Created
December 30, 2011 02:18
-
-
Save kylewest/1537323 to your computer and use it in GitHub Desktop.
syslog-ng
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@version: 3.0 | |
# For a description of syslog-ng configuration file directives, please read | |
# the syslog-ng Administrator's guide at: | |
# | |
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html | |
# | |
# Source: https://wiki.archlinux.org/index.php/Syslog-ng | |
# | |
########################################################## | |
# OPTIONS | |
# | |
options { | |
create_dirs(yes); | |
# use_dns(no); | |
use_dns(persist_only); | |
dns_cache_hosts(/etc/hosts); | |
dns_cache_expire(87600); | |
# disable the chained hostname format in logs (default is enabled) | |
chain_hostnames(0); | |
# the number of lines fitting in the output queue | |
log_fifo_size(512); | |
# enable or disable directory creation for destination files | |
create_dirs(yes); | |
# default owner, group, and permissions for log files (defaults are 0, 0, 0600) | |
owner(root); | |
group(root); | |
perm(0640); | |
# default owner, group, and permissions for created directories (defaults are 0, 0, 0700) | |
dir_owner(root); | |
dir_group(root); | |
dir_perm(0740); | |
# the time to wait before a died connection is re-established (default is 60) | |
time_reopen(10); | |
# the time to wait before an idle destination file is closed (default is 60) | |
time_reap(360); | |
# default no | |
use_fqdn(no); | |
keep_hostname(yes); | |
# disable stats | |
stats_freq(0); | |
}; | |
########################################################## | |
# SOURCES | |
# | |
source local_src { | |
# message generated by syslog-ng | |
internal(); | |
# standard Linux log source (this is the default place for the syslog() function to send logs to) | |
unix-stream("/dev/log"); | |
# messages from the kernel | |
file("/proc/kmsg" program_override("kernel: ")); | |
# rpmware apache logs | |
file("/home/kylewest/public_html/rpmware.com/logs/access.log" follow_freq(1) flags(no-parse)); | |
file("/home/kylewest/public_html/rpmware.com/logs/error.log" follow_freq(1) flags(no-parse)); | |
}; | |
########################################################## | |
# DESTINATIONS | |
# | |
destination d_file { file("/var/log/$YEAR-$MONTH/$YEAR-$MONTH-$DAY.log" template("$HOUR:$MIN:$SEC [$LEVEL] [$FACILITY] [$PROGRAM] $MSG\n") template_escape(no)); }; | |
destination d_authlog { file("/var/log/auth.log"); }; | |
destination d_cron { file("/var/log/cron.log"); }; | |
destination d_daemon { file("/var/log/daemon.log"); }; | |
destination d_kern { file("/var/log/kern.log"); }; | |
destination d_lpr { file("/var/log/lpr.log"); }; | |
destination d_user { file("/var/log/user.log"); }; | |
destination d_uucp { file("/var/log/uucp.log"); }; | |
destination d_ppp { file("/var/log/ppp.log"); }; | |
destination d_mail { file("/var/log/mail.log"); }; | |
destination d_mailinfo { file("/var/log/mail.info"); }; | |
destination d_mailwarn { file("/var/log/mail.warn"); }; | |
destination d_mailerr { file("/var/log/mail.err"); }; | |
destination d_newscrit { file("/var/log/news/news.crit"); }; | |
destination d_newserr { file("/var/log/news/news.err"); }; | |
destination d_newsnotice { file("/var/log/news/news.notice"); }; | |
destination d_debug { file("/var/log/debug.log"); }; | |
destination d_messages { file("/var/log/messages.log"); }; | |
destination d_xconsole { pipe("/dev/xconsole"); }; | |
########################################################## | |
# FILTERS | |
# | |
filter f_auth { facility(auth); }; | |
filter f_authpriv { facility(auth, authpriv); }; | |
filter f_syslog { program(syslog-ng); }; | |
filter f_cron { facility(cron); }; | |
filter f_daemon { facility(daemon); }; | |
filter f_kernel { facility(kern) and not filter(f_iptables); }; | |
filter f_lpr { facility(lpr); }; | |
filter f_mail { facility(mail); }; | |
filter f_news { facility(news); }; | |
filter f_user { facility(user); }; | |
filter f_uucp { facility(cron); }; | |
filter f_news { facility(news); }; | |
filter f_ppp { facility(local2); }; | |
filter f_debug { not facility(auth, authpriv, news, mail); }; | |
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); }; | |
filter f_everything { level(debug..emerg); }; | |
filter f_emergency { level(emerg); }; | |
filter f_info { level(info); }; | |
filter f_notice { level(notice); }; | |
filter f_warn { level(warn); }; | |
filter f_crit { level(crit); }; | |
filter f_err { level(err); }; | |
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; | |
filter f_acpid { program("acpid"); }; | |
filter f_failed { match("failed" value(MESSAGE)); }; | |
filter f_denied { match("denied" value(MESSAGE)); }; | |
########################################################## | |
# LOG | |
# | |
log { source(local_src); destination(d_file); }; | |
log { source(local_src); filter(f_authpriv); destination(d_authlog); }; | |
log { source(local_src); filter(f_user); destination(d_user); }; | |
log { source(local_src); filter(f_cron); destination(d_cron); }; | |
log { source(local_src); filter(f_daemon); destination(d_daemon); }; | |
log { source(local_src); filter(f_kernel); destination(d_kern); }; | |
log { source(local_src); filter(f_lpr); destination(d_lpr); }; | |
log { source(local_src); filter(f_mail); destination(d_mail); }; | |
log { source(local_src); filter(f_uucp); destination(d_uucp); }; | |
log { source(local_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; | |
log { source(local_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; | |
log { source(local_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; | |
log { source(local_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; | |
log { source(local_src); filter(f_news); filter(f_err); destination(d_newserr); }; | |
log { source(local_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; | |
log { source(local_src); filter(f_debug); destination(d_debug); }; | |
log { source(local_src); filter(f_messages); destination(d_messages); }; | |
log { source(local_src); filter(f_ppp); destination(d_ppp); }; | |
########################################################## | |
# LOGGLY | |
# | |
destination d_loggly { tcp("logs.loggly.com" port(13558)); }; | |
log { source(local_src); destination(d_loggly); }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# install syslog-ng on debian / ubuntu | |
mkdir syslog-ng | |
cd syslog-ng | |
wget "http://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.1.2/setups/debian-etch-amd64/syslog-ng_3.1.2_amd64.deb" -O syslog-ng.deb | |
sudo dpkg -i syslog-ng.deb |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment