[syslog-ng]Sample Solaris config

[Chuck Kelly]

Cool. Thanks for the info.

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu]On Behalf Of Jamie McKnight
Sent: Thursday, November 15, 2001 12:19 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]Sample Solaris config



|>
|>For the server. Sorry.
|>


	Here is what I use.  I have the Solaris 8 syslogd startup with -t so it
does not listen to the network on the central log host.  Then I have
syslog-ng
listening for the messages that come in from the network.  Messages coming
in
from the network go to /data/logs/messages.$HOST unless they are su or
op(sudo
like) and I have those go into seperate files elsewhere for monitoring etc.
Pretty generic and works for me.  Your milage may vary.  Syslog-ng version
is
1.4.14.


options { sync(0); chain_hostnames(no); };

# Starting with this version of syslog-ng we are letting Solaris syslogd
handle
# system messages, but start it with a "-t" to tell it not to listen to
network
# traffic.  We then use syslog-ng to only listen on the network.

source s_remote { udp(ip(0.0.0.0) port(514)); internal(); };

# Filter defs.  How to break out the incoming messages.

filter f_hosts { level(err..emerg) or ( facility(kern) and
level(debug..emerg))
or ( facility(daemon) and level(notice..emerg)) or ( facility(mail) and
level(crit..emerg)); };

filter f_subad { program(su) and match(root) and match(failed); };
filter f_sugood { program(su) and match(root) and match(succeeded); };
filter f_sucombined { program(su) and match(su:); };
filter f_opbad { program(op) and match (FAILED); };
filter f_opgood { program(op) and match (SUCCEDED); };
filter f_opcombined { program(op) and match(op:); };
filter f_panic { match(panic); };
filter f_reboot { match(Generic_); };

# Destination defs.  Where the messages go

destination d_subad { file("/data/logs/su/bad_su_attempts"); };
destination d_sugood { file("/data/logs/su/good_su_attempts"); };
destination d_sucombined { file("/data/logs/su/su_attempts"); };
destination d_opbad { file("/data/logs/op/bad_op_attempts"); };
destination d_opgood { file("/data/logs/op/good_op_attempts"); };
destination d_opcombined { file("/data/logs/op/op_attempts"); };
destination d_panic { file("/data/logs/panic.log"); };
destination d_reboot { file("/data/logs/reboot.log"); };
destination d_hostmsg { file("/data/logs/hosts/messages.$HOST"); };

# Log actions for messages generated remotely

log { source(s_remote); filter(f_subad); destination(d_subad); };
log { source(s_remote); filter(f_sugood); destination(d_sugood); };
log { source(s_remote); filter(f_sucombined); destination(d_sucombined); };
log { source(s_remote); filter(f_opbad); destination(d_opbad); };
log { source(s_remote); filter(f_opgood); destination(d_opgood); };
log { source(s_remote); filter(f_opcombined); destination(d_opcombined); };
log { source(s_remote); filter(f_panic); destination(d_panic); };
log { source(s_remote); filter(f_reboot); destination(d_reboot); };
log { source(s_remote); filter(f_hosts); destination(d_hostmsg); };


	Jamie


_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng