-@version: 3.12
+@version: 4.6
@include "scl.conf"
#
-# Syslog-ng configuration for PLD Linux
+# Syslog-ng configuration for TLD Linux
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
dir_owner(root);
dir_group(logs);
dir_perm(0750);
- stats_freq(3600);
+ stats(freq(3600));
time_reopen(10);
time_reap(360);
mark_freq(600);
};
source s_sys {
-# NOTE:
-# if you are running under systemd and just merged config then you may
-# need to manually fix /dev/log symlink:
-# # ln -s /run/systemd/journal/dev-log /dev/log
system();
internal();
};
-# uncomment the line below if you want to setup syslog server
-#source s_net { udp(); };
-
-# if using systemd, an IP address instead of name may be required here
-#destination d_loghost { udp("loghost" port(514)); };
-
-destination d_kern { file("/var/log/kernel"); };
-destination d_messages { file("/var/log/messages"); };
-destination d_authlog { file("/var/log/secure"); };
-destination d_mail { file("/var/log/maillog"); };
-destination d_uucp { file("/var/log/spooler"); };
-destination d_debug { file("/var/log/debug"); };
-destination d_cron { file("/var/log/cron"); };
-destination d_syslog { file("/var/log/syslog"); };
-destination d_daemon { file("/var/log/daemon"); };
+# uncomment the line below and change ip/port if you want to run syslog server
+#source s_net { udp(ip(192.168.1.100),port(514)); };
+
+# uncomment the line bellow if you want to send logs to syslog server
+#destination d_loghost { udp("loghost" port(514)); };
+
+destination d_kern { file("/var/log/kernel"); };
+destination d_messages { file("/var/log/messages"); };
+destination d_authlog { file("/var/log/secure"); };
+destination d_mail { file("/var/log/maillog"); };
+destination d_uucp { file("/var/log/spooler"); };
+destination d_debug { file("/var/log/debug"); };
+destination d_cron { file("/var/log/cron"); };
+destination d_syslog { file("/var/log/syslog"); };
+destination d_daemon { file("/var/log/daemon"); };
destination d_lpr { file("/var/log/lpr"); };
-destination d_user { file("/var/log/user"); };
+destination d_user { file("/var/log/user"); };
destination d_ppp { file("/var/log/ppp"); };
destination d_ftp { file("/var/log/xferlog"); };
-destination d_audit { file("/var/log/audit"); };
-destination d_postgres { file("/var/log/pgsql"); };
-destination d_freshclam { file("/var/log/freshclam.log"); };
-
-# Log iptables messages to separate file
-destination d_iptables { file("/var/log/iptables"); };
-
-destination d_console { usertty("root"); };
-#destination d_console_all { file("/dev/tty12"); };
-
-destination d_xconsole { pipe("/dev/xconsole"); };
-
-destination d_newscrit { file("/var/log/news/news.crit" owner(news) group(news)); };
-destination d_newserr { file("/var/log/news/news.err" owner(news) group(news)); };
+destination d_audit { file("/var/log/audit"); };
+destination d_freshclam { file("/var/log/freshclam.log"); };
+destination d_shorewall { file("/var/log/shorewall"); };
+destination d_console { usertty("root"); };
+destination d_xconsole { pipe("/dev/xconsole"); };
+destination d_newscrit { file("/var/log/news/news.crit" owner(news) group(news)); };
+destination d_newserr { file("/var/log/news/news.err" owner(news) group(news)); };
destination d_newsnotice { file("/var/log/news/news.notice" owner(news) group(news)); };
+destination d_dhcp { file("/var/log/dhcp"); };
+
+# uncomment the line below if you want to run syslog server
+#destination d_from_net { file("/var/log/$HOST.log" owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); };
# Filters for standard syslog(3) facilities
#filter f_audit { facility(audit); };
# Additional filters for specific programs/use
filter f_freshclam { program(freshclam); };
filter f_ppp { program(pppd) or program(chat); };
-filter f_postgres { program(postgres); };
-filter f_iptables { match("IN=[A-Za-z0-9\.]* OUT=[A-Za-z0-9\.]*" value("MESSAGE")); };
+filter f_shorewall { facility(kern) and match("Shorewall:" value("MESSAGE")); };
+filter f_dhcp { program("dhcpd") or program("dnsmasq-dhcp"); };
-log { source(s_sys); filter(f_authpriv); destination(d_authlog); };
-log { source(s_sys); filter(f_cron); destination(d_cron); };
-log { source(s_sys); filter(f_daemon); destination(d_daemon); };
-log { source(s_sys); filter(f_ftp); destination(d_ftp); };
-log { source(s_sys); filter(f_kern); destination(d_kern); };
-log { source(s_sys); filter(f_lpr); destination(d_lpr); };
-log { source(s_sys); filter(f_mail); destination(d_mail); };
-log { source(s_sys); filter(f_news); filter(p_crit); destination(d_uucp); };
-log { source(s_sys); filter(f_news); filter(p_crit); destination(d_newscrit); };
-log { source(s_sys); filter(f_news); filter(p_err); destination(d_newserr); };
-log { source(s_sys); filter(f_news); filter(p_warn); destination(d_newsnotice); };
-log { source(s_sys); filter(f_news); filter(p_notice); destination(d_newsnotice); };
-log { source(s_sys); filter(f_news); filter(p_info); destination(d_newsnotice); };
-log { source(s_sys); filter(f_news); filter(p_debug); destination(d_newsnotice); };
-log { source(s_sys); filter(f_syslog); destination(d_syslog); };
-log { source(s_sys); filter(f_user); destination(d_user); };
-log { source(s_sys); filter(f_uucp); destination(d_uucp); };
+# uncomment the line below if you want to run syslog server
+#log { source(s_net); destination(d_from_net); flags(final); };
-log { source(s_sys); filter(p_debug); destination(d_debug); };
+# uncomment the line bellow if you want to send logs to syslog server
+#log { source(s_sys); destination(d_loghost); };
+# log shorewall to separate log file by default
+log { source(s_sys); filter(f_shorewall); destination(d_shorewall); flags(final); };
+
+# log dhcp daemons to separate log file by default
+log { source(s_sys); filter(f_dhcp); destination(d_dhcp); flags(final); };
+
+log { source(s_sys); filter(f_authpriv); destination(d_authlog); };
+log { source(s_sys); filter(f_cron); destination(d_cron); };
+log { source(s_sys); filter(f_daemon); destination(d_daemon); };
+log { source(s_sys); filter(f_ftp); destination(d_ftp); };
+log { source(s_sys); filter(f_kern); destination(d_kern); };
+log { source(s_sys); filter(f_lpr); destination(d_lpr); };
+log { source(s_sys); filter(f_mail); destination(d_mail); };
+log { source(s_sys); filter(f_news); filter(p_crit); destination(d_uucp); };
+log { source(s_sys); filter(f_news); filter(p_crit); destination(d_newscrit); };
+log { source(s_sys); filter(f_news); filter(p_err); destination(d_newserr); };
+log { source(s_sys); filter(f_news); filter(p_warn); destination(d_newsnotice); };
+log { source(s_sys); filter(f_news); filter(p_notice); destination(d_newsnotice); };
+log { source(s_sys); filter(f_news); filter(p_info); destination(d_newsnotice); };
+log { source(s_sys); filter(f_news); filter(p_debug); destination(d_newsnotice); };
+log { source(s_sys); filter(f_syslog); destination(d_syslog); };
+log { source(s_sys); filter(f_user); destination(d_user); };
+log { source(s_sys); filter(f_uucp); destination(d_uucp); };
+log { source(s_sys); filter(p_debug); destination(d_debug); };
log { source(s_sys); filter(f_daemon); filter(f_ppp); destination(d_ppp); };
log { source(s_sys); filter(f_local6); filter(f_freshclam); destination(d_freshclam); };
-log { source(s_sys); filter(f_local0); filter(f_postgres); destination(d_postgres); };
-#log { source(s_sys); filter(f_iptables); destination(d_iptables); };
-
-log { source(s_sys); filter(p_emergency); destination(d_console); };
-#log { source(s_sys); destination(d_console_all); };
+log { source(s_sys); filter(p_emergency); destination(d_console); };
# This is a catchall statement, and should catch all messages which were not
# accepted any of the previous statements.
log { source(s_sys); destination(d_messages); flags(fallback); };
-
-# Network syslogging
-#log { source(s_sys); destination(d_loghost); };
TLD / packages / syslog-ng.git / blobdiff