[syslog-ng]syslog-ng conf confusion
Chet Harvey
syslog-ng@lists.balabit.hu
Tue, 13 Jul 2004 10:35:10 -0400
Hi all,
I am trying to change a box from syslog to syslog-ng but I cant quite get the
syntax down. I was hoping someone could steer me in the right direction.
Here is my current syslog.conf:
local0.* %/var/log/filter.log
local7.* %/var/log/dhcpd.log
*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none
%/var/log/system.log
security.* %/var/log/system.log
auth.info;authpriv.info;daemon.info %/var/log/system.log
*.emerg *
This is how I did my syslog-ng.conf:
#
# This sample configuration file is essentially equilivent to the stock
# FreeBSD /etc/syslog.conf file.
#
#
# options
options { long_hostnames(off);
sync(0); };
source src { unix-stream("/var/run/log"); pipe("/dev/klog");
internal(); };
destination dest { file("/var/log/filter.log"); };
destination stunnel { tcp("127.0.0.1" port(514)); };
log { source(src);destination(dest); };
log { source(src);destination(stunnel); };
#
# destinations
#
destination messages { file("/var/log/system.log"); };
destination firewall { file("/var/log/filter.log"); };
destination dhcp { file("/var/log/dhcp.log"); };
# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
#
# *.err;kern.debug;auth.notice;mail.crit /dev/console
#
#
# *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
#
log { source(src); filter(f_notice); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
log { source(src); filter(f_news); filter(f_err); destination(messages); };
#
# security.* /var/log/security
#
log { source(src); filter(f_security); destination(messages); };
## firewall specific
log { source(src); filter(f_local0); destination(firewall); };
log { source(src); filter(f_local7); destination(dhcp); };
Hopelessly lost......thanks for any insight/education...
--
Chet