# # Syslog-ng example configuration for for Debian GNU/Linux # # Copyright (c) 1999 anonymous # Copyright (c) 1999 Balazs Scheidler # $Id: syslog-ng.conf,v 1.30 2011/04/12 18:33:59 dieter Exp $ # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. # options { long_hostnames(off); sync(0); log_fifo_size(1000); }; #source src { unix-stream("/dev/log"); internal(); }; source net { udp(); }; source kernel { file("/proc/kmsg"); }; source syslog { internal(); }; #source src { file("/proc/kmsg"); unix-stream("/dev/log"); internal(); }; source src { unix-stream("/dev/log");}; source postfix { unix-stream("/chroot/postfix/root/dev/log");}; destination authlog { file("/var/log/syslog-ng/auth-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination syslog { file("/var/log/syslog-ng/syslog-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination cron { file("/var/log/syslog-ng/cron-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination daemon { file("/var/log/syslog-ng/daemon-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination kern { file("/var/log/syslog-ng/kern-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination lpr { file("/var/log/syslog-ng/lpr-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination user { file("/var/log/syslog-ng/user-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination uucp { file("/var/log/syslog-ng/uucp-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination ppp { file("/var/log/syslog-ng/ppp-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination mail { file("/var/log/syslog-ng/mail-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination lynx { file("/var/log/syslog-ng/lynx-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination noad { file("/var/log/syslog-ng/noad-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination vdr { file("/var/log/syslog-ng/vdr-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination cups { file("/var/log/syslog-ng/cups-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination raid { file("/var/log/syslog-ng/raid-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination postfix { file("/var/log/syslog-ng/postfix-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination mailinfo { file("/var/log/syslog-ng/mail-$YEAR-$MONTH-$DAY.info" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination mailwarn { file("/var/log/syslog-ng/mail-$YEAR-$MONTH-$DAY.warn" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination mailerr { file("/var/log/syslog-ng/mail-$YEAR-$MONTH-$DAY.err" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination newscrit { file("/var/log/syslog-ng/news/news.crit"); }; destination newserr { file("/var/log/syslog-ng/news/news.err"); }; destination newsnotice { file("/var/log/syslog-ng/news/news.notice"); }; destination debug { file("/var/log/syslog-ng/debug-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination messages { file("/var/log/syslog-ng/messages-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty12"); }; #destination loghost { udp("loghost" port(999)); }; destination xconsole { pipe("/dev/xconsole"); }; destination initng { file("/var/log/syslog-ng/initng-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination bind { file("/var/log/syslog-ng/bind-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination dhcpd { file("/var/log/syslog-ng/dhcpd-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination elsa { file("/var/log/syslog-ng/elsa-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination net { file("/var/log/syslog-ng/syslog-net-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination raid { file("/var/log/syslog-ng/raid-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination xinetd { file("/var/log/syslog-ng/xinetd-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination ntpd { file("/var/log/syslog-ng/ntpd-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination cipe { file("/var/log/syslog-ng/cipe-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; #destination cipe1 { file("/var/run/cipe/log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination cyrus { file("/var/log/syslog-ng/cyrus-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination isdnlog { file("/var/log/syslog-ng/isdnlog-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination firewall { file("/var/log/syslog-ng/firewall-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination dhclient { file("/var/log/syslog-ng/dhclient-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination usbmgr { file("/var/log/syslog-ng/usbmgr-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination nagios { file("/var/log/syslog-ng/nagios-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination hylafax { file("/var/log/syslog-ng/hylafax-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination syslog-ng { file("/var/log/syslog-ng/syslog-ng-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination dante { file("/var/log/syslog-ng/dante-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination sudo { file("/var/log/syslog-ng/sudo-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination asterisk { file("/var/log/syslog-ng/asterisk-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination tinc { file("/var/log/syslog-ng/tinc-$YEAR-$MONTH-$DAY.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail) and not filter(f_bind) and not filter(f_cipe) and not filter(f_firewall) and not filter(f_portmap) and not filter(f_netacl) and not filter(f_dhclient) and not filter(f_telnetd) and not filter(f_nagios) and not filter(f_cups) and not filter(f_dante) and not filter(f_sudo) and not filter(f_asterisk) and not filter(f_tinc) and not filter(f_hylafax) and not filter(f_squid) and not filter(f_vdr) and not filter(f_noad) and not filter(f_lynx) and not filter(f_ntp) and not filter(f_cron) and not filter(f_cyrus) and not filter(f_usbmgr) and not filter(f_xinetd) and not filter(f_automount) and not filter(f_authsrv) and not filter(f_isdnlog) and not filter(f_dhcpd) and not filter(f_initng); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon) and not filter(f_bind) and not filter(f_isdnlog) and not filter(f_usbmgr) and not filter(f_hylafax) and not filter(f_cups) and not filter(f_asterisk) and not filter(f_sudo) and not filter(f_dante) and not filter(f_tinc) and not filter(f_dhclient) and not filter(f_ciped-cb) and not filter(f_dhcpd) and not filter(f_xinetd) and not filter(f_squid) ; }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr) and not filter(f_cups); }; filter f_mail { facility(mail); }; filter f_user { facility(user) and not filter(f_nagios) and not filter(f_noad) and not filter(f_vdr) ; }; #filter f_uucp { facility(cron); }; filter f_ppp { facility(local2); }; filter f_news { facility(news); }; #filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_debug { not facility(auth, authpriv, news, mail) and not filter(f_firewall) and not filter(f_bind) and not filter(f_nagios) and not filter(f_nagios) and not filter(f_lynx) and not filter(f_asterisk) and not filter(f_sudo) and not filter(f_dante) and not filter(f_tinc) and not filter(f_imap) and not filter(f_cron) and not filter(f_noad) and not filter(f_vdr) and not filter(f_cups) and not filter(f_raid) and not filter(f_telnetd) and not filter(f_dhclient) and not filter(f_cyrus) and not filter(f_ntp) and not filter(f_portmap) and not filter(f_ciped-cb) and not filter(f_netacl) and not filter(f_automount) and not filter(f_usbmgr) and not filter(f_isdnlog) and not filter(f_hylafax) and not filter(f_authsrv) and not filter(f_dhcpd) and not filter(f_squid) and not filter(f_xinetd) and not filter(f_initng); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news) and not filter(f_telnetd) and not filter(f_nagios) and not filter(f_asterisk) and not filter(f_sudo) and not filter(f_dante) and not filter(f_tinc) and not filter(f_lynx) and not filter(f_noad) and not filter(f_vdr) and not filter(f_imap) and not filter(f_bind) and not filter(f_initng) and not filter(f_authsrv) and not filter(f_cups) and not filter(f_ciped-cb) and not filter(f_nagios) and not filter(f_ntp) and not filter(f_hylafax) and not filter(f_cron) and not filter(f_dhclient) and not filter(f_usbmgr) and not filter(f_cyrus) and not filter(f_isdnlog) and not filter(f_dhcpd) and not filter(f_netacl) and not filter(f_automount) and not filter(f_xinetd) and not filter(f_initng); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_bind { program(named); }; filter f_vdr { program(vdr); }; filter f_noad { program(noad); }; filter f_automount { program(automount); }; #filter f_firewall { facility(kern);}; filter f_firewall { match("Packet log:") or (match("IN=") and match("OUT=") and match("TTL=")); }; filter f_kernel { not filter(f_firewall); }; filter f_cipe { program(ciped-cb); }; filter f_cipe_ok { not match("Connection refused"); }; filter f_cups { program(cups-lpd); }; filter f_telnetd { program(telnetd); }; filter f_authsrv { program(authsrv); }; filter f_xinetd { program(xinetd); }; filter f_imap { program(imap); }; filter f_dante { program(dante); }; filter f_dante { program(sudo); }; filter f_asterisk { program(asterisk); }; filter f_tinc { program(tincd); }; filter f_ntp { program(ntpd); }; filter f_squid { program(squid); }; filter f_dhcpd { program(dhcpd); }; filter f_usbmgr { program(usbmgr); }; filter f_raid { program(mdadm); }; filter f_isdnlog { program(isdnlog); }; filter f_portmap { program(portmap); }; filter f_ciped-cb { program(ciped-cb); }; filter f_netacl { program(netacl); }; filter f_nagios { program(nagios); }; filter f_hylafax { facility(local0); }; #filter f_hylafax { match("FAX ") or match("FAX:") or program(faxgetty); }; filter f_dhclient { program(dhclient); }; filter f_lynx { program(lynx); }; filter f_cyrus { program(ctl_cyrusdb) or filter(f_cyrus_master) or filter(f_imap) or program(lmtpunix); }; filter f_cyrus_master { program(master) and not facility(mail); }; filter f_cron { facility(cron); }; filter f_initng { program(initng) or program(InitNG); }; filter f_elsa { host(isdn-router) or host(ISDN-Router) or host(elsa); }; filter f_remote { not filter(f_elsa); }; log { source(syslog); destination(syslog-ng); }; log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; #log { source(src); filter(f_kern); destination(kern); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_lynx); destination(lynx); }; log { source(src); filter(f_user); destination(user); }; #log { source(src); filter(f_uucp); destination(uucp); }; #log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; log { source(src); filter(f_news); filter(f_err); destination(newserr); }; log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_dante); destination(dante); }; log { source(src); filter(f_sudo); destination(sudo); }; log { source(src); filter(f_asterisk); destination(asterisk); }; log { source(src); filter(f_tinc); destination(tinc); }; log { source(src); filter(f_cyrus); destination(cyrus); }; log { source(src); filter(f_messages); destination(messages); }; #log { source(src); filter(f_emergency); destination(console); }; log { source(src); filter(f_ppp); destination(ppp); }; log { source(src); destination(console_all); }; log { source(src); filter(f_bind); destination(bind); }; log { source(kernel); filter(f_firewall); destination(firewall); }; log { source(src); filter(f_cipe); filter(f_cipe_ok); destination(cipe); }; #log { source(src); filter(f_cipe); destination(cipe1); }; log { source(src); filter(f_raid); destination(raid); }; log { source(src); filter(f_isdnlog); destination(isdnlog); }; log { source(src); filter(f_initng); destination(initng); }; log { source(src); filter(f_xinetd); destination(xinetd); }; log { source(src); filter(f_vdr); destination(vdr); }; log { source(src); filter(f_noad); destination(noad); }; log { source(src); filter(f_ntp); destination(ntpd); }; log { source(src); filter(f_dhcpd); destination(dhcpd); }; log { source(src); filter(f_cups); destination(cups); }; log { source(src); filter(f_dhclient); destination(dhclient); }; log { source(src); filter(f_usbmgr); destination(usbmgr); }; log { source(src); filter(f_nagios); destination(nagios); }; log { source(net); filter(f_elsa); destination(elsa); }; log { source(net); filter(f_remote); destination(net); }; log { source(kernel); filter(f_kernel); destination(kern); }; log { source(postfix); destination(postfix); }; log { source(src); filter(f_hylafax); destination(hylafax); };