@version: 3.0 # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # options { time_reopen(10); use_dns(no); use_fqdn(no); keep_hostname(yes); create_dirs(yes); perm(0644); dir_perm(0755); log_iw_size(10000); log_fifo_size(20000); }; source s_sys { file("/proc/kmsg" program-override("kernel")); unix-stream ("/dev/log"); internal(); }; source s_net { tcp(ip(0.0.0.0) port(514) max-connections(1000) flags('syslog-protocol')); udp(ip(0.0.0.0) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_null { file("/dev/null" perm(0666)); }; destination d_syslog { file('/var/log/syslog'); }; filter f_kernel { facility(kern); }; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron) or facility(user)); }; filter f_auth { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_emergency { level(emerg); }; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; filter f_user { facility(user); }; filter f_syslog { facility(syslog); }; log { source(s_sys); filter(f_kernel); destination(d_cons); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_cons); destination(d_mesg); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_user); destination(d_mesg); }; log { source(s_sys); filter(f_syslog); destination(d_syslog); }; # legacy logging format filter f_usa_app { #not level(notice) and program('^(?smtad|mtad|mrmad|bbqd|cbqd|mrad|scand)' flags('nobackref','store-matches') type('pcre')) and message('^(?\w{4}): (?\[\d+\]) (?.+)$' flags('nobackref','store-matches') type('pcre')); }; template t_usa_app { template("$PID $TID $DATE $MSGTAIL\n"); }; destination d_usa_app { file("/var/log/hosts/$HOST/$PBASE/$PROGRAM.$MONTH$DAY.$PEXT" template(t_usa_app) flush_lines(10) flush_timeout(5000)); }; log { source(s_sys); source(s_net); filter(f_usa_app); destination(d_usa_app); flags('final'); }; # these are apps that get their own log directory & files filter f_apps { program('^(postfix)' flags('store-matches')) or program('^(amavis)' flags('store-matches')); }; destination d_apps { file("/var/log/hosts/$HOST/$1/$1.$LEVEL" flush_lines(10) flush_timeout(5000)); }; log { source(s_sys); source(s_net); filter(f_apps); destination(d_apps); flags('final'); }; # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: