@version: 4.2
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
#
# file:///opt/syslog-ng/share/doc/admin-guide/index.html
# or
# http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-v3.2-guide-admin-en.html/index.html
#

options {
        check_hostname(yes);
        keep_hostname(yes);
        chain_hostnames(no);
};

######
# sources
source inputs {
        # message generated by Syslog-NG
        internal();
        # standard Linux log source (this is the default place for the syslog()
        # function to send logs to)
        unix-stream("/dev/log");
        # messages from the kernel
        file("/proc/kmsg" program_override("kernel"));
};

source network {
        udp();
        tcp(ip(0.0.0.0) port (443)
                tls( key_file("/opt/syslog-ng/etc/key.d/ustc-syslog1.view-ei.ustranscom.mil.key")
                        cert_file("/opt/syslog-ng/etc/cert.d/ustc-syslog1.view-ei.ustranscom.mil.cert")
                        ca_dir("/opt/syslog-ng/etc/ca.d")
#                       peer_verify(optional-untrusted)
                        peer_verify(required-trusted)
                )
                max_connections(1000)
        );
        syslog();
};

source files {
        file("/var/log/audit/audit.log" program_override("audit"));
        file("/var/log/av/antivirus_scan_errors" program_override("antivirus"));
        file("/var/log/av/antivirus_scan_report" program_override("antivirus"));
        file("/var/log/oval/ovaldi.stig.log" program_override("oval"));
        file("/var/log/oval/ovaldi.stig.succes.log" program_override("oval"));
        file("/var/log/oval/ovaldi.rhel.log" program_override("oval"));
        file("/var/log/oval/ovaldi.rhel.success.log" program_override("oval"));
        file("/var/log/puppet/puppet.log" program_override("puppet"));
        file("/var/log/puppet/puppet.stig.log" program_override("puppet"));
};

######
# destinations
destination logpile {
        file("/var/log/syslog/$HOST/$YEAR/$MONTH/$FACILITY.$HOST.$YEAR$MONTH$DAY" template ("$ISODATE $FULLHOST $PID $PROGRAM $LEVEL $MESSAGE\n")
    owner(root) group(root) perm(0600)
    create_dirs(yes) dir_perm(0700));
};

log {
        source(inputs);
        destination(logpile);
};
log {
        source(network);
        destination(logpile);
};
log {
        source(files);
        destination(logpile);
};

######################################################
#The lines below were added to send log data to MySQL#
######################################################

destination d_mysql {
sql(type(mysql)
host("ustc-mysql") username("syslog") password("syslog_user_password")
database("syslog") table("SystemEvents")

columns("ID int unsigned not null auto_increment primary key","ReceivedAt datetime NULL", "DeviceReportedTime datetime NULL",

"Facility smallint NULL","Priority smallint NULL","FromHost varchar(60) NULL",

"Message text","InfoUnitID int NULL","SysLogTag varchar(60)",

"CustomerID bigint","NTSeverity int NULL","Importance int NULL","EventSource varchar(60)","EventUser varchar(60) NULL",

"EventCategory int NULL","EventID int NULL","EventBinaryData text NULL","MaxAvailable int NULL","CurrUsage int NULL","MinUsage int NULL",

"MaxUsage int NULL","EventLogType varchar(60)","GenericFileName VarChar(60)","SystemID int NULL")

values("","$R_ISODATE", "$S_ISODATE","$FACILITY_NUM","$LEVEL_NUM","$HOST",

"$MSGONLY","1","$MSGHDR","","","","","","","","","","","","","","","")

indexes("ID","ReceivedAt","Facility","Priority","FromHost","SysLogTag",));
};
log {
        source(inputs);
        source(network);
        source(files);
        destination(d_mysql);
};