- sample config entries for syslog server

[packages/syslog-ng.git] / syslog-ng.conf

diff --git a/syslog-ng.conf b/syslog-ng.conf
index 725bdc0299aefed33ad98332115b307f32e95823..dfd5fc4b16206456cdf020bcb80cca7ff73eae55 100644 (file)
--- a/syslog-ng.conf
+++ b/syslog-ng.conf
@@ -27,8 +27,8 @@ source s_sys {
        internal();
 };
 
-# uncomment the line below if you want to setup syslog server
-#source s_net  { udp(); };
+# uncomment the line below and change ip/port if you want to run syslog server
+#source s_net  udp(ip(192.168.1.100),port(514));
 
 #destination d_loghost { udp("loghost" port(514)); };
 
@@ -49,8 +49,7 @@ destination d_audit   { file("/var/log/audit"); };
 destination d_postgres { file("/var/log/pgsql"); };
 destination d_freshclam        { file("/var/log/freshclam.log"); };
 
-# Log iptables messages to separate file
-destination d_iptables { file("/var/log/iptables"); };
+destination d_shorewall        { file("/var/log/shorewall"); };
 
 destination d_console  { usertty("root"); };
 #destination d_console_all     { file("/dev/tty12"); };
@@ -61,6 +60,9 @@ destination d_newscrit        { file("/var/log/news/news.crit" owner(news) group(news))
 destination d_newserr  { file("/var/log/news/news.err" owner(news) group(news)); };
 destination d_newsnotice       { file("/var/log/news/news.notice" owner(news) group(news)); };
 
+# uncomment the line below if you want to run syslog server
+#destination d_from_net { file("/var/log/$HOST.log" owner(root) group(root) perm(0644) dir_perm(0700) create_dirs(yes)); };
+
 # Filters for standard syslog(3) facilities
 #filter f_audit                { facility(audit); };
 filter f_authpriv      { facility(authpriv, auth); };
@@ -97,7 +99,13 @@ filter p_emergency   { level(emerg); };
 filter f_freshclam     { program(freshclam); };
 filter f_ppp           { program(pppd) or program(chat); };
 filter f_postgres      { program(postgres); };
-filter f_iptables      { match("IN=[A-Za-z0-9\.]* OUT=[A-Za-z0-9\.]*" value("MESSAGE")); };
+filter f_shorewall     { facility(kern) and match("Shorewall:" value("MESSAGE")); };
+
+# uncomment the line below if you want to run syslog server
+#log { source(s_net); destination(d_from_net); flags(final); };
+
+# log shorewall to separate log file by default
+log { source(s_src); filter(f_shorewall); destination(d_shorewall); flags(final); };
 
 log { source(s_sys); filter(f_authpriv);       destination(d_authlog); };
 log { source(s_sys); filter(f_cron);           destination(d_cron); };
@@ -122,7 +130,6 @@ log { source(s_sys); filter(p_debug);               destination(d_debug); };
 log { source(s_sys); filter(f_daemon); filter(f_ppp);          destination(d_ppp); };
 log { source(s_sys); filter(f_local6); filter(f_freshclam);    destination(d_freshclam); };
 log { source(s_sys); filter(f_local0); filter(f_postgres);     destination(d_postgres); };
-#log { source(s_sys); filter(f_iptables);      destination(d_iptables); };
 
 log { source(s_sys); filter(p_emergency);      destination(d_console); };
 #log { source(s_sys); destination(d_console_all); };