[syslog-ng]Configure syslog-ng to act as a central logging server

Ryan McCain syslog-ng@lists.balabit.hu
Thu, 31 Mar 2005 10:12:38 -0600 

This is the base config file I'm working with..

Note: i'm using unix_stream. Should I be using unix_dgram since im on a
2.6x kernel?  I'm reading through the section on syslog-ng in the book
"Building Secure Server with Linux", and it mentions soemthing about
using "unix-dgram" .. note the "-" instead of "_".  I'm assuming its a
type and should be "_".

------

source s_sys { file ("/proc/kmsg" log_prefix("kernel: "));
unix_stream("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(mail)
                        or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

 
>>>billn@billn.net 03/31 10:00 am >>> 
On Thu, 31 Mar 2005, Ryan McCain wrote: 
 
>Where can I find documentation that will give me information on how to 
>accept logs from remote hosts and have each of the hosts log to their 
>own file? 
> 
 
destination hosts { 
file("/var/syslog/HOSTS/$HOST/$YEAR/$MONTH/$HOST-$FACILITY-$YEAR$MONTH$DAY"

owner(bob) group(llamafood) perm(0755) dir_perm(0755) create_dirs(yes));

}; 
 
- billn 
 
syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html