[syslog-ng]Sample Solaris config

Jamie McKnight umcknjx@lexisnexis.com
Thu, 15 Nov 2001 15:19:04 -0500 (EST) 

|>
|>For the server. Sorry.
|>


	Here is what I use.  I have the Solaris 8 syslogd startup with -t so it 
does not listen to the network on the central log host.  Then I have syslog-ng 
listening for the messages that come in from the network.  Messages coming in 
from the network go to /data/logs/messages.$HOST unless they are su or op(sudo 
like) and I have those go into seperate files elsewhere for monitoring etc.  
Pretty generic and works for me.  Your milage may vary.  Syslog-ng version is 
1.4.14.
	
	
options { sync(0); chain_hostnames(no); };

# Starting with this version of syslog-ng we are letting Solaris syslogd handle
# system messages, but start it with a "-t" to tell it not to listen to network
# traffic.  We then use syslog-ng to only listen on the network.

source s_remote { udp(ip(0.0.0.0) port(514)); internal(); };

# Filter defs.  How to break out the incoming messages.

filter f_hosts { level(err..emerg) or ( facility(kern) and level(debug..emerg)) 
or ( facility(daemon) and level(notice..emerg)) or ( facility(mail) and 
level(crit..emerg)); };

filter f_subad { program(su) and match(root) and match(failed); };
filter f_sugood { program(su) and match(root) and match(succeeded); };
filter f_sucombined { program(su) and match(su:); };
filter f_opbad { program(op) and match (FAILED); };
filter f_opgood { program(op) and match (SUCCEDED); };
filter f_opcombined { program(op) and match(op:); };
filter f_panic { match(panic); };
filter f_reboot { match(Generic_); };
 
# Destination defs.  Where the messages go

destination d_subad { file("/data/logs/su/bad_su_attempts"); };
destination d_sugood { file("/data/logs/su/good_su_attempts"); };
destination d_sucombined { file("/data/logs/su/su_attempts"); };
destination d_opbad { file("/data/logs/op/bad_op_attempts"); };
destination d_opgood { file("/data/logs/op/good_op_attempts"); };
destination d_opcombined { file("/data/logs/op/op_attempts"); };
destination d_panic { file("/data/logs/panic.log"); };
destination d_reboot { file("/data/logs/reboot.log"); };
destination d_hostmsg { file("/data/logs/hosts/messages.$HOST"); };

# Log actions for messages generated remotely

log { source(s_remote); filter(f_subad); destination(d_subad); };
log { source(s_remote); filter(f_sugood); destination(d_sugood); };
log { source(s_remote); filter(f_sucombined); destination(d_sucombined); };
log { source(s_remote); filter(f_opbad); destination(d_opbad); };
log { source(s_remote); filter(f_opgood); destination(d_opgood); };
log { source(s_remote); filter(f_opcombined); destination(d_opcombined); };
log { source(s_remote); filter(f_panic); destination(d_panic); };
log { source(s_remote); filter(f_reboot); destination(d_reboot); };
log { source(s_remote); filter(f_hosts); destination(d_hostmsg); };


	Jamie