about summary refs log tree commit diff stats
path: root/tools/conf/etc/syslog-ng.conf
diff options
context:
space:
mode:
Diffstat (limited to 'tools/conf/etc/syslog-ng.conf')
-rw-r--r--tools/conf/etc/syslog-ng.conf299
1 files changed, 199 insertions, 100 deletions
diff --git a/tools/conf/etc/syslog-ng.conf b/tools/conf/etc/syslog-ng.conf
index 16c1ddb..02e2d57 100644
--- a/tools/conf/etc/syslog-ng.conf
+++ b/tools/conf/etc/syslog-ng.conf
@@ -1,127 +1,226 @@
-@version: 3.17
+@version: 3.25
+@include "scl.conf"
+
+# Syslog-ng configuration file, compatible with default Debian syslogd
+# installation.
+
+# First, set some global options.
+options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
+	  owner("root"); group("adm"); perm(0640); stats_freq(0);
+	  bad_hostname("^gconfd$");
+};
+
+########################
+# Sources
+########################
+# This is the default behavior of sysklogd package
+# Logs may come from unix stream, but not from another machine.
 #
-# /etc/syslog-ng: syslog-ng(8) configration file
-# based on a gentoo template added custom changes for crux
+source s_src {
+       system();
+       internal();
+};
 
-# on busy systems you may have to adjus flush_lines and suppress() to avoid
-# heavy disc i/o
-# to change default permissions/owner/group for newly created files add 
-# options like this: owner(root); group(sys); perm(0644);
-
-options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); };
-
-#source where to read log
-source src { unix-stream("/dev/log"); internal(); };
-source kernsrc { file("/proc/kmsg"); };
-
-#define templates
-template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); };
-
-#define destinations
-destination authlog { file("/var/log/auth" suppress(5)); };
-destination sudo { file("/var/log/sudo" suppress(5)); };
-destination cron { file("/var/log/cron" suppress(5)); };
-destination kern { file("/var/log/kernel" suppress(5)); };
-destination mail { file("/var/log/mail" suppress(5)); };
-
-destination mailinfo { file("/var/log/mail.info" suppress(5)); };
-destination mailwarn { file("/var/log/mail.warn" suppress(5)); };
-destination mailerr { file("/var/log/mail.err" suppress(5)); };
-
-#destination newscrit { file("/var/log/news/news.crit" suppress(5)); };
-#destination newserr { file("/var/log/news/news.err" suppress(5)); };
-#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); };
+# If you wish to get logs from remote machine you should uncomment
+# this and comment the above source line.
+#
+#source s_net { tcp(ip(127.0.0.1) port(1000)); };
 
-destination debug { file("/var/log/debug" template(t_debug) suppress(5)); };
-destination messages { file("/var/log/messages" suppress(5)); };
-destination errors { file("/var/log/error" suppress(5)); };
-destination console { usertty("root"); };
-destination console_all { file("/dev/tty12" suppress(5)); };
-destination xconsole { pipe("/dev/xconsole" suppress(5)); };
+########################
+# Destinations
+########################
+# First some standard logfile
+#
+destination d_auth { file("/var/log/auth"); };
+destination d_sudo { file("/var/log/sudo" ); };
+destination d_cron { file("/var/log/cron"); };
+destination d_daemon { file("/var/log/daemon"); };
+destination d_kern { file("/var/log/kernel"); };
+destination d_lpr { file("/var/log/lpr"); };
+destination d_mail { file("/var/log/mail"); };
+destination d_syslog { file("/var/log/syslog-ng"); };
+destination d_user { file("/var/log/user"); };
+destination d_uucp { file("/var/log/uucp"); };
+
+# This files are the log come from the mail subsystem.
+#
+destination d_mailinfo { file("/var/log/mail.info"); };
+destination d_mailwarn { file("/var/log/mail.warn"); };
+destination d_mailerr { file("/var/log/mail.err"); };
 
-#############################################
-# custom destinations
+# Logging for INN news system
 #
+destination d_newscrit { file("/var/log/news/news.crit"); };
+destination d_newserr { file("/var/log/news/news.err"); };
+destination d_newsnotice { file("/var/log/news/news.notice"); };
 
-destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); };
-destination d_shorewall_info { file ("/var/log/shorewall/info.log"); };
+# Some 'catch-all' logfiles.
+#
+destination d_debug { file("/var/log/debug"); };
+destination d_error { file("/var/log/error"); };
+destination d_messages { file("/var/log/messages"); };
+
+# Custom destinations
+destination d_shorewall_warn { file ("/var/log/shorewall/warn"); };
+destination d_shorewall_info { file ("/var/log/shorewall/info"); };
+destination d_ntpd { file("/var/log/ntpd"); };
 destination d_dnsmasq	{ file("/var/log/dnsmasq"); };
 destination d_postgres  { file("/var/log/pgsql"); };
+destination d_mysql  { file("/var/log/pgsql"); };
 destination d_iptables  { file("/var/log/iptables"); };
 destination d_sshd      { file("/var/log/sshd"); };
 destination d_gitolite  { file("/var/log/gitolite"); };
-destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644));  };
-destination d_nginx_error  { file("/var/log/nginx/error.log"); };
+destination d_git-daemon  { file("/var/log/git-daemon"); };
+destination d_nginx_access { file("/var/log/nginx_access"); };
+destination d_nginx_error  { file("/var/log/nginx_error"); };
+destination d_php_fpm { file("/var/log/php-fpm"); };
+destination d_php { file("/var/log/php"); };
+destination d_nginx_vhost { file("/var/log/nginx/vhost_access"); };
+destination d_nginx_vhost_err { file("/var/log/nginx/vhost_error"); };
+
+# The root's console.
+#
+destination d_console { usertty("root"); };
 
+# Virtual console.
+#
+#destination d_console_all { file(`tty10`); };
+destination console { usertty("root"); };
+destination d_console_all { file("/dev/tty12" suppress(5)); };
+destination xconsole { pipe("/dev/xconsole" suppress(5)); };
+
+
+
+# The named pipe /dev/xconsole is for the nsole' utility.  To use it,
+# you must invoke nsole' with the -file' option:
+#
+#    $ xconsole -file /dev/xconsole [...]
+#
+destination d_xconsole { pipe("/dev/xconsole"); };
+
+# Send the messages to an other host
+#
+#destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };
 
-#create filters
-filter f_authpriv { facility(auth, authpriv); };
-filter f_cron { facility(cron); };
-filter f_kern { facility(kern); };
-filter f_mail { facility(mail); };
-#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); }; 
-filter f_debug { not facility(mail) and not program(sudo); }; 
-filter f_messages { level(info..warn)
-        and not facility(auth, authpriv, mail) and not program(sudo); };
-filter f_sudo { program(sudo); };
-filter f_errors { level(err..emerg); };
+# Debian only
+destination d_ppp { file("/var/log/ppp"); };
 
-filter f_emergency { level(emerg); };
+########################
+# Filters
+########################
+# Here's come the filter options. With this rules, we can set which 
+# message go where.
 
+filter f_dbg { level(debug); };
 filter f_info { level(info); };
 filter f_notice { level(notice); };
 filter f_warn { level(warn); };
-filter f_crit { level(crit); };
 filter f_err { level(err); };
+filter f_crit { level(crit .. emerg); };
+
+filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
+filter f_error { level(err .. emerg) ; };
+filter f_messages { level(info,notice,warn)
+                    and not facility(auth,authpriv,cron,daemon,mail,news,local0); };
+
+filter f_auth { facility(auth, authpriv) and not filter(f_debug); };
+filter f_sudo { facility(auth, authpriv) and program("^sudo$"); };
+filter f_cron { facility(cron) and not filter(f_debug);};
+filter f_daemon { facility(daemon, local0)
+        and not filter(f_debug)
+        and not program("^php$")
+        and not program("^nginx_vhost$")
+        and not program("^nginx_vhost_err$");};
+filter f_kern { facility(kern) and not filter(f_debug); };
+filter f_lpr { facility(lpr) and not filter(f_debug); };
+filter f_local { facility(local0, local1, local3, local4, local5,
+                        local6, local7) and not filter(f_debug); };
+filter f_mail { facility(mail) and not filter(f_debug); };
+filter f_news { facility(news) and not filter(f_debug); };
+filter f_syslog3 { program("^syslog-ng$");};
+filter f_user { facility(user) and not filter(f_debug); };
+filter f_uucp { facility(uucp) and not filter(f_debug); };
+
+filter f_cnews { level(notice, err, crit) and facility(news); };
+filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
+
+filter f_ppp { facility(local2) and not filter(f_debug); };
+filter f_console { level(warn .. emerg); };
 
-#############################################
 # custom filters
-#
-filter f_dnsmasq { program("dnsmasq"); };
-filter f_postgres { facility(local0); };
-filter f_sshd { facility(local1); };
+
+filter f_ntpd { facility(daemon) and program("^ntpd$"); };
+filter f_dnsmasq { facility(daemon) and program("^dnsmasq$"); };
+filter f_postgres { facility(local0) and program("^postgresql$"); };
+filter f_sshd { facility(auth) and program("^sshd$"); };
 
 filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) };
 filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); };
 filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); };
-filter f_gitolite { program("gitolite"); };
-filter f_nginx_access { match("nginx_access:" value("MESSAGE")); };
-filter f_nginx_error { match("nginx_error:" value("MESSAGE")); };
-
-# examples for text-matching (beware of performance issues)
-#filter f_failed { match("failed"); };
-#filter f_denied { match("denied"); };
-
-#connect filter and destination
-log { source(src); filter(f_authpriv); destination(authlog); };
-log { source(src); filter(f_sudo); destination(sudo); };
-log { source(src); filter(f_cron); destination(cron); };
-log { source(kernsrc); filter(f_kern); destination(kern); };
-log { source(src); filter(f_mail); destination(mail); };
-log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
-log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
-log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
-
-#log { source(src); filter(f_debug); destination(debug); };
-log { source(src); filter(f_messages); destination(messages); };
-log { source(src); filter(f_errors); destination(errors); };
-log { source(src); filter(f_emergency); destination(console); };
-
-#default log
-#log { source(src); destination(console_all); };
-
-#############################################
-# custom 
-#
-
-log { source (kernsrc); filter (f_iptables); destination (d_iptables);};
-log { source (kernsrc); filter (f_shorewall_warn); destination (d_shorewall_warn);};
-log { source (kernsrc); filter (f_shorewall_info); destination (d_shorewall_info);};
-log { source(src); filter(f_dnsmasq); destination(d_dnsmasq);};
-log { source(src); filter(f_postgres); destination(d_postgres);};
-log { source(src); filter(f_sshd); destination(d_sshd);};
-log { source(src); filter(f_gitolite); destination(d_gitolite);};
-log { source(src); filter(f_nginx_error); destination(d_nginx_error);};
-log { source(src); filter(f_nginx_access); destination(d_nginx_access);};
+filter f_gitolite { program("^gitolite$"); };
+filter f_git-daemon { program("^git-daemon$"); };
+filter f_nginx_error { facility(daemon) and program("^nginx$"); };
+filter f_nginx_vhost { facility(daemon) and program("^nginx_vhost$");};
+filter f_nginx_vhost_err { facility(daemon) and program("^nginx_vhost_err$");};
+filter f_php_fpm { facility(daemon) and program("^php-fpm$");};
+filter f_php { facility(daemon) and program("^php$");};
+
+# custom logs
+log { source(s_src); filter(f_ntpd); destination(d_ntpd); };
+log { source(s_src); filter(f_php_fpm); destination(d_php_fpm); };
+log { source(s_src); filter(f_php); destination(d_php); };
+log { source(s_src); filter(f_nginx_vhost); destination(d_nginx_vhost); };
+log { source(s_src); filter(f_nginx_vhost_err); destination(d_nginx_vhost_err); };
+log { source(s_src); filter(f_sshd); destination(d_sshd);};
+log { source (s_src); filter (f_iptables); destination (d_iptables);};
+log { source (s_src); filter (f_shorewall_warn); destination (d_shorewall_warn);};
+log { source (s_src); filter (f_shorewall_info); destination (d_shorewall_info);};
+log { source(s_src); filter(f_dnsmasq); destination(d_dnsmasq);};
+log { source(s_src); filter(f_postgres); destination(d_postgres);};
+log { source(s_src); filter(f_gitolite); destination(d_gitolite);};
+log { source(s_src); filter(f_git-daemon); destination(d_git-daemon);};
+log { source(s_src); filter(f_nginx_error); destination(d_nginx_error);};
+
+########################
+# Log paths
+########################
+log { source(s_src); filter(f_auth); destination(d_auth); };
+log { source(s_src); filter(f_sudo); destination(d_sudo); };
+log { source(s_src); filter(f_cron); destination(d_cron); };
+log { source(s_src); filter(f_daemon); destination(d_daemon); };
+log { source(s_src); filter(f_kern); destination(d_kern); };
+log { source(s_src); filter(f_lpr); destination(d_lpr); };
+log { source(s_src); filter(f_user); destination(d_user); };
+log { source(s_src); filter(f_uucp); destination(d_uucp); };
+
+log { source(s_src); filter(f_mail); destination(d_mail); };
+log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
+log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
+log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
+
+log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); };
+log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); };
+log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };
+#log { source(s_src); filter(f_cnews); destination(d_console_all); };
+#log { source(s_src); filter(f_cother); destination(d_console_all); };
+
+#log { source(s_src); filter(f_ppp); destination(d_ppp); };
+
+log { source(s_src); filter(f_debug); destination(d_debug); };
+log { source(s_src); filter(f_error); destination(d_error); };
+log { source(s_src); filter(f_messages); destination(d_messages); };
+log { source(s_src); filter(f_syslog3); destination(d_syslog); };
+log { source(s_src); filter(f_console); destination(d_console_all);
+				    destination(d_xconsole); };
+log { source(s_src); filter(f_crit); destination(d_console); };
 
+#
+# 
+# All messages send to a remote site
+#
+#log { source(s_src); destination(d_net); };
 
+###
+# Include all config files in /etc/syslog-ng/conf.d/
+###
+@include "/etc/syslog-ng/conf.d/*.conf"
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-06-02 14:02:43 +0000