[syslog-ng] Rép. : Re: Question about Syslog

FRANCIS PROVENCHER francis.provencher at msp.gouv.qc.ca
Fri Nov 2 16:53:05 CET 2007


Thanks here my syslog-ng.conf
 
 
Server# cat /usr/local/etc/syslog-ng.conf
#
# This sample configuration file is essentially equilivent to the
stock
# FreeBSD /etc/syslog.conf file.
#
 
#
# options
#
options { long_hostnames(off); sync(0); };
 
#
# sources
#
source src { unix-dgram("/var/run/log");
             unix-dgram("/var/run/logpriv" perm(0600));
             udp(); internal(); file("/dev/klog"); };
 
 
 
source net { udp(ip(127.0.0.1) port(514)); };
 
 
 
 
 

#
# destinations
#
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };
destination authlog { file("/var/log/auth.log"); };
destination maillog { file("/var/log/maillog"); };
destination lpd-errs { file("/var/log/lpd-errs"); };
destination xferlog { file("/var/log/xferlog"); };
destination cron { file("/var/log/cron"); };
destination debuglog { file("/var/log/debug.log"); };
destination consolelog { file("/var/log/console.log"); };
destination all { file("/var/log/all.log"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
destination serveurname {
   file("/var/log/SERVEURNAME/$YEAR/$MONTH/$DAY/$HOST.log"
   owner(root) group(wheel) perm(0600) dir_perm(0700)
create_dirs(yes));
};
 

#
# log facility filters
#
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_not_authpriv { not facility(authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
 
#
# log level filters
#
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
filter f_is_debug { level(debug); };
 
#
# program filters
#
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
 
#
# *.err;kern.warning;auth.notice;mail.crit              /dev/console
#
log { source(src); filter(f_err); destination(console); };
log { source(src); filter(f_kern); filter(f_warning);
destination(console); };
log { source(src); filter(f_auth); filter(f_notice);
destination(console); };
log { source(src); filter(f_mail); filter(f_crit);
destination(console); };
 
#
# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
#
log { source(src); filter(f_notice); filter(f_not_authpriv);
destination(messages); };
log { source(src); filter(f_kern); filter(f_debug);
destination(messages); };
log { source(src); filter(f_lpr); filter(f_info);
destination(messages); };
log { source(src); filter(f_mail); filter(f_crit);
destination(messages); };
log { source(src); filter(f_news); filter(f_err);
destination(messages); };
 
#
# security.*                                           
/var/log/security
#
log { source(src); filter(f_security); destination(security); };
 
#
# auth.info;authpriv.info                              
/var/log/auth.log
log { source(src); filter(f_auth); filter(f_info);
destination(authlog); };
log { source(src); filter(f_authpriv); filter(f_info);
destination(authlog); };
 
#
# mail.info                                            
/var/log/maillog
#
log { source(src); filter(f_mail); filter(f_info);
destination(maillog); };
 
#
# lpr.info                                             
/var/log/lpd-errs
#
log { source(src); filter(f_lpr); filter(f_info);
destination(lpd-errs); };
 
#
# ftp.info                                             
/var/log/xferlog
#
log { source(src); filter(f_ftp); filter(f_info); destination(xferlog);
};
 
#
# cron.*                                                /var/log/cron
#
log { source(src); filter(f_cron); destination(cron); };
 
#
# *.=debug                                             
/var/log/debug.log
#
log { source(src); filter(f_is_debug); destination(debuglog); };
 
#
# *.emerg                                               *
#
log { source(src); filter(f_emerg); destination(allusers); };
 
#
# uncomment this to log all writes to /dev/console to
/var/log/console.log
# console.info                                         
/var/log/console.log
#
#log { source(src); filter(f_console); filter(f_info);
destination(consolelog); };
 
#
# uncomment this to enable logging of all log messages to
/var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
# *.*                                                  
/var/log/all.log
#
#log { source(src); destination(all); };
 
#
# uncomment this to enable logging to a remote loghost named loghost
# *.*                                                   @loghost
#
#log { source(src); destination(loghost); };
 
#
# uncomment these if you're running inn
# news.crit                                            
/var/log/news/news.crit
# news.err                                             
/var/log/news/news.err
# news.notice                                          
/var/log/news/news.notice
#
#log { source(src); filter(f_news); filter(f_crit);
destination(newscrit); };
#log { source(src); filter(f_news); filter(f_err);
destination(newserr); };
#log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice); };
 
#
# !startslip
# *.*                                                  
/var/log/slip.log
#
log { source(src); filter(f_slip); destination(slip); };
 
#
# !ppp
# *.*                                                  
/var/log/ppp.log
#
log { source(src); filter(f_ppp); destination(ppp); };
 
#######################
### Remote Hosts ######
#######################
 
# *.err;kern.warning;auth.notice;mail.crit
log { source(net); filter(f_err); destination(SERVEURNAME); };
log { source(net); filter(f_kern); filter(f_warning);
destination(SERVEURNAME); };
log { source(net); filter(f_auth); filter(f_notice);
destination(SERVEURNAME); };
log { source(net); filter(f_mail); filter(f_crit);
destination(SERVEURNAME); };
 
# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
log { source(net); filter(f_notice); filter(f_not_authpriv);
destination(SERVEURNAME); };
log { source(net); filter(f_kern); filter(f_debug);
destination(SERVEURNAME); };
log { source(net); filter(f_lpr); filter(f_info);
destination(SERVEURNAME); };
log { source(net); filter(f_mail); filter(f_crit);
destination(SERVEURNAME); };
log { source(net); filter(f_news); filter(f_err);
destination(SERVEURNAME); };
 
# security.*
log { source(net); filter(f_security); destination(SERVEURNAME); };
 
# auth.info;authpriv.info
log { source(net); filter(f_auth); filter(f_info);
destination(SERVEURNAME); };
log { source(net); filter(f_authpriv); filter(f_info);
destination(SERVEURNAME); };
 
# mail.info
log { source(net); filter(f_mail); filter(f_info);
destination(SERVEURNAME); };
 
# cron.*
log { source(net); filter(f_cron); destination(SERVEURNAME); };
 
# *.=debug
log { source(net); filter(f_is_debug); destination(SERVEURNAME); };
 
# *.emerg
log { source(net); filter(f_emerg); destination(SERVEURNAME); };
 
# local.*
log { source(net); filter(f_local0);  destination(SERVEURNAME); };
log { source(net); filter(f_local1);  destination(SERVEURNAME); };
log { source(net); filter(f_local2);  destination(SERVEURNAME); };
log { source(net); filter(f_local3);  destination(SERVEURNAME); };
log { source(net); filter(f_local4);  destination(SERVEURNAME); };
log { source(net); filter(f_local5);  destination(SERVEURNAME); };
log { source(net); filter(f_local6);  destination(SERVEURNAME); };
log { source(net); filter(f_local7);  destination(SERVEURNAME); };

 
Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel:   Francis.provencher at Msp.gouv.qc.ca 
 
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +

>>> Evan Rempel <erempel at uvic.ca> 2/11/2007 11:35 >>>

FRANCIS PROVENCHER wrote:
> Hi all,
>  
> I configure a central syslogger.
> In my syslog-ng.conf
>  
> destination "servername" {
>    file("/var/log/"servername"/$YEAR/$MONTH/$DAY/$HOST.log"
>    owner(root) group(wheel) perm(0600) dir_perm(0700)
> create_dirs(yes));
> };
>  
>  
> But the syslog call/errors from "servername" is write in
> /var/log/messages ...
> What i'm making wrong?

Can you post your entire syslog-ng.conf file. With the information you
have provided, the best I can do is refer you to the documentation.

-- 
Evan Rempel
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu 
https://lists.balabit.hu/mailman/listinfo/syslog-ng 
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071102/31bb580a/attachment-0001.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FRANCIS PROVENCHER4.vcf
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071102/31bb580a/attachment-0001.txt 


More information about the syslog-ng mailing list