[syslog-ng]Updated Red Hat config file

Frank Crawford Frank.Crawford@ac3.com.au
Sat, 10 Aug 2002 22:00:49 +1000 

--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Folks,
	I've modified the contributed configuration file for Red Hat to
update it to be more compatible with Red Hat 7.3.  In particular, I've
modified it to totally remove the requirement for running klogd (as
described in the FAQ).

	In particular, I've added a template to include the program type
"kernel:" for kernel messages.  This is normally done by klogd, and is
expected by such utilities as logwatch.  The one question I have here is
that I have two opens of "/var/log/messages" with different options, and
I'm not sure if it is legal, although it does seem to work.  Are there
any possible problems with this?

Thanks
Frank Crawford

-- 
ac3
Suite G16, Bay 7, Locomotive Workshop   Phone:  02 9209 4600
Australian Technology Park              Fax:    02 9209 4611
Eveleigh   NSW   1430

--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="syslog-ng.conf"

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# 20000925 gb@sysfive.com
#
# Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
# 	- for Red Hat 7.3
#	- totally do away with klogd
#	- add message "kernel:" as is done with klogd.

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
        };

source s_sys { pipe ("/proc/kmsg"); unix-stream ("/dev/log"); internal(); };

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
# Add "kernel:" to messages, as not automatically added.
destination d_kern { file("/var/log/messages"
	template("$DATE $FULLHOST $PROGRAM: $MESSAGE\n")); };

filter f_filter1     { facility(kern); };
filter f_filter2     { level(info) and
                     not (facility(kern) or facility(mail)
			or facility(authpriv) or facility(cron)); };
filter f_filter3     { facility(authpriv); };
filter f_filter4     { facility(mail); };
filter f_filter5     { level(emerg); };
filter f_filter6     { facility(uucp) or
                     (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
filter f_filter9     { level(info); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); filter(f_filter9); destination(d_kern); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

--tThc/1wpZn/ma/RB--