@version:3.7 @include "scl.conf" ############################################################################# # Copyright (c) 2010-2014 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# # # This file is placed into /etc/syslog-ng in order to make it trivial to # include in user written syslog-ng.conf files. It sets up 'scl-root' and # /etc/syslog-ng, then includes all SCL supplied plugins. # @define scl-root "/usr/share/syslog-ng/include/scl" @define include-path "/etc/syslog-ng:/usr/share/syslog-ng/include" @include 'scl/*/*.conf' ############################################################################# # Copyright (c) 2014 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# template-function "format-cim" "$(format-json --pair @timestamp='${R_ISODATE}' --pair @message='${MSG}' --key .cim.* --shift 5 --key _* --key .* --replace-prefix .=_ --key *.*)\n"; # # Copyright (c) 2015 BalaBit # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # # block destination elasticsearch( index("") type("") template("$(format-json --scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE})") port("9300") server("localhost") flush_limit("5000") client_mode("node") cluster("") custom_id("") resource("") client_lib_dir("") concurrent_requests("1") ) { java( class_path("`module-path`/java-modules/*.jar:`client_lib_dir`/*.jar") class_name("org.syslog_ng.elasticsearch.ElasticSearchDestination") option("index", `index`) option("type", `type`) option("server", `server`) option("port", `port`) option("message-template", `template`) option("cluster", `cluster`) option("flush_limit", `flush_limit`) option("client_mode", `client_mode`) option("resource", `resource`) option("custom_id", `custom_id`) option("concurrent_requests", `concurrent_requests`) `__VARARGS__` ); }; ## scl/graphite/plugin.conf -- Graphite destination for syslog-ng ## ## Copyright (c) 2014 BalaBit IT Ltd, Budapest, Hungary ## Copyright (c) 2014 Gergely Nagy ## ## This program is free software; you can redistribute it and/or modify it ## under the terms of the GNU General Public License version 2 as published ## by the Free Software Foundation, or (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ## ## As an additional exemption you are allowed to compile & link against the ## OpenSSL libraries as published by the OpenSSL project. See the file ## COPYING for details. block destination graphite( host("localhost") port(2003) payload("")) { network("`host`" port(`port`) transport(tcp) template("$(graphite-output `payload`)") `__VARARGS__`); }; # # Copyright (c) 2015 BalaBit # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # block destination hdfs( hdfs_uri("") hdfs_file("") hdfs_archive_dir("") hdfs_resources("") hdfs_file("") hdfs_max_filename_length("") client_lib_dir("") ) { java( class_path("`module-path`/java-modules/*.jar:`client_lib_dir`/*.jar") class_name("org.syslog_ng.hdfs.HdfsDestination") option("hdfs_uri", `hdfs_uri`) option("hdfs_file", `hdfs_file`) option("hdfs_archive_dir", `hdfs_archive_dir`) option("hdfs_resources", `hdfs_resources`) option("hdfs_max_filename_length", `hdfs_max_filename_length`) `__VARARGS__` ); }; # # Copyright (c) 2015 BalaBit # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # # block destination kafka( topic("") key("") template("") kafka_bootstrap_servers("") properties_file("") sync_send("") client_lib_dir("") ) { java( class_path("`module-path`/java-modules/*.jar:`client_lib_dir`/*.jar") class_name("org.syslog_ng.kafka.KafkaDestination") option("topic", `topic`) option("key", `key`) option("template", `template`) option("kafka_bootstrap_servers", `kafka_bootstrap_servers`) option("properties_file", `properties_file`) option("sync_send", `sync_send`) `__VARARGS__` ); }; ############################################################################# # Copyright (c) 2015 BalaBit IT Ltd, Budapest, Hungary # Copyright (c) 2015 Fabien Wernli # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# block source mbox(filename()) { file( "`filename`" log-msg-size(10000000) log-fetch-limit(1) flags(no-parse) multi-line-mode(prefix-suffix) multi-line-prefix('^From ') ); }; ############################################################################# # Copyright (c) 2014 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# block source nodejs(localip(0.0.0.0) port(9003)) { channel { log { source { network(transport(tcp) localip(`localip`) port(`port`) flags(no-parse) `__VARARGS__`); }; parser { json-parser(extract-prefix("[1]") prefix(".nodejs.winston.")); }; rewrite { set("${.nodejs.winston.message}" value("MESSAGE")); set("" value(".nodejs.winston.message")); }; }; }; }; ############################################################################# # Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# block source pacct(file("/var/log/account/pacct") follow-freq(1)) { @module pacctformat file("`file`" follow-freq(`follow-freq`) format("pacct") tags(".pacct") `__VARARGS__`); }; ############################################################################# # Copyright (c) 2013 Márton Illés # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ########################################################################## # # The rewrite rules below can be used to mask out or hash credit card # numbers in log messages. # # Their usage is simple: # # log { # source (s_local); # rewrite { credit-card-hash(); }; # or credit-card-mask(); # destination (d_local); # }; # # For more information about the topic, see the following blog post: # http://marci.blogs.balabit.com/2013/02/masking-credit-card-numbers-in-log-messages-with-syslog-ng/ # # A notable difference compared to the blog post, is that the hash_cc # rule is called credit-card-hash and mask_cc is credit-card-mask. @define balabit.credit-card-regexp "(?P<1>:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})" block rewrite credit-card-hash(value("MESSAGE")) { subst("`balabit.credit-card-regexp`", "$(sha1 --length 16 $1)", value(`value`), flags(global, store-matches), type(pcre)); }; block rewrite credit-card-mask(value("MESSAGE")) { subst("`balabit.credit-card-regexp`", "$(substr $1 0 6)******$(substr $1 -4 4)" value(`value`), flags(global, store-matches), type(pcre)); }; block parser extract-solaris-msgid() { channel { junction { channel { filter { message("[ID" type(string) flags(prefix)); }; parser { csv-parser( columns("0", "MESSAGE") delimiters(" ") flags(greedy) quote-pairs('[]') ); csv-parser( columns("", ".solaris.msgid", "") template("$0") delimiters(" ") ); }; flags(final); }; channel { flags(final); }; }; }; }; ############################################################################# # Copyright (c) 2010 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# @module confgen context(root) name(syslogconf) exec("/usr/share/syslog-ng/include/scl/syslogconf/convert-syslogconf.awk < /etc/syslog.conf") ############################################################################# # Copyright (c) 2010-2012 BalaBit IT Ltd, Budapest, Hungary # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 as published # by the Free Software Foundation, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # As an additional exemption you are allowed to compile & link against the # OpenSSL libraries as published by the OpenSSL project. See the file # COPYING for details. # ############################################################################# # # This SCL module loads the "system-source" plugin explicitly (as it doesn't # autoload right now). If the compiled plugin doesn't support your # operating system, you can always define a block here to substitute for the # compiled version. # # e.g. just create a "block source system { ... }" block in this file, and # comment out the system-source module invocation. This way even if # unsupported by the C version of the plugin, you can still use the system() # source in your configuration file. Please if you have the need to do # this, contact the syslog-ng developers and tell us about the omission. # # This is the mailing list address where developers are lurking: # syslog-ng@lists.balabit.hu. # @module system-source # syslog-ng configuration file. # # This should behave pretty much like the original syslog on RedHat. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # Note: it also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/ options { flush_lines (0); time_reopen (10); log_fifo_size (1000); chain_hostnames (off); use_dns (persist_only); dns-cache-hosts(/etc/hosts); use_fqdn (no); create_dirs (yes); keep_hostname (yes); owner ("1007"); group ("1007"); dir_owner ("1007"); dir_group ("1007"); dir_perm (0750); }; source s_sys { channel { source { systemd-journal(); }; # source channel { channel { parser { json-parser(prefix('.cim.') marker('@cim:')); }}; flags(final); }; channel { }; }; }; # channel ; internal(); # udp(ip(0.0.0.0) port(514)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/secure"); }; destination d_mail { file("/var/log/maillog" flush_lines(10)); }; destination d_spol { file("/var/log/spooler"); }; destination d_boot { file("/var/log/boot.log"); }; destination d_cron { file("/var/log/cron"); }; destination d_kern { file("/var/log/kern"); }; destination d_mlal { usertty("*"); }; destination d_auth_loc { network ("127.0.0.1" port (601) ); }; filter f_kernel { facility(kern); }}; filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }}; filter f_auth { facility(authpriv); }}; filter f_mail { facility(mail); }}; filter f_emergency { level(emerg); }}; filter f_news { facility(uucp) or (facility(news) and level(crit..emerg)); }}; filter f_boot { facility(local7); }}; filter f_cron { facility(cron); }}; #log { source(s_sys); filter(f_kernel); destination(d_cons); }; log { source(s_sys); filter(f_kernel); destination(d_kern); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); destination(d_auth_loc); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emergency); destination(d_mlal); }; log { source(s_sys); filter(f_news); destination(d_spol); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf" #@version:3.7 # # Rel. 1.0 del 28/07/2017 # Modificata tutta la struttura dei filtri, sostituendo i filtri singoli per ogni server con un filtro cumulativo. # Modificata anche la struttura dei log path per i server, ora è unica ed utilizza il nuovo filtro. # # Rel. 0.3 del 13/07/2017 # Per s_network_appa modificato il valore da 2048000 a 4096000. # # Rel. 0.2 del 21/06/2017 # Inseriti destinazione, filtro e puntamento per il server slitdd2727, logga l'applicazione DDAN. # # Rel. 0.1 del 15/05/2017 # Inserito il filtro e la destinazione per i server Infrastruttura ESXi (Host VMware), per ciascuno dei quali però è stato necessario # specificare non solo l'host name ma anche l'IP address nel filtro f_appa_rete. # ################################################################################################################ source s_network_appa { network ( ip(0.0.0.0) port (514) transport ("udp") so-rcvbuf (4096000) ); }; # Destinazioni destination d_network_udp { file("/var/log/syslog-ng/APPARATI/${YEAR}${MONTH}${DAY}/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) ) ; }; destination d_server_sop1 { file("/var/log/syslog-ng/SERVER/${YEAR}${MONTH}${DAY}/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) ) ; }; destination d_appl_DDAN { file("/var/log/syslog-ng/APPLICAZIONI/DDAN/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) flush_lines(100) ); }; # Filtri filter f_appa_rete { not host ("SymantecServer") and not host ("part8") and not host ("parti") and not host ("partd") and not host ("part1") and not host ("parte") and not host ("part10") and not host ("part11") and not host ("part12") and not host ("part3") and not host ("part6") and not host ("part8") and not host ("part9") and not host ("parta") and not host ("partc") and not host ("partd") and not host ("partf") and not host ("partg") and not host ("parth") and not host ("partn") and not host ("parto") and not host ("SLITES8736.sercom.aspasiel.it") and not host ("172.23.112.47") and not host ("SLITES4557.sercom.aspasiel.it") and not host ("172.23.112.68") and not host ("SLITES4558.sercom.aspasiel.it") and not host ("172.23.112.69") and not host ("SLITES4559.sercom.aspasiel.it") and not host ("172.23.112.70") and not host ("SLITES4560.sercom.aspasiel.it") and not host ("172.23.112.71") and not host ("SLITES8731.sercom.aspasiel.it") and not host ("172.23.112.42") and not host ("SLITES8732.sercom.aspasiel.it") and not host ("172.23.112.43") and not host ("SLITES8733.sercom.aspasiel.it") and not host ("172.23.112.44") and not host ("SLITES8734.sercom.aspasiel.it") and not host ("172.23.112.45") and not host ("SLITES8735.sercom.aspasiel.it") and not host ("172.23.112.46") and not host ("slitdd2727"); }}; # # Il seguente filtro viene utilizzato per la gestione di tutti i server che arrivano via protocollo UDP # Al 2017/07/28 si tratta dei server AIX e dei server ESXi dell'infrastruttura vmware. # filter f_server_UDP { host("part8") or host("parti") or host("partd") or host("part1") or host("parte") or host("part10") or host("part11") or host("part12") or host("part3") or host("part6") or host("part9") or host("parta") or host("partc") or host("partf") or host("partg") or host("parth") or host("partl") or host("partm") or host("partn") or host("parto") or host("SLITES8736.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES4557.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES4558.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES4559.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES4560.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES8731.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES8732.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES8733.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES8734.sercom.aspasiel.it") and facility(auth,authpriv) or host("SLITES8735.sercom.aspasiel.it") and facility(auth,authpriv) ; }}; # # Il seguente è il filtro aggiunto per i log provenienti da slitdd2727, applicazione DDAN. # filter f_slitdd2727 { netmask("172.23.144.150/255.255.255.255"); }}; # Indirizzamenti # 1- Indirizzamento degli apparati di rete. log { source(s_network_appa); filter(f_appa_rete); destination(d_network_udp); }; # 2- Indirizzamento di AIX ed ESXi log { source(s_network_appa); filter(f_server_UDP); destination(d_server_sop1); }; # # Il seguente è l'indirizzamento per il log dell'applicativo DDAN proveniente da slitdd2727. # log { source(s_network_appa); filter(f_slitdd2727); destination(d_appl_DDAN); }; #@version:3.7 # Questa è la configurazione per l'accettazione dei server sulla porta 601 TCP. # Rel. 1.0 del 26/04/2017 # Inserita la gestione del numero massimo delle connessioni e del flow-control. # max-connections default=10 portato a 200. # log_fetch_limit default=10 portato a 100. # flush_lines default=1 portato a 100. # log_fifo_size default=1000 OK così. # log_iw_size default=10? portato a 20000 per eliminare il seguente warning: # warning window sizing for tcp sources were changed in syslog-ng 3.3 # flow-control default=disabled abilitato. source s_server_sop { network ( ip(0.0.0.0) port(601) transport("tcp") max-connections(200) log_fetch_limit(100) log_iw_size(20000) ); }; destination d_server_sop { file("/var/log/syslog-ng/SERVER/${YEAR}${MONTH}${DAY}/${HOST}/${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) flush_lines(100) ); }; # Indirizzo le destinazioni. log { source(s_server_sop); destination(d_server_sop); flags(flow-control); }; #@version:3.7 # Questa è la configurazione per l'accettazione degli access log di apache generati da SLITWS4678 # e provenienti da SLITSY2720. # La porta su cui si ricevono i dati è cambiata da 610 a 50000. # Rel. 0.1 del 12/05/2017 source s_apache_log { network ( ip(0.0.0.0) port(50000) transport("tcp") ); }; destination d_apache_log { file("/var/log/syslog-ng/APPLICAZIONI/APACHE/${HOST}/access_${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) flush_lines(100) ); }; # Indirizzo le destinazioni. log { source(s_apache_log); destination(d_apache_log); }; #@version:3.7 # Questa è la configurazione per l'accettazione degli error log di apache generati da SLITWS4678 # e provenienti da SLITSY2720. # La porta su cui si ricevono i dati è la 50001. # Rel. 0.0 del 12/05/2017 source s_error_log { network ( ip(0.0.0.0) port(50001) transport("tcp") ); }; destination d_error_log { file("/var/log/syslog-ng/APPLICAZIONI/APACHE/${HOST}/error_${YEAR}${MONTH}${DAY}_hh${HOUR}_${HOST}" create_dirs(yes) dir_perm(0755) perm(0755) flush_lines(100) ); }; # Indirizzo le destinazioni. log { source(s_error_log); destination(d_error_log); }; # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: