This is my server config file: # # Syslog-ng configuration file. Originally written by anonymous (I can't find # his name) Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>) # revised again by Nate Campi <nate at campin dot net> ############################################################### # First, set some global options. options { # use_fqdn(yes); # use_dns(yes); # dns_cache(yes); create_dirs (yes); keep_hostname(yes); long_hostnames(on); sync(1); log_fifo_size(1024); use_dns (yes); }; ############################################################### # # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # #source src { unix-stream("/dev/log"); internal(); }; source src { # don't read from /proc/kmsg and run klogd also (Linux) # pipe("/proc/kmsg"); # file("/proc/kmsg") log_prefix("kernel: "); sun-streams("/dev/log" door("/etc/.syslog_door")); # unix-stream("/dev/log"); # unix-stream("/chroot/named/dev/log"); internal(); # udp(); # udp(ip("10.0.5.8") port(514)); # tcp(port(5140) keep-alive(yes)); # tcp(ip("10.9.9.3") port(5140) keep-alive(yes)); }; source net { tcp(port(5140) keep-alive(yes) max_connections(100)); }; ############################################################### # After that set destinations. # First some standard logfile # destination authlog { file("/var/log/auth.log"); }; destination bootlog { file("/var/log/boot.log"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination debug { file("/var/log/debug"); }; destination explan { file("/var/log/explanations"); }; destination kern { file("/var/log/kern.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination messages { file("/var/adm/messages"); }; destination routers { file("/var/log/routers.log"); }; destination secure { file("/var/log/secure"); }; destination spooler { file("/var/log/spooler"); }; destination syslog { file("/var/log/syslog"); }; destination user { file("/var/log/user.log"); }; destination uucp { file("/var/log/uucp.log"); }; destination mail { file("/var/log/mail.log"); }; destination maillog { file("/var/log/maillog"); }; destination mailinfo { file("/var/log/mail.info"); }; destination mailwarn { file("/var/log/mail.warn"); }; destination mailerr { file("/var/log/mail.err"); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty8"); }; filter f_attack_alert { match("attackalert"); }; filter f_ssh_login_attempt { program("sshd.*") and match("(Failed|Accepted)") and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from (10.4.3.1)"); }; #filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(auth) and not facility(mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; #filter f_general { facility(*); }; #filter f_news { facility(news); }; filter f_debug { not facility(auth, mail); }; filter f_messages { level(info .. warn) and not facility(auth, cron, daemon, mail); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; #filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; ############################################################### # # log statements actually send logs somewhere, to a file, across the network, etc # #log { source(src); filter(f_authpriv); destination(authlog); }; #log { source(src); filter(f_authpriv); destination(syslog); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(src); filter(f_daemon); destination(messages); }; log { source(src); filter(f_kern); destination(kern); }; log { source(src); filter(f_kern); destination(messages); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_user); destination(messages); }; log { source(src); filter(f_uucp); destination(uucp); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; #log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; #log { source(src); filter(f_news); filter(f_err); destination(newserr); }; #log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; #log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; #log { source(src); filter(f_general); destination(messages); }; log { source(src); filter(f_cother); destination(messages); }; destination net_authlog { file("/uag/HOSTS/$HOST/auth.log"); }; destination net_bootlog { file("/uag/HOSTS/$HOST/boot.log"); }; destination net_cron { file("/uag/HOSTS/$HOST/cron.log"); }; destination net_daemon { file("/uag/HOSTS/$HOST/daemon.log"); }; destination net_debug { file("/uag/HOSTS/$HOST/debug"); }; destination net_explan { file("/uag/HOSTS/$HOST/explanations"); }; destination net_kern { file("/uag/HOSTS/$HOST/kern.log"); }; destination net_lpr { file("/uag/HOSTS/$HOST/lpr.log"); }; destination net_messages { file("/uag/HOSTS/$HOST/messages"); }; destination net_routers { file("/uag/HOSTS/$HOST/routers.log"); }; destination net_secure { file("/uag/HOSTS/$HOST/secure"); }; destination net_spooler { file("/uag/HOSTS/$HOST/spooler"); }; destination net_syslog { file("/uag/HOSTS/$HOST/syslog"); }; destination net_user { file("/uag/HOSTS/$HOST/user.log"); }; destination net_uucp { file("/uag/HOSTS/$HOST/uucp.log"); }; # This files are the log come from the mail subsystem. # destination net_mail { file("/uag/HOSTS/$HOST/mail.log"); }; destination net_maillog { file("/uag/HOSTS/$HOST/maillog"); }; destination net_mailinfo { file("/uag/HOSTS/$HOST/mail.info"); }; destination net_mailwarn { file("/uag/HOSTS/$HOST/mail.warn"); }; destination net_mailerr { file("/uag/HOSTS/$HOST/mail.err"); }; destination net_console { usertty("root"); }; destination net_console_all { file("/dev/tty8"); }; destination net_dump { file("/uag/HOSTS/dump2/syslog"); }; filter net_f_attack_alert { match("attackalert"); }; filter net_f_ssh_login_attempt { program("sshd.*") and match("(Failed|Accepted)") and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from (10.4.3.1)"); }; filter net_f_syslog { not facility(auth) and not facility(mail); }; filter net_f_cron { facility(cron); }; filter net_f_daemon { facility(daemon); }; filter net_f_kern { facility(kern); }; filter net_f_lpr { facility(lpr); }; filter net_f_mail { facility(mail); }; filter net_f_user { facility(user); }; filter net_f_uucp { facility(cron); }; #filter net_f_general { facility(*); }; filter net_f_debug { not facility(auth, mail); }; filter net_f_messages { level(info .. warn) and not facility(auth, cron, daemon, mail); }; filter net_f_emergency { level(emerg); }; filter net_f_info { level(info); }; filter net_f_notice { level(notice); }; filter net_f_warn { level(warn); }; filter net_f_crit { level(crit); }; filter net_f_err { level(err); }; filter net_f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; ############################################################### # # log statements actually send logs somewhere, to a file, across the network, etc # #log { source(net); filter(net_f_authpriv); destination(net_authlog); }; #log { source(net); filter(net_f_authpriv); destination(net_syslog); }; log { source(net); filter(net_f_syslog); destination(net_syslog); }; log { source(net); filter(net_f_cron); destination(net_cron); }; log { source(net); filter(net_f_daemon); destination(net_daemon); }; log { source(net); filter(net_f_daemon); destination(net_messages); }; log { source(net); filter(net_f_kern); destination(net_kern); }; log { source(net); filter(net_f_kern); destination(net_messages); }; log { source(net); filter(net_f_lpr); destination(net_lpr); }; log { source(net); filter(net_f_mail); destination(net_mail); }; log { source(net); filter(net_f_user); destination(net_user); }; log { source(net); filter(net_f_user); destination(net_messages); }; log { source(net); filter(net_f_uucp); destination(net_uucp); }; log { source(net); filter(net_f_mail); destination(net_maillog); }; log { source(net); filter(net_f_mail); filter(net_f_info); destination(net_mailinfo); }; log { source(net); filter(net_f_mail); filter(net_f_warn); destination(net_mailwarn); }; log { source(net); filter(net_f_mail); filter(net_f_err); destination(net_mailerr); }; #log { source(net); filter(net_f_news); filter(net_f_crit); destination(net_newscrit); }; #log { source(net); filter(net_f_news); filter(net_f_err); destination(net_newserr); }; #log { source(net); filter(net_f_news); filter(net_f_notice); destination(net_newsnotice); }; #log { source(net); filter(net_f_debug); destination(net_debug); }; log { source(net); filter(net_f_messages); destination(net_messages); }; log { source(net); filter(net_f_emergency); destination(net_console); }; log { source(net); filter(net_f_cother); destination(net_messages); }; # send everything to loghost, too log { source(net); destination(net_dump); };
participants (1)
-
Smith, James