blob: 16c1ddbdfdd2e81f61c74785ca73afb8719388f9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
@version: 3.17
#
# /etc/syslog-ng: syslog-ng(8) configration file
# based on a gentoo template added custom changes for crux
# on busy systems you may have to adjus flush_lines and suppress() to avoid
# heavy disc i/o
# to change default permissions/owner/group for newly created files add
# options like this: owner(root); group(sys); perm(0644);
options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); };
#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
#define templates
template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); };
#define destinations
destination authlog { file("/var/log/auth" suppress(5)); };
destination sudo { file("/var/log/sudo" suppress(5)); };
destination cron { file("/var/log/cron" suppress(5)); };
destination kern { file("/var/log/kernel" suppress(5)); };
destination mail { file("/var/log/mail" suppress(5)); };
destination mailinfo { file("/var/log/mail.info" suppress(5)); };
destination mailwarn { file("/var/log/mail.warn" suppress(5)); };
destination mailerr { file("/var/log/mail.err" suppress(5)); };
#destination newscrit { file("/var/log/news/news.crit" suppress(5)); };
#destination newserr { file("/var/log/news/news.err" suppress(5)); };
#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); };
destination debug { file("/var/log/debug" template(t_debug) suppress(5)); };
destination messages { file("/var/log/messages" suppress(5)); };
destination errors { file("/var/log/error" suppress(5)); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12" suppress(5)); };
destination xconsole { pipe("/dev/xconsole" suppress(5)); };
#############################################
# custom destinations
#
destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); };
destination d_shorewall_info { file ("/var/log/shorewall/info.log"); };
destination d_dnsmasq { file("/var/log/dnsmasq"); };
destination d_postgres { file("/var/log/pgsql"); };
destination d_iptables { file("/var/log/iptables"); };
destination d_sshd { file("/var/log/sshd"); };
destination d_gitolite { file("/var/log/gitolite"); };
destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644)); };
destination d_nginx_error { file("/var/log/nginx/error.log"); };
#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); };
filter f_debug { not facility(mail) and not program(sudo); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail) and not program(sudo); };
filter f_sudo { program(sudo); };
filter f_errors { level(err..emerg); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
#############################################
# custom filters
#
filter f_dnsmasq { program("dnsmasq"); };
filter f_postgres { facility(local0); };
filter f_sshd { facility(local1); };
filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) };
filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); };
filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); };
filter f_gitolite { program("gitolite"); };
filter f_nginx_access { match("nginx_access:" value("MESSAGE")); };
filter f_nginx_error { match("nginx_error:" value("MESSAGE")); };
# examples for text-matching (beware of performance issues)
#filter f_failed { match("failed"); };
#filter f_denied { match("denied"); };
#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_sudo); destination(sudo); };
log { source(src); filter(f_cron); destination(cron); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
#log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_errors); destination(errors); };
log { source(src); filter(f_emergency); destination(console); };
#default log
#log { source(src); destination(console_all); };
#############################################
# custom
#
log { source (kernsrc); filter (f_iptables); destination (d_iptables);};
log { source (kernsrc); filter (f_shorewall_warn); destination (d_shorewall_warn);};
log { source (kernsrc); filter (f_shorewall_info); destination (d_shorewall_info);};
log { source(src); filter(f_dnsmasq); destination(d_dnsmasq);};
log { source(src); filter(f_postgres); destination(d_postgres);};
log { source(src); filter(f_sshd); destination(d_sshd);};
log { source(src); filter(f_gitolite); destination(d_gitolite);};
log { source(src); filter(f_nginx_error); destination(d_nginx_error);};
log { source(src); filter(f_nginx_access); destination(d_nginx_access);};
|