 41 | |
---|
| 42 | # default owner, group, and permissions for log files |
---|
| 43 | # (defaults are 0, 0, 0600) |
---|
| 44 | #owner(root); |
---|
| 45 | group(adm); |
---|
| 46 | perm(0640); |
---|
| 47 | |
---|
| 48 | # default owner, group, and permissions for created directories |
---|
| 49 | # (defaults are 0, 0, 0700) |
---|
| 50 | #dir_owner(root); |
---|
| 51 | #dir_group(root); |
---|
| 52 | dir_perm(0755); |
---|
| 53 | |
---|
| 54 | # enable or disable DNS usage |
---|
| 55 | # syslog-ng blocks on DNS queries, so enabling DNS may lead to |
---|
| 56 | # a Denial of Service attack |
---|
| 57 | # (default is yes) |
---|
| 58 | use_dns(no); |
---|
| 59 | |
---|
| 60 | # maximum length of message in bytes |
---|
| 61 | # this is only limited by the program listening on the /dev/log Unix |
---|
| 62 | # socket, glibc can handle arbitrary length log messages, but -- for |
---|
| 63 | # example -- syslogd accepts only 1024 bytes |
---|
| 64 | # (default is 2048) |
---|
| 65 | #log_msg_size(2048); |
---|
| 66 | |
---|
| 67 | #Disable statistic log messages. |
---|
| 68 | stats_freq(0); |
---|
[1609] | 69 | |
---|
| 70 | # Some program send log messages through a private implementation. |
---|
| 71 | # and sometimes that implementation is bad. If this happen syslog-ng |
---|
| 72 | # may recognise the program name as hostname. Whit this option |
---|
| 73 | # we tell the syslog-ng that if a hostname match this regexp than that |
---|
| 74 | # is not a real hostname. |
---|
| 75 | bad_hostname("^gconfd$"); |
---|
[652] | 76 | }; |
---|
| 77 | |
---|
| 78 | |
---|
| 79 | ###### |
---|
| 80 | # sources |
---|
| 81 | |
---|
| 82 | # all known message sources |
---|
| 83 | source s_all { |
---|
| 84 | # message generated by Syslog-NG |
---|
| 85 | internal(); |
---|
| 86 | # standard Linux log source (this is the default place for the syslog() |
---|
| 87 | # function to send logs to) |
---|
| 88 | unix-stream("/dev/log"); |
---|
| 89 | # messages from the kernel |
---|
| 90 | file("/proc/kmsg" log_prefix("kernel: ")); |
---|
| 91 | # use the following line if you want to receive remote UDP logging messages |
---|
| 92 | # (this is equivalent to the "-r" syslogd flag) |
---|
| 93 | # udp(); |
---|
| 94 | }; |
---|
| 95 | |
---|
| 96 | |
---|
| 97 | ###### |
---|
| 98 | # destinations |
---|
| 99 | |
---|
| 100 | # some standard log files |
---|
| 101 | destination df_auth { file("/var/log/auth.log"); }; |
---|
| 102 | destination df_syslog { file("/var/log/syslog"); }; |
---|
| 103 | destination df_cron { file("/var/log/cron.log"); }; |
---|
| 104 | destination df_daemon { file("/var/log/daemon.log"); }; |
---|
| 105 | destination df_kern { file("/var/log/kern.log"); }; |
---|
| 106 | destination df_lpr { file("/var/log/lpr.log"); }; |
---|
| 107 | destination df_mail { file("/var/log/mail.log"); }; |
---|
| 108 | destination df_user { file("/var/log/user.log"); }; |
---|
| 109 | destination df_uucp { file("/var/log/uucp.log"); }; |
---|
| 110 | |
---|
| 111 | # these files are meant for the mail system log files |
---|
| 112 | # and provide re-usable destinations for {mail,cron,...}.info, |
---|
| 113 | # {mail,cron,...}.notice, etc. |
---|
| 114 | destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; |
---|
| 115 | destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; |
---|
| 116 | destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; |
---|
| 117 | destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; |
---|
| 118 | destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; |
---|
| 119 | |
---|
| 120 | # these files are meant for the news system, and are kept separated |
---|
| 121 | # because they should be owned by "news" instead of "root" |
---|
| 122 | destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; |
---|
| 123 | destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; |
---|
| 124 | destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; |
---|
| 125 | |
---|
| 126 | # some more classical and useful files found in standard syslog configurations |
---|
| 127 | destination df_debug { file("/var/log/debug"); }; |
---|
| 128 | destination df_messages { file("/var/log/messages"); }; |
---|
| 129 | |
---|
| 130 | # pipes |
---|
| 131 | # a console to view log messages under X |
---|
| 132 | destination dp_xconsole { pipe("/dev/xconsole"); }; |
---|
| 133 | |
---|
| 134 | # consoles |
---|
| 135 | # this will send messages to everyone logged in |
---|
| 136 | destination du_all { usertty("*"); }; |
---|
| 137 | |
---|
| 138 | |
---|
| 139 | ###### |
---|
| 140 | # filters |
---|
| 141 | |
---|
| 142 | # all messages from the auth and authpriv facilities |
---|
| 143 | filter f_auth { facility(auth, authpriv); }; |
---|
| 144 | |
---|
| 145 | # all messages except from the auth and authpriv facilities |
---|
| 146 | filter f_syslog { not facility(auth, authpriv); }; |
---|
| 147 | |
---|
| 148 | # respectively: messages from the cron, daemon, kern, lpr, mail, news, user, |
---|
| 149 | # and uucp facilities |
---|
| 150 | filter f_cron { facility(cron); }; |
---|
| 151 | filter f_daemon { facility(daemon); }; |
---|
| 152 | filter f_kern { facility(kern); }; |
---|
| 153 | filter f_lpr { facility(lpr); }; |
---|
| 154 | filter f_mail { facility(mail); }; |
---|
| 155 | filter f_news { facility(news); }; |
---|
| 156 | filter f_user { facility(user); }; |
---|
| 157 | filter f_uucp { facility(uucp); }; |
---|
| 158 | |
---|
| 159 | # some filters to select messages of priority greater or equal to info, warn, |
---|
| 160 | # and err |
---|
| 161 | # (equivalents of syslogd's *.info, *.warn, and *.err) |
---|
| 162 | filter f_at_least_info { level(info..emerg); }; |
---|
| 163 | filter f_at_least_notice { level(notice..emerg); }; |
---|
| 164 | filter f_at_least_warn { level(warn..emerg); }; |
---|
| 165 | filter f_at_least_err { level(err..emerg); }; |
---|
| 166 | filter f_at_least_crit { level(crit..emerg); }; |
---|
| 167 | |
---|
| 168 | # all messages of priority debug not coming from the auth, authpriv, news, and |
---|
| 169 | # mail facilities |
---|
| 170 | filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; |
---|
| 171 | |
---|
| 172 | # all messages of info, notice, or warn priority not coming form the auth, |
---|
| 173 | # authpriv, cron, daemon, mail, and news facilities |
---|
| 174 | filter f_messages { |
---|
| 175 | level(info,notice,warn) |
---|
| 176 | and not facility(auth,authpriv,cron,daemon,mail,news); |
---|
| 177 | }; |
---|
| 178 | |
---|
| 179 | # messages with priority emerg |
---|
| 180 | filter f_emerg { level(emerg); }; |
---|
| 181 | |
---|
| 182 | # complex filter for messages usually sent to the xconsole |
---|
| 183 | filter f_xconsole { |
---|
| 184 | facility(daemon,mail) |
---|
| 185 | or level(debug,info,notice,warn) |
---|
| 186 | or (facility(news) |
---|
| 187 | and level(crit,err,notice)); |
---|
| 188 | }; |
---|
| 189 | |
---|
| 190 | |
---|
| 191 | ###### |
---|
| 192 | # logs |
---|
| 193 | # order matters if you use "flags(final);" to mark the end of processing in a |
---|
| 194 | # "log" statement |
---|
| 195 | |
---|
| 196 | # these rules provide the same behavior as the commented original syslogd rules |
---|
| 197 | |
---|
| 198 | # auth,authpriv.* /var/log/auth.log |
---|
| 199 | log { |
---|
| 200 | source(s_all); |
---|
| 201 | filter(f_auth); |
---|
| 202 | destination(df_auth); |
---|
| 203 | }; |
---|
| 204 | |
---|
| 205 | # *.*;auth,authpriv.none -/var/log/syslog |
---|
| 206 | log { |
---|
| 207 | source(s_all); |
---|
| 208 | filter(f_syslog); |
---|
| 209 | destination(df_syslog); |
---|
| 210 | }; |
---|
| 211 | |
---|
| 212 | # this is commented out in the default syslog.conf |
---|
| 213 | # cron.* /var/log/cron.log |
---|
| 214 | #log { |
---|
| 215 | # source(s_all); |
---|
| 216 | # filter(f_cron); |
---|
| 217 | # destination(df_cron); |
---|
| 218 | #}; |
---|
| 219 | |
---|
| 220 | # daemon.* -/var/log/daemon.log |
---|
| 221 | log { |
---|
| 222 | source(s_all); |
---|
| 223 | filter(f_daemon); |
---|
| 224 | destination(df_daemon); |
---|
| 225 | }; |
---|
| 226 | |
---|
| 227 | # kern.* -/var/log/kern.log |
---|
| 228 | log { |
---|
| 229 | source(s_all); |
---|
| 230 | filter(f_kern); |
---|
| 231 | destination(df_kern); |
---|
| 232 | }; |
---|
| 233 | |
---|
| 234 | # lpr.* -/var/log/lpr.log |
---|
| 235 | log { |
---|
| 236 | source(s_all); |
---|
| 237 | filter(f_lpr); |
---|
| 238 | destination(df_lpr); |
---|
| 239 | }; |
---|
| 240 | |
---|
| 241 | # mail.* -/var/log/mail.log |
---|
| 242 | log { |
---|
| 243 | source(s_all); |
---|
| 244 | filter(f_mail); |
---|
| 245 | destination(df_mail); |
---|
| 246 | }; |
---|
| 247 | |
---|
| 248 | # user.* -/var/log/user.log |
---|
| 249 | log { |
---|
| 250 | source(s_all); |
---|
| 251 | filter(f_user); |
---|
| 252 | destination(df_user); |
---|
| 253 | }; |
---|
| 254 | |
---|
| 255 | # uucp.* /var/log/uucp.log |
---|
| 256 | log { |
---|
| 257 | source(s_all); |
---|
| 258 | filter(f_uucp); |
---|
| 259 | destination(df_uucp); |
---|
| 260 | }; |
---|
| 261 | |
---|
| 262 | # mail.info -/var/log/mail.info |
---|
| 263 | log { |
---|
| 264 | source(s_all); |
---|
| 265 | filter(f_mail); |
---|
| 266 | filter(f_at_least_info); |
---|
| 267 | destination(df_facility_dot_info); |
---|
| 268 | }; |
---|
| 269 | |
---|
| 270 | # mail.warn -/var/log/mail.warn |
---|
| 271 | log { |
---|
| 272 | source(s_all); |
---|
| 273 | filter(f_mail); |
---|
| 274 | filter(f_at_least_warn); |
---|
| 275 | destination(df_facility_dot_warn); |
---|
| 276 | }; |
---|
| 277 | |
---|
| 278 | # mail.err /var/log/mail.err |
---|
| 279 | log { |
---|
| 280 | source(s_all); |
---|
| 281 | filter(f_mail); |
---|
| 282 | filter(f_at_least_err); |
---|
| 283 | destination(df_facility_dot_err); |
---|
| 284 | }; |
---|
| 285 | |
---|
| 286 | # news.crit /var/log/news/news.crit |
---|
| 287 | log { |
---|
| 288 | source(s_all); |
---|
| 289 | filter(f_news); |
---|
| 290 | filter(f_at_least_crit); |
---|
| 291 | destination(df_news_dot_crit); |
---|
| 292 | }; |
---|
| 293 | |
---|
| 294 | # news.err /var/log/news/news.err |
---|
| 295 | log { |
---|
| 296 | source(s_all); |
---|
| 297 | filter(f_news); |
---|
| 298 | filter(f_at_least_err); |
---|
| 299 | destination(df_news_dot_err); |
---|
| 300 | }; |
---|
| 301 | |
---|
| 302 | # news.notice /var/log/news/news.notice |
---|
| 303 | log { |
---|
| 304 | source(s_all); |
---|
| 305 | filter(f_news); |
---|
| 306 | filter(f_at_least_notice); |
---|
| 307 | destination(df_news_dot_notice); |
---|
| 308 | }; |
---|
| 309 | |
---|
| 310 | |
---|
| 311 | # *.=debug;\ |
---|
| 312 | # auth,authpriv.none;\ |
---|
| 313 | # news.none;mail.none -/var/log/debug |
---|
| 314 | log { |
---|
| 315 | source(s_all); |
---|
| 316 | filter(f_debug); |
---|
| 317 | destination(df_debug); |
---|
| 318 | }; |
---|
| 319 | |
---|
| 320 | |
---|
| 321 | # *.=info;*.=notice;*.=warn;\ |
---|
| 322 | # auth,authpriv.none;\ |
---|
| 323 | # cron,daemon.none;\ |
---|
| 324 | # mail,news.none -/var/log/messages |
---|
| 325 | log { |
---|
| 326 | source(s_all); |
---|
| 327 | filter(f_messages); |
---|
| 328 | destination(df_messages); |
---|
| 329 | }; |
---|
| 330 | |
---|
| 331 | # *.emerg * |
---|
| 332 | log { |
---|
| 333 | source(s_all); |
---|
| 334 | filter(f_emerg); |
---|
| 335 | destination(du_all); |
---|
| 336 | }; |
---|
| 337 | |
---|
| 338 | |
---|
| 339 | # daemon.*;mail.*;\ |
---|
| 340 | # news.crit;news.err;news.notice;\ |
---|
| 341 | # *.=debug;*.=info;\ |
---|
| 342 | # *.=notice;*.=warn |/dev/xconsole |
---|
| 343 | log { |
---|
| 344 | source(s_all); |
---|
| 345 | filter(f_xconsole); |
---|
| 346 | destination(dp_xconsole); |
---|
| 347 | }; |
---|
| 348 | |
---|