@version: 3.17 # # /etc/syslog-ng: syslog-ng(8) configration file # based on a gentoo template added custom changes for crux # on busy systems you may have to adjus flush_lines and suppress() to avoid # heavy disc i/o # to change default permissions/owner/group for newly created files add # options like this: owner(root); group(sys); perm(0644); options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); }; #source where to read log source src { unix-stream("/dev/log"); internal(); }; source kernsrc { file("/proc/kmsg"); }; #define templates template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); }; #define destinations destination authlog { file("/var/log/auth" suppress(5)); }; destination sudo { file("/var/log/sudo" suppress(5)); }; destination cron { file("/var/log/cron" suppress(5)); }; destination kern { file("/var/log/kernel" suppress(5)); }; destination mail { file("/var/log/mail" suppress(5)); }; destination mailinfo { file("/var/log/mail.info" suppress(5)); }; destination mailwarn { file("/var/log/mail.warn" suppress(5)); }; destination mailerr { file("/var/log/mail.err" suppress(5)); }; #destination newscrit { file("/var/log/news/news.crit" suppress(5)); }; #destination newserr { file("/var/log/news/news.err" suppress(5)); }; #destination newsnotice { file("/var/log/news/news.notice" suppress(5)); }; destination debug { file("/var/log/debug" template(t_debug) suppress(5)); }; destination messages { file("/var/log/messages" suppress(5)); }; destination errors { file("/var/log/error" suppress(5)); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty12" suppress(5)); }; destination xconsole { pipe("/dev/xconsole" suppress(5)); }; ############################################# # custom destinations # destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); }; destination d_shorewall_info { file ("/var/log/shorewall/info.log"); }; destination d_dnsmasq { file("/var/log/dnsmasq"); }; destination d_postgres { file("/var/log/pgsql"); }; destination d_iptables { file("/var/log/iptables"); }; destination d_sshd { file("/var/log/sshd"); }; destination d_gitolite { file("/var/log/gitolite"); }; destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644)); }; destination d_nginx_error { file("/var/log/nginx/error.log"); }; #create filters filter f_authpriv { facility(auth, authpriv); }; filter f_cron { facility(cron); }; filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; #filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); }; filter f_debug { not facility(mail) and not program(sudo); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail) and not program(sudo); }; filter f_sudo { program(sudo); }; filter f_errors { level(err..emerg); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; ############################################# # custom filters # filter f_dnsmasq { program("dnsmasq"); }; filter f_postgres { facility(local0); }; filter f_sshd { facility(local1); }; filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) }; filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); }; filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); }; filter f_gitolite { program("gitolite"); }; filter f_nginx_access { match("nginx_access:" value("MESSAGE")); }; filter f_nginx_error { match("nginx_error:" value("MESSAGE")); }; # examples for text-matching (beware of performance issues) #filter f_failed { match("failed"); }; #filter f_denied { match("denied"); }; #connect filter and destination log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_sudo); destination(sudo); }; log { source(src); filter(f_cron); destination(cron); }; log { source(kernsrc); filter(f_kern); destination(kern); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; #log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_errors); destination(errors); }; log { source(src); filter(f_emergency); destination(console); }; #default log #log { source(src); destination(console_all); }; ############################################# # custom # log { source (kernsrc); filter (f_iptables); destination (d_iptables);}; log { source (kernsrc); filter (f_shorewall_warn); destination (d_shorewall_warn);}; log { source (kernsrc); filter (f_shorewall_info); destination (d_shorewall_info);}; log { source(src); filter(f_dnsmasq); destination(d_dnsmasq);}; log { source(src); filter(f_postgres); destination(d_postgres);}; log { source(src); filter(f_sshd); destination(d_sshd);}; log { source(src); filter(f_gitolite); destination(d_gitolite);}; log { source(src); filter(f_nginx_error); destination(d_nginx_error);}; log { source(src); filter(f_nginx_access); destination(d_nginx_access);};