diff options
Diffstat (limited to 'tools/syslog-ng.html')
-rw-r--r-- | tools/syslog-ng.html | 236 |
1 files changed, 233 insertions, 3 deletions
diff --git a/tools/syslog-ng.html b/tools/syslog-ng.html index 50eaebc..70dc994 100644 --- a/tools/syslog-ng.html +++ b/tools/syslog-ng.html @@ -52,6 +52,236 @@ # End of file </pre> + <p>Edit <a href="conf/etc/syslog-ng.conf">/etc/syslog-ng.conf</a> with your logging preferences;</p> + + <pre> + @version: 3.25 + @include "scl.conf" + + # Syslog-ng configuration file, compatible with default Debian syslogd + # installation. + + # First, set some global options. + options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); + owner("root"); group("adm"); perm(0640); stats_freq(0); + bad_hostname("^gconfd$"); + }; + + ######################## + # Sources + ######################## + # This is the default behavior of sysklogd package + # Logs may come from unix stream, but not from another machine. + # + source s_src { + system(); + internal(); + }; + + # If you wish to get logs from remote machine you should uncomment + # this and comment the above source line. + # + #source s_net { tcp(ip(127.0.0.1) port(1000)); }; + + ######################## + # Destinations + ######################## + # First some standard logfile + # + destination d_auth { file("/var/log/auth"); }; + destination d_sudo { file("/var/log/sudo" ); }; + destination d_cron { file("/var/log/cron"); }; + destination d_daemon { file("/var/log/daemon"); }; + destination d_kern { file("/var/log/kernel"); }; + destination d_lpr { file("/var/log/lpr"); }; + destination d_mail { file("/var/log/mail"); }; + destination d_syslog { file("/var/log/syslog-ng"); }; + destination d_user { file("/var/log/user"); }; + destination d_uucp { file("/var/log/uucp"); }; + + # This files are the log come from the mail subsystem. + # + destination d_mailinfo { file("/var/log/mail.info"); }; + destination d_mailwarn { file("/var/log/mail.warn"); }; + destination d_mailerr { file("/var/log/mail.err"); }; + + # Logging for INN news system + # + destination d_newscrit { file("/var/log/news/news.crit"); }; + destination d_newserr { file("/var/log/news/news.err"); }; + destination d_newsnotice { file("/var/log/news/news.notice"); }; + + # Some 'catch-all' logfiles. + # + destination d_debug { file("/var/log/debug"); }; + destination d_error { file("/var/log/error"); }; + destination d_messages { file("/var/log/messages"); }; + + # Custom destinations + destination d_shorewall_warn { file ("/var/log/shorewall/warn"); }; + destination d_shorewall_info { file ("/var/log/shorewall/info"); }; + destination d_dnsmasq { file("/var/log/dnsmasq"); }; + destination d_postgres { file("/var/log/pgsql"); }; + destination d_mysql { file("/var/log/pgsql"); }; + destination d_iptables { file("/var/log/iptables"); }; + destination d_sshd { file("/var/log/sshd"); }; + destination d_gitolite { file("/var/log/gitolite"); }; + destination d_git-daemon { file("/var/log/git-daemon"); }; + destination d_nginx_access { file("/var/log/nginx_access"); }; + destination d_nginx_error { file("/var/log/nginx_error"); }; + destination d_php_fpm { file("/var/log/php-fpm"); }; + destination d_php { file("/var/log/php"); }; + destination d_nginx_vhost { file("/var/log/nginx/vhost_access"); }; + destination d_nginx_vhost_err { file("/var/log/nginx/vhost_error"); }; + + # The root's console. + # + destination d_console { usertty("root"); }; + + # Virtual console. + # + #destination d_console_all { file(`tty10`); }; + destination console { usertty("root"); }; + destination d_console_all { file("/dev/tty12" suppress(5)); }; + destination xconsole { pipe("/dev/xconsole" suppress(5)); }; + + + + # The named pipe /dev/xconsole is for the nsole' utility. To use it, + # you must invoke nsole' with the -file' option: + # + # $ xconsole -file /dev/xconsole [...] + # + destination d_xconsole { pipe("/dev/xconsole"); }; + + # Send the messages to an other host + # + #destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); }; + + # Debian only + destination d_ppp { file("/var/log/ppp"); }; + + ######################## + # Filters + ######################## + # Here's come the filter options. With this rules, we can set which + # message go where. + + filter f_dbg { level(debug); }; + filter f_info { level(info); }; + filter f_notice { level(notice); }; + filter f_warn { level(warn); }; + filter f_err { level(err); }; + filter f_crit { level(crit .. emerg); }; + + filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; + filter f_error { level(err .. emerg) ; }; + filter f_messages { level(info,notice,warn) + and not facility(auth,authpriv,cron,daemon,mail,news,local0); }; + + filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; + filter f_sudo { facility(auth, authpriv) and program("^sudo$"); }; + filter f_cron { facility(cron) and not filter(f_debug);}; + filter f_daemon { facility(daemon, local0) + and not filter(f_debug) + and not program("^php$") + and not program("^nginx_vhost$") + and not program("^nginx_vhost_err$");}; + filter f_kern { facility(kern) and not filter(f_debug); }; + filter f_lpr { facility(lpr) and not filter(f_debug); }; + filter f_local { facility(local0, local1, local3, local4, local5, + local6, local7) and not filter(f_debug); }; + filter f_mail { facility(mail) and not filter(f_debug); }; + filter f_news { facility(news) and not filter(f_debug); }; + filter f_syslog3 { program("^syslog-ng$");}; + filter f_user { facility(user) and not filter(f_debug); }; + filter f_uucp { facility(uucp) and not filter(f_debug); }; + + filter f_cnews { level(notice, err, crit) and facility(news); }; + filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; + + filter f_ppp { facility(local2) and not filter(f_debug); }; + filter f_console { level(warn .. emerg); }; + + # custom filters + + filter f_dnsmasq { program("^dnsmasq$"); }; + filter f_postgres { facility(local0) and program("^postgresql$"); }; + filter f_sshd { facility(auth) and program("^sshd$"); }; + + filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) }; + filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); }; + filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); }; + filter f_gitolite { program("^gitolite$"); }; + filter f_git-daemon { program("^git-daemon$"); }; + filter f_nginx_error { facility(daemon) and program("^nginx$"); }; + filter f_nginx_vhost { facility(daemon) and program("^nginx_vhost$");}; + filter f_nginx_vhost_err { facility(daemon) and program("^nginx_vhost_err$");}; + filter f_php_fpm { facility(daemon) and program("^php-fpm$");}; + filter f_php { facility(daemon) and program("^php$");}; + + # custom logs + log { source(s_src); filter(f_php_fpm); destination(d_php_fpm); }; + log { source(s_src); filter(f_php); destination(d_php); }; + log { source(s_src); filter(f_nginx_vhost); destination(d_nginx_vhost); }; + log { source(s_src); filter(f_nginx_vhost_err); destination(d_nginx_vhost_err); }; + log { source(s_src); filter(f_sshd); destination(d_sshd);}; + log { source (s_src); filter (f_iptables); destination (d_iptables);}; + log { source (s_src); filter (f_shorewall_warn); destination (d_shorewall_warn);}; + log { source (s_src); filter (f_shorewall_info); destination (d_shorewall_info);}; + log { source(s_src); filter(f_dnsmasq); destination(d_dnsmasq);}; + log { source(s_src); filter(f_postgres); destination(d_postgres);}; + log { source(s_src); filter(f_gitolite); destination(d_gitolite);}; + log { source(s_src); filter(f_git-daemon); destination(d_git-daemon);}; + log { source(s_src); filter(f_nginx_error); destination(d_nginx_error);}; + + ######################## + # Log paths + ######################## + log { source(s_src); filter(f_auth); destination(d_auth); }; + log { source(s_src); filter(f_sudo); destination(d_sudo); }; + log { source(s_src); filter(f_cron); destination(d_cron); }; + log { source(s_src); filter(f_daemon); destination(d_daemon); }; + log { source(s_src); filter(f_kern); destination(d_kern); }; + log { source(s_src); filter(f_lpr); destination(d_lpr); }; + log { source(s_src); filter(f_user); destination(d_user); }; + log { source(s_src); filter(f_uucp); destination(d_uucp); }; + + log { source(s_src); filter(f_mail); destination(d_mail); }; + log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; + log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; + log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; + + log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; + log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; + log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; + #log { source(s_src); filter(f_cnews); destination(d_console_all); }; + #log { source(s_src); filter(f_cother); destination(d_console_all); }; + + #log { source(s_src); filter(f_ppp); destination(d_ppp); }; + + log { source(s_src); filter(f_debug); destination(d_debug); }; + log { source(s_src); filter(f_error); destination(d_error); }; + log { source(s_src); filter(f_messages); destination(d_messages); }; + log { source(s_src); filter(f_syslog3); destination(d_syslog); }; + log { source(s_src); filter(f_console); destination(d_console_all); + destination(d_xconsole); }; + log { source(s_src); filter(f_crit); destination(d_console); }; + + # + # + # All messages send to a remote site + # + #log { source(s_src); destination(d_net); }; + + ### + # Include all config files in /etc/syslog-ng/conf.d/ + ### + @include "/etc/syslog-ng/conf.d/*.conf" + </pre> + + <p>Restart daemon;</p> + <pre> $ sudo sh /etc/rc.d/syslog-ng start $ sudo sh /etc/rc.d/sysklogd stop @@ -144,9 +374,9 @@ <a href="index.html">Tools Index</a> - <p>This is part of the Hive System Documentation. -Copyright (C) 2018 -Hive Team. + <p>This is part of the Tribu System Documentation. +Copyright (C) 2020 +Tribu Team. See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> |