# # Configuration file for syslog-ng under Solaris 8 or greater # # here are the standard syslog levels: # emerg alert crit err warning notice info debug # aliases for these levels are deprecated ###### # options options { # the time to wait before a died connection is reestablished # (default is 60) time_reopen(10); # the time to wait before an idle destination file is closed # (default is 60) time_reap(360); # the number of lines buffered before written to file # (default is 0) sync(1); # the number of lines fitting to the output queue log_fifo_size(2048); # enable or disable directory creation for destination files create_dirs(yes); # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) #owner(root); #group(root); perm(0644); # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) #dir_owner(root); #dir_group(root); dir_perm(0755); # enable or disable DNS usage # syslog-ng blocks on DNS queries, so enabling DNS may lead to # a Denial of Service attack # (default is yes) use_dns(no); # maximum length of message in bytes # syslog messages on Solaris should have been truncated at 1024 # (default is 2048) log_msg_size(4096); }; ###### # sources # all known message sources source s_all { internal(); sun-streams("/dev/log" door("/etc/.syslog_door")); udp(ip(127.0.0.1)); }; ###### # destinations # system console destination df_dev_sysmsg { # /dev/sysmsg is a symlink, don't overwrite its rights file("/dev/sysmsg" perm(0777) owner(root) group(other) template("$DATE $HOST $MSG\n")); }; # standard /var/adm/messages file destination df_var_adm_messages { file("/var/adm/messages" template("$DATE $HOST $MSG\n")); }; # standard /var/log/syslog file destination df_var_log_syslog { file("/var/log/syslog" template("$DATE $HOST $MSG\n")); }; # operator's ttys destination du_operator { usertty("operator" template("$DATE $HOST $MSG\n")); }; # root's ttys destination du_root { usertty("root" template("$DATE $HOST $MSG\n")); }; # all tty's destination du_all { usertty("*" template("$DATE $HOST $MSG\n")); }; ###### # filters # standard syslog rule 1 # *.err;kern.notice;auth.notice filter f_std_1 { level(err..emerg) or ((facility(kern) or facility(auth)) and level(notice..emerg)); }; # standard syslog rule 2 # *.err;kern.debug;daemon.notice;mail.crit filter f_std_2 { level(err..emerg) or (facility(kern) and level(debug..emerg)) or (facility(daemon) and level(notice..emerg)) or (facility(mail) and level(crit..emerg)); }; # standard syslog rule 3 # *.alert;kern.err;daemon.err filter f_std_3 { level(alert..emerg) or (facility(kern) and level(err..emerg)) or (facility(daemon) and level(err..emerg)); }; # standard syslog rule 4 # *.alert filter f_std_4 { level(alert..emerg); }; # standard syslog rule 5 # *.emerg filter f_std_5 { level(emerg); }; # standard syslog rule 6 # mail.debug filter f_std_6 { facility(mail) and level(debug..emerg); }; ###### # logs (order matters) # standard syslog rule 1 log { source(s_all); filter(f_std_1); destination(df_dev_sysmsg); }; # standard syslog rule 2 log { source(s_all); filter(f_std_2); destination(df_var_adm_messages); }; # standard syslog rule 3 log { source(s_all); filter(f_std_3); destination(du_operator); }; # standard syslog rule 4 log { source(s_all); filter(f_std_4); destination(du_root); }; # standard syslog rule 5 log { source(s_all); filter(f_std_5); destination(du_all); }; # standard syslog rule 6 log { source(s_all); filter(f_std_6); destination(df_var_log_syslog); };