[syslog-ng]syslog-ng conf confusion

Chet Harvey syslog-ng@lists.balabit.hu
Wed, 7 Jul 2004 10:15:12 -0400


Hi all,

I am trying to change a box from syslog to syslog-ng but I cant quite get the 
syntax down.

Here is my current syslog.conf:

local0.* %/var/log/filter.log
local7.* %/var/log/dhcpd.log
*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none 
%/var/log/system.log
security.* %/var/log/system.log
auth.info;authpriv.info;daemon.info %/var/log/system.log
*.emerg *



This is how I did my syslog-ng.conf:

#
# This sample configuration file is essentially equilivent to the stock
# FreeBSD /etc/syslog.conf file.
#

#
# options

options { long_hostnames(off);
sync(0); };
source src { unix-stream("/var/run/log"); pipe("/dev/klog");
internal(); };

destination dest { file("/var/log/filter.log"); };
destination stunnel { tcp("127.0.0.1" port(514)); };

log { source(src);destination(dest); };
log { source(src);destination(stunnel); };


#
# destinations
#
destination messages { file("/var/log/system.log"); };
destination firewall { file("/var/log/filter.log"); };
destination dhcp { file("/var/log/dhcp.log"); };

# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };

#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };


#
# *.err;kern.debug;auth.notice;mail.crit /dev/console
#
#
# *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
#
log { source(src); filter(f_notice); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
log { source(src); filter(f_news); filter(f_err); destination(messages); };

#
# security.* /var/log/security
#
log { source(src); filter(f_security); destination(messages); };

## firewall specific

log { source(src); filter(f_local0); destination(firewall); };
log { source(src); filter(f_local7); destination(dhcp); };



Hopelessly lost......thanks for any insight/education...


-- 
Chet