# syslog-ng configuration file. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # This config file should work identical in all respects to a default # syslogd Mandrake 7.2 system # # 20001113 - vdanen@mandrakesoft.com options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source sys { unix-stream ("/dev/log"); internal(); }; source remote { udp(); }; destination auth { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog"); }; destination user { file("/var/log/user.log"); }; destination mesg { file("/var/log/messages"); }; destination secure { file("/var/log/secure"); }; destination mailinfo { file("/var/log/mail/info"); }; destination mailwarn { file("/var/log/mail/warnings"); }; destination mailerr { file("/var/log/mail/error"); }; destination croninfo { file("/var/log/cron/info"); }; destination cronwarn { file("/var/log/cron/warnings"); }; destination cronerr { file("/var/log/cron/error"); }; destination kerninfo { file("/var/log/kernel/info"); }; destination kernwarn { file("/var/log/kernel/warnings"); }; destination kernerr { file("/var/log/kernel/error"); }; destination lprinfo { file("/var/log/lpr/info"); }; destination lprwarn { file("/var/log/lpr/warnings"); }; destination lprerr { file("/var/log/lpr/error"); }; destination newsinfo { file("/var/log/news/info"); }; destination newswarn { file("/var/log/news/warnings"); }; destination newserr { file("/var/log/news/error"); }; destination daemoninfo { file("/var/log/daemons/info"); }; destination daemonwarn { file("/var/log/daemons/warnings"); }; destination daemonerr { file("/var/log/daemons/error"); }; destination spool { file("/var/log/spooler"); }; destination boot { file("/var/log/boot.log"); }; destination mailall { usertty("*"); }; destination consoleall { file("/dev/tty12"); }; # destination for remote logs, change loghost to fqdn for remote host #destination loghost { udp("loghost" port(999)); }; # destination from remote hosts #destination remote_kern { file("/var/log/remote/remote_kernel.log"); }; #destination remote_daem { file("/var/log/remote/remote_daemon.log"); }; #destination remote_auth { file("/var/log/remote/remote_auth.log"); }; #destination remote_user { file("/var/log/remote/remote_user.log"); }; #destination remote_boot { file("/var/log/remote/remote_boot.log"); }; # Generic filters filter f_info { level(debug,info,notice); }; filter f_warn { level(warn); }; filter f_error { level(error); }; filter f_emergency { level(emerg); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_kernel { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_news { facility(news); }; filter f_daemon { facility(daemon); }; # Specific filters filter f_authonly { facility(auth,authpriv); }; filter f_user { facility(user); }; # Log anything (except mail) of level info or higher # Don't log private authentication messages filter f_mesgs { level(info..warn) and not facility(mail,authpriv); }; # authpriv logging (restricted) filter f_secure { facility(authpriv); }; filter f_spool { facility(uucp) or (facility(news) and level(crit)); }; filter f_boot { facility(local7); }; filter f_syslog { not facility(auth, authpriv); }; # Log to logfiles log { source(sys); filter(f_spool); destination(spool); }; log { source(sys); filter(f_boot); destination(boot); }; log { source(sys); filter(f_user); destination(user); }; log { source(sys); filter(f_secure); destination(secure); }; log { source(sys); filter(f_syslog); destination(syslog); }; log { source(sys); filter(f_mesgs); destination(mesg); }; log { source(sys); filter(f_authonly); destination(auth); }; log { source(sys); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(sys); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(sys); filter(f_mail); filter(f_error); destination(mailerr); }; log { source(sys); filter(f_cron); filter(f_info); destination(croninfo); }; log { source(sys); filter(f_cron); filter(f_warn); destination(cronwarn); }; log { source(sys); filter(f_cron); filter(f_error); destination(cronerr); }; log { source(sys); filter(f_kernel); filter(f_info); destination(kerninfo); }; log { source(sys); filter(f_kernel); filter(f_warn); destination(kernwarn); }; log { source(sys); filter(f_kernel); filter(f_error); destination(kernerr); }; log { source(sys); filter(f_lpr); filter(f_info); destination(lprinfo); }; log { source(sys); filter(f_lpr); filter(f_warn); destination(lprwarn); }; log { source(sys); filter(f_lpr); filter(f_error); destination(lprerr); }; log { source(sys); filter(f_news); filter(f_info); destination(newsinfo); }; log { source(sys); filter(f_news); filter(f_warn); destination(newswarn); }; log { source(sys); filter(f_news); filter(f_error); destination(newserr); }; log { source(sys); filter(f_daemon); filter(f_info); destination(daemoninfo); }; log { source(sys); filter(f_daemon); filter(f_warn); destination(daemonwarn); }; log { source(sys); filter(f_daemon); filter(f_error); destination(daemonerr); }; # Log to console log { source(sys); filter(f_emergency); destination(mailall); }; log { source(sys); destination(consoleall); }; # Logs from remote hosts #log { source(net); filter(f_kern); destination(remote_kern); }; #log { source(net); filter(f_daemon); destination(remote_daem); }; #log { source(net); filter(f_authonly); destination(remote_auth); }; #log { source(net); filter(f_user); destination(remote_user); }; #log { source(net); filter(f_boot); destination(remote_boot); };