@version: 3.17 # # /etc/syslog-ng: syslog-ng(8) configration file, based on a gentoo template # use logger to test new rules: # logger -p daemon.crit testmessage # use loggen to produce log messages remotely # on busy systems you may have to adjus flush_lines and suppress() to avoid # heavy disc i/o # to change default permissions/owner/group for newly created files add # options like this: owner(root); group(sys); perm(0644); options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); }; #source where to read log source src { unix-stream("/dev/log"); internal(); }; source kernsrc { file("/proc/kmsg"); }; #define templates template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); }; #define destinations destination authlog { file("/var/log/auth.log" suppress(5)); }; destination sudo { file("/var/log/sudo.log" suppress(5)); }; destination cron { file("/var/log/cron.log" suppress(5)); }; destination kern { file("/var/log/kern.log" suppress(5)); }; destination mail { file("/var/log/mail.log" suppress(5)); }; destination mailinfo { file("/var/log/mail.info" suppress(5)); }; destination mailwarn { file("/var/log/mail.warn" suppress(5)); }; destination mailerr { file("/var/log/mail.err" suppress(5)); }; #destination newscrit { file("/var/log/news/news.crit" suppress(5)); }; #destination newserr { file("/var/log/news/news.err" suppress(5)); }; #destination newsnotice { file("/var/log/news/news.notice" suppress(5)); }; destination debug { file("/var/log/debug" template(t_debug) suppress(5)); }; destination messages { file("/var/log/messages" suppress(5)); }; destination errors { file("/var/log/error.log" suppress(5)); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty12" suppress(5)); }; destination xconsole { pipe("/dev/xconsole" suppress(5)); }; #create filters filter f_authpriv { facility(auth, authpriv); }; filter f_cron { facility(cron); }; filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; #filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); }; filter f_debug { not facility(mail) and not program(sudo); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail) and not program(sudo); }; filter f_sudo { program(sudo); }; filter f_errors { level(err..emerg); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; # examples for text-matching (beware of performance issues) #filter f_failed { match("failed"); }; #filter f_denied { match("denied"); }; #connect filter and destination log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_sudo); destination(sudo); }; log { source(src); filter(f_cron); destination(cron); }; log { source(kernsrc); filter(f_kern); destination(kern); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; #log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_errors); destination(errors); }; log { source(src); filter(f_emergency); destination(console); }; #default log #log { source(src); destination(console_all); };