From: Marcin Krol Date: Wed, 11 Jul 2018 18:35:13 +0000 (+0000) Subject: - sample config entries for syslog server X-Git-Url: https://git.tld-linux.org/?a=commitdiff_plain;h=8befbf299e422df311b4c09d0dc5411212012336;p=packages%2Fsyslog-ng.git - sample config entries for syslog server - log shorewall to separate file --- diff --git a/syslog-ng.conf b/syslog-ng.conf index 725bdc0..dfd5fc4 100644 --- a/syslog-ng.conf +++ b/syslog-ng.conf @@ -27,8 +27,8 @@ source s_sys { internal(); }; -# uncomment the line below if you want to setup syslog server -#source s_net { udp(); }; +# uncomment the line below and change ip/port if you want to run syslog server +#source s_net udp(ip(192.168.1.100),port(514)); #destination d_loghost { udp("loghost" port(514)); }; @@ -49,8 +49,7 @@ destination d_audit { file("/var/log/audit"); }; destination d_postgres { file("/var/log/pgsql"); }; destination d_freshclam { file("/var/log/freshclam.log"); }; -# Log iptables messages to separate file -destination d_iptables { file("/var/log/iptables"); }; +destination d_shorewall { file("/var/log/shorewall"); }; destination d_console { usertty("root"); }; #destination d_console_all { file("/dev/tty12"); }; @@ -61,6 +60,9 @@ destination d_newscrit { file("/var/log/news/news.crit" owner(news) group(news)) destination d_newserr { file("/var/log/news/news.err" owner(news) group(news)); }; destination d_newsnotice { file("/var/log/news/news.notice" owner(news) group(news)); }; +# uncomment the line below if you want to run syslog server +#destination d_from_net { file("/var/log/$HOST.log" owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); }; + # Filters for standard syslog(3) facilities #filter f_audit { facility(audit); }; filter f_authpriv { facility(authpriv, auth); }; @@ -97,7 +99,13 @@ filter p_emergency { level(emerg); }; filter f_freshclam { program(freshclam); }; filter f_ppp { program(pppd) or program(chat); }; filter f_postgres { program(postgres); }; -filter f_iptables { match("IN=[A-Za-z0-9\.]* OUT=[A-Za-z0-9\.]*" value("MESSAGE")); }; +filter f_shorewall { facility(kern) and match("Shorewall:" value("MESSAGE")); }; + +# uncomment the line below if you want to run syslog server +#log { source(s_net); destination(d_from_net); flags(final); }; + +# log shorewall to separate log file by default +log { source(s_src); filter(f_shorewall); destination(d_shorewall); flags(final); }; log { source(s_sys); filter(f_authpriv); destination(d_authlog); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; @@ -122,7 +130,6 @@ log { source(s_sys); filter(p_debug); destination(d_debug); }; log { source(s_sys); filter(f_daemon); filter(f_ppp); destination(d_ppp); }; log { source(s_sys); filter(f_local6); filter(f_freshclam); destination(d_freshclam); }; log { source(s_sys); filter(f_local0); filter(f_postgres); destination(d_postgres); }; -#log { source(s_sys); filter(f_iptables); destination(d_iptables); }; log { source(s_sys); filter(p_emergency); destination(d_console); }; #log { source(s_sys); destination(d_console_all); }; diff --git a/syslog-ng.spec b/syslog-ng.spec index 3d11e27..e70e816 100644 --- a/syslog-ng.spec +++ b/syslog-ng.spec @@ -424,7 +424,7 @@ ln -snf %{slibdir}/$(basename $RPM_BUILD_ROOT%{slibdir}/libloggen_plugin-%{mver} cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/syslog-ng/syslog-ng.conf cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/syslog-ng -for n in cron daemon debug iptables kernel lpr maillog messages secure spooler syslog user xferlog; do +for n in cron daemon debug kernel lpr maillog messages secure shorewall spooler syslog user xferlog; do > $RPM_BUILD_ROOT/var/log/$n done touch $RPM_BUILD_ROOT/etc/sysconfig/%{name} @@ -581,12 +581,12 @@ exit 0 %attr(640,root,logs) %ghost /var/log/cron %attr(640,root,logs) %ghost /var/log/daemon %attr(640,root,logs) %ghost /var/log/debug -%attr(640,root,logs) %ghost /var/log/iptables %attr(640,root,logs) %ghost /var/log/kernel %attr(640,root,logs) %ghost /var/log/lpr %attr(640,root,logs) %ghost /var/log/maillog %attr(640,root,logs) %ghost /var/log/messages %attr(640,root,logs) %ghost /var/log/secure +%attr(640,root,logs) %ghost /var/log/shorewall %attr(640,root,logs) %ghost /var/log/spooler %attr(640,root,logs) %ghost /var/log/syslog %attr(640,root,logs) %ghost /var/log/user