diff options
author | punk <punk@libernaut> | 2021-04-29 16:11:04 +0100 |
---|---|---|
committer | punk <punk@libernaut> | 2021-04-29 16:11:25 +0100 |
commit | 9bef2e2b7ea351b6b1cb490597356677db61ff34 (patch) | |
tree | c36ae24aa3c36f6c19284c7d4da7c25a620bfabf /linux/conf/syslog-ng.conf | |
parent | 6b5cf63d1987889e272643bf7eeb7725df856d11 (diff) | |
parent | 5e601f7ee14830ef645ee3d3b1bcdce7450a5ce3 (diff) | |
download | doc-master.tar.gz |
Diffstat (limited to 'linux/conf/syslog-ng.conf')
-rw-r--r-- | linux/conf/syslog-ng.conf | 226 |
1 files changed, 226 insertions, 0 deletions
diff --git a/linux/conf/syslog-ng.conf b/linux/conf/syslog-ng.conf new file mode 100644 index 0000000..02e2d57 --- /dev/null +++ b/linux/conf/syslog-ng.conf @@ -0,0 +1,226 @@ +@version: 3.25 +@include "scl.conf" + +# Syslog-ng configuration file, compatible with default Debian syslogd +# installation. + +# First, set some global options. +options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); + owner("root"); group("adm"); perm(0640); stats_freq(0); + bad_hostname("^gconfd$"); +}; + +######################## +# Sources +######################## +# This is the default behavior of sysklogd package +# Logs may come from unix stream, but not from another machine. +# +source s_src { + system(); + internal(); +}; + +# If you wish to get logs from remote machine you should uncomment +# this and comment the above source line. +# +#source s_net { tcp(ip(127.0.0.1) port(1000)); }; + +######################## +# Destinations +######################## +# First some standard logfile +# +destination d_auth { file("/var/log/auth"); }; +destination d_sudo { file("/var/log/sudo" ); }; +destination d_cron { file("/var/log/cron"); }; +destination d_daemon { file("/var/log/daemon"); }; +destination d_kern { file("/var/log/kernel"); }; +destination d_lpr { file("/var/log/lpr"); }; +destination d_mail { file("/var/log/mail"); }; +destination d_syslog { file("/var/log/syslog-ng"); }; +destination d_user { file("/var/log/user"); }; +destination d_uucp { file("/var/log/uucp"); }; + +# This files are the log come from the mail subsystem. +# +destination d_mailinfo { file("/var/log/mail.info"); }; +destination d_mailwarn { file("/var/log/mail.warn"); }; +destination d_mailerr { file("/var/log/mail.err"); }; + +# Logging for INN news system +# +destination d_newscrit { file("/var/log/news/news.crit"); }; +destination d_newserr { file("/var/log/news/news.err"); }; +destination d_newsnotice { file("/var/log/news/news.notice"); }; + +# Some 'catch-all' logfiles. +# +destination d_debug { file("/var/log/debug"); }; +destination d_error { file("/var/log/error"); }; +destination d_messages { file("/var/log/messages"); }; + +# Custom destinations +destination d_shorewall_warn { file ("/var/log/shorewall/warn"); }; +destination d_shorewall_info { file ("/var/log/shorewall/info"); }; +destination d_ntpd { file("/var/log/ntpd"); }; +destination d_dnsmasq { file("/var/log/dnsmasq"); }; +destination d_postgres { file("/var/log/pgsql"); }; +destination d_mysql { file("/var/log/pgsql"); }; +destination d_iptables { file("/var/log/iptables"); }; +destination d_sshd { file("/var/log/sshd"); }; +destination d_gitolite { file("/var/log/gitolite"); }; +destination d_git-daemon { file("/var/log/git-daemon"); }; +destination d_nginx_access { file("/var/log/nginx_access"); }; +destination d_nginx_error { file("/var/log/nginx_error"); }; +destination d_php_fpm { file("/var/log/php-fpm"); }; +destination d_php { file("/var/log/php"); }; +destination d_nginx_vhost { file("/var/log/nginx/vhost_access"); }; +destination d_nginx_vhost_err { file("/var/log/nginx/vhost_error"); }; + +# The root's console. +# +destination d_console { usertty("root"); }; + +# Virtual console. +# +#destination d_console_all { file(`tty10`); }; +destination console { usertty("root"); }; +destination d_console_all { file("/dev/tty12" suppress(5)); }; +destination xconsole { pipe("/dev/xconsole" suppress(5)); }; + + + +# The named pipe /dev/xconsole is for the nsole' utility. To use it, +# you must invoke nsole' with the -file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +destination d_xconsole { pipe("/dev/xconsole"); }; + +# Send the messages to an other host +# +#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); }; + +# Debian only +destination d_ppp { file("/var/log/ppp"); }; + +######################## +# Filters +######################## +# Here's come the filter options. With this rules, we can set which +# message go where. + +filter f_dbg { level(debug); }; +filter f_info { level(info); }; +filter f_notice { level(notice); }; +filter f_warn { level(warn); }; +filter f_err { level(err); }; +filter f_crit { level(crit .. emerg); }; + +filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; +filter f_error { level(err .. emerg) ; }; +filter f_messages { level(info,notice,warn) + and not facility(auth,authpriv,cron,daemon,mail,news,local0); }; + +filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; +filter f_sudo { facility(auth, authpriv) and program("^sudo$"); }; +filter f_cron { facility(cron) and not filter(f_debug);}; +filter f_daemon { facility(daemon, local0) + and not filter(f_debug) + and not program("^php$") + and not program("^nginx_vhost$") + and not program("^nginx_vhost_err$");}; +filter f_kern { facility(kern) and not filter(f_debug); }; +filter f_lpr { facility(lpr) and not filter(f_debug); }; +filter f_local { facility(local0, local1, local3, local4, local5, + local6, local7) and not filter(f_debug); }; +filter f_mail { facility(mail) and not filter(f_debug); }; +filter f_news { facility(news) and not filter(f_debug); }; +filter f_syslog3 { program("^syslog-ng$");}; +filter f_user { facility(user) and not filter(f_debug); }; +filter f_uucp { facility(uucp) and not filter(f_debug); }; + +filter f_cnews { level(notice, err, crit) and facility(news); }; +filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; + +filter f_ppp { facility(local2) and not filter(f_debug); }; +filter f_console { level(warn .. emerg); }; + +# custom filters + +filter f_ntpd { facility(daemon) and program("^ntpd$"); }; +filter f_dnsmasq { facility(daemon) and program("^dnsmasq$"); }; +filter f_postgres { facility(local0) and program("^postgresql$"); }; +filter f_sshd { facility(auth) and program("^sshd$"); }; + +filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) }; +filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); }; +filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); }; +filter f_gitolite { program("^gitolite$"); }; +filter f_git-daemon { program("^git-daemon$"); }; +filter f_nginx_error { facility(daemon) and program("^nginx$"); }; +filter f_nginx_vhost { facility(daemon) and program("^nginx_vhost$");}; +filter f_nginx_vhost_err { facility(daemon) and program("^nginx_vhost_err$");}; +filter f_php_fpm { facility(daemon) and program("^php-fpm$");}; +filter f_php { facility(daemon) and program("^php$");}; + +# custom logs +log { source(s_src); filter(f_ntpd); destination(d_ntpd); }; +log { source(s_src); filter(f_php_fpm); destination(d_php_fpm); }; +log { source(s_src); filter(f_php); destination(d_php); }; +log { source(s_src); filter(f_nginx_vhost); destination(d_nginx_vhost); }; +log { source(s_src); filter(f_nginx_vhost_err); destination(d_nginx_vhost_err); }; +log { source(s_src); filter(f_sshd); destination(d_sshd);}; +log { source (s_src); filter (f_iptables); destination (d_iptables);}; +log { source (s_src); filter (f_shorewall_warn); destination (d_shorewall_warn);}; +log { source (s_src); filter (f_shorewall_info); destination (d_shorewall_info);}; +log { source(s_src); filter(f_dnsmasq); destination(d_dnsmasq);}; +log { source(s_src); filter(f_postgres); destination(d_postgres);}; +log { source(s_src); filter(f_gitolite); destination(d_gitolite);}; +log { source(s_src); filter(f_git-daemon); destination(d_git-daemon);}; +log { source(s_src); filter(f_nginx_error); destination(d_nginx_error);}; + +######################## +# Log paths +######################## +log { source(s_src); filter(f_auth); destination(d_auth); }; +log { source(s_src); filter(f_sudo); destination(d_sudo); }; +log { source(s_src); filter(f_cron); destination(d_cron); }; +log { source(s_src); filter(f_daemon); destination(d_daemon); }; +log { source(s_src); filter(f_kern); destination(d_kern); }; +log { source(s_src); filter(f_lpr); destination(d_lpr); }; +log { source(s_src); filter(f_user); destination(d_user); }; +log { source(s_src); filter(f_uucp); destination(d_uucp); }; + +log { source(s_src); filter(f_mail); destination(d_mail); }; +log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; +log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; +log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; + +log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; +log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; +log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; +#log { source(s_src); filter(f_cnews); destination(d_console_all); }; +#log { source(s_src); filter(f_cother); destination(d_console_all); }; + +#log { source(s_src); filter(f_ppp); destination(d_ppp); }; + +log { source(s_src); filter(f_debug); destination(d_debug); }; +log { source(s_src); filter(f_error); destination(d_error); }; +log { source(s_src); filter(f_messages); destination(d_messages); }; +log { source(s_src); filter(f_syslog3); destination(d_syslog); }; +log { source(s_src); filter(f_console); destination(d_console_all); + destination(d_xconsole); }; +log { source(s_src); filter(f_crit); destination(d_console); }; + +# +# +# All messages send to a remote site +# +#log { source(s_src); destination(d_net); }; + +### +# Include all config files in /etc/syslog-ng/conf.d/ +### +@include "/etc/syslog-ng/conf.d/*.conf" |