marcbachmann/syslog-ng.conf

## syslog-ng.conf
@version: 3.12

options {
  chain_hostnames(0);
  time_reopen(10);
  time_reap(360);
  log_fifo_size(2048);
  create_dirs(yes);
  group(adm);
  perm(0640);
  dir_perm(0755);
  use_dns(no);
  stats_freq(0);
};

source s_all {
  internal();
  unix-dgram("/dev/log");
  file("/proc/kmsg" program_override("kernel"));
};

source s_rc {
  file("/var/log/rc.log" program_override("openrc"));
};

source s_docker_containers {
  wildcard-file(
    base-dir("/mnt/data/docker/containers")
    filename-pattern("*.log")
    flags(no-parse)
    recursive(yes)
    log-fetch-limit(1000)
  );
};

destination df_auth { file("/var/log/auth.log"); };
destination df_kern { file("/var/log/kern.log"); };
destination df_mail { file("/var/log/mail.log"); };
destination df_error { file("/var/log/error.log"); };
destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
destination df_debug { file("/var/log/debug"); };
destination df_messages { file("/var/log/messages"); };
destination du_all { usertty("*"); };
destination df_docker_containers { file("/var/log/docker_containers.log"); };

# destination d_es {
#  elasticsearch(
#    index("containers-${YEAR}.${MONTH}.${DAY}")
#    type("test")
#    cluster("syslog-ng")
#    template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n");
#  );
# };

filter f_auth { facility(auth,authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ftp { facility(ftp); };
filter f_at_least_info { level(info..emerg); };
filter f_at_least_notice { level(notice..emerg); };
filter f_at_least_warn { level(warn..emerg); };
filter f_at_least_err { level(err..emerg); };
filter f_at_least_crit { level(crit..emerg); };
filter f_debug { level(debug) and not facility(auth,authpriv,kern,mail); };
filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,kern,mail,ftp); };
filter f_emerg { level(emerg); };

# parser pattern_db {
#   db-parser(file("/opt/syslog-ng/etc/patterndb.xml") );
# };


log {
  source(s_all);
  filter(f_auth);
  destination(df_auth);
};

log {
  source(s_all);
  filter(f_kern);
  destination(df_kern);
};

log {
  source(s_all);
  filter(f_mail);
  destination(df_mail);
};

log {
  source(s_all);
  filter(f_debug);
  destination(df_debug);
};

log {
  source(s_all);
  filter(f_messages);
  destination(df_messages);
};

log {
  source(s_all);
  filter(f_emerg);
  destination(du_all);
};

log {
  source(s_docker_containers);
  destination(df_docker_containers);
};
	@version: 3.12

	options {
	chain_hostnames(0);
	time_reopen(10);
	time_reap(360);
	log_fifo_size(2048);
	create_dirs(yes);
	group(adm);
	perm(0640);
	dir_perm(0755);
	use_dns(no);
	stats_freq(0);
	};

	source s_all {
	internal();
	unix-dgram("/dev/log");
	file("/proc/kmsg" program_override("kernel"));
	};

	source s_rc {
	file("/var/log/rc.log" program_override("openrc"));
	};

	source s_docker_containers {
	wildcard-file(
	base-dir("/mnt/data/docker/containers")
	filename-pattern("*.log")
	flags(no-parse)
	recursive(yes)
	log-fetch-limit(1000)
	);
	};

	destination df_auth { file("/var/log/auth.log"); };
	destination df_kern { file("/var/log/kern.log"); };
	destination df_mail { file("/var/log/mail.log"); };
	destination df_error { file("/var/log/error.log"); };
	destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
	destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
	destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
	destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
	destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
	destination df_debug { file("/var/log/debug"); };
	destination df_messages { file("/var/log/messages"); };
	destination du_all { usertty("*"); };
	destination df_docker_containers { file("/var/log/docker_containers.log"); };

	# destination d_es {
	# elasticsearch(
	# index("containers-${YEAR}.${MONTH}.${DAY}")
	# type("test")
	# cluster("syslog-ng")
	# template("$(format-json --scope rfc3164 --scope nv-pairs --exclude R_DATE --key ISODATE)\n");
	# );
	# };

	filter f_auth { facility(auth,authpriv); };
	filter f_cron { facility(cron); };
	filter f_daemon { facility(daemon); };
	filter f_kern { facility(kern); };
	filter f_lpr { facility(lpr); };
	filter f_mail { facility(mail); };
	filter f_news { facility(news); };
	filter f_user { facility(user); };
	filter f_uucp { facility(uucp); };
	filter f_ftp { facility(ftp); };
	filter f_at_least_info { level(info..emerg); };
	filter f_at_least_notice { level(notice..emerg); };
	filter f_at_least_warn { level(warn..emerg); };
	filter f_at_least_err { level(err..emerg); };
	filter f_at_least_crit { level(crit..emerg); };
	filter f_debug { level(debug) and not facility(auth,authpriv,kern,mail); };
	filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,kern,mail,ftp); };
	filter f_emerg { level(emerg); };

	# parser pattern_db {
	# db-parser(file("/opt/syslog-ng/etc/patterndb.xml") );
	# };


	log {
	source(s_all);
	filter(f_auth);
	destination(df_auth);
	};

	log {
	source(s_all);
	filter(f_kern);
	destination(df_kern);
	};

	log {
	source(s_all);
	filter(f_mail);
	destination(df_mail);
	};

	log {
	source(s_all);
	filter(f_debug);
	destination(df_debug);
	};

	log {
	source(s_all);
	filter(f_messages);
	destination(df_messages);
	};

	log {
	source(s_all);
	filter(f_emerg);
	destination(du_all);
	};

	log {
	source(s_docker_containers);
	destination(df_docker_containers);
	};