Views
From digital-bit.ch's wiki
# /etc/syslog-ng/syslog-ng.conf
# syslog-ng version 2.x not compatible to 3.x
options { chain_hostnames(off); create_dirs (yes); sync(0); stats(43200); };
#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
#define destinations
destination authlog { file("/var/log/security/auth-$MONTH-$YEAR.log"); };
destination syslog { file("/var/log/syslog-$MONTH-$YEAR"); };
destination cron { file("/var/log/cron-$MONTH-$YEAR.log"); };
destination daemon { file("/var/log/daemon-$MONTH-$YEAR.log"); };
destination kern { file("/var/log/kern-$MONTH-$YEAR.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user-$MONTH-$YEAR.log"); };
destination pax { file("/var/log/security/pax-$MONTH-$YEAR.log"); };
destination grsec { file("/var/log/security/grsec-$MONTH-$YEAR.log"); };
destination suhosin { file("/var/log/security/suhosin-$MONTH-$YEAR.log"); };
destination jabber { file("/var/log/jabber--$MONTH-$YEAR.log"); };
# Should be maillog (Without dot) as it was the default on logwatch
destination mail { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail-$MONTH-$YEAR.info"); };
destination mailwarn { file("/var/log/mail-$MONTH-$YEAR.warn"); };
destination mailerr { file("/var/log/mail-$MONTH-$YEAR.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug-$MONTH-$YEAR"); };
destination messages { file("/var/log/messages-$MONTH-$YEAR"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };
#create filters
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_pax { match("^PAX:.*"); };
filter f_grsec { match("^grsec:.*"); };
filter f_suhosin { match("^suhosin.*"); };
filter f_jabber { match("^jabber.*"); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };
#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
#log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(kernsrc); filter(f_pax); destination(pax); };
log { source(kernsrc); filter(f_grsec); destination(grsec); };
log { source(src); filter(f_suhosin); destination(suhosin); };
log { source(src); filter(f_jabber); destination(jabber); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
#log { source(src); filter(f_emergency); destination(console); };
#default log
#log { source(src); destination(console_all); };
BlogMarks
del.icio.us
digg
Slashdot
