• Announcements

    • dennis

      Welcome to theZAh   06/09/2016

      Enjoy the site and let us know if you find anything not appropriate... silly spammers.
Sign in to follow this  
Followers 0
dennis

Example syslog-ng.conf

1 post in this topic

This is what I have working at the moment. All the remote devices just point to ubuntu box that is running syslog-ng

$ cat /etc/syslog-ng/syslog-ng.conf
@version: 3.5
@include "scl.conf"
@include "`scl-root`/system/tty10.conf"

# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.

# First, set some global options.
options {
  flush_lines(0);
  use_dns(persist_only);
  use_fqdn(yes);
  owner(root);
  group(adm);
  perm(0640);
  stats_freq(0);
  bad_hostname("^gconfd$");
  normalize_hostnames(yes);
  keep_hostname(yes);
  create_dirs(yes);
  };

########################
# Sources
########################
source s_local   {
                   system();
                   internal();
                 };
source s_stunnel {
#                   tcp(ip("127.0.0.1")
                   tcp(
                   port(1000)
                   max-connections(100));
                 };

source s_udp     { udp(); };

########################
# Filters
########################
filter f_emerg   { level (emerg);            };
filter f_alert   { level (alert .. emerg);   };
filter f_crit    { level (crit .. emerg);    };
filter f_err     { level (err .. emerg);     };
filter f_warning { level (warning .. emerg); };
filter f_notice  { level (notice .. emerg);  };
filter f_info    { level (info .. emerg);    };
filter f_debug   { level (debug .. emerg);   };

# Facility Filters
filter f_kern   { facility (kern);   };
filter f_user   { facility (user);   };
filter f_mail   { facility (mail);   };
filter f_daemon { facility (daemon); };
filter f_auth   { facility (auth);   };
filter f_syslog { facility (syslog); };
filter f_lpr    { facility (lpr);    };
filter f_news   { facility (news);   };
filter f_uucp   { facility (uucp);   };
filter f_cron   { facility (cron);   };
filter f_local0 { facility (local0); };
filter f_local1 { facility (local1); };
filter f_local2 { facility (local2); };
filter f_local3 { facility (local3); };
filter f_local4 { facility (local4); };
filter f_local5 { facility (local5); };
filter f_local6 { facility (local6); };
filter f_local7 { facility (local7); };

# Custom Filters
filter f_user_none     { not facility (user);                     };
filter f_kern_debug    { filter (f_kern) and filter (f_debug);    };
filter f_daemon_notice { filter (f_daemon) and filter (f_notice); };
filter f_mail_crit     { filter (f_mail) and filter (f_crit);     };
filter f_mesg          { filter (f_kern_debug) or
                         filter (f_daemon_notice) or
                         filter (f_mail_crit);                    };
filter f_authinfo      { filter (f_auth) or program (sudo);       };

########################
# Destinations
########################
destination l_authlog  { file ("/var/log/authlog");   };
destination l_messages { file ("/var/log/messages");  };
destination l_maillog  { file ("/var/log/maillog");   };
destination l_info  { file ("/var/log/info");   };
destination l_ipflog   { file ("/var/log/ipflog");    };
#destination l_debug   { file ("/var/log/debug");    };
destination l_imaplog  { file ("/var/log/imaplog");   };
destination l_syslog   { file ("/var/log/syslog");    };

destination l_console  { file ("/dev/console");       };

destination r_authlog  { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/authlog");    };
destination r_messages { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/messages");   };
destination r_maillog  { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/maillog");    };
destination r_info  { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/info");    };
destination r_ipflog   { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/ipflog");     };
#destination r_debug   { file
#  ("/var/log/clients/$YEAR/$MONTH/$HOST/debug");     };
destination r_imaplog  { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/imaplog");    };
destination r_console  { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/consolelog"); };
destination r_syslog   { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/syslog");     };
destination r_fallback { file
  ("/var/log/clients/$YEAR/$MONTH/$HOST/$FACILITY-$LEVEL"); };

########################
# Log paths
########################
# Local sources
log { source (s_local); filter (f_authinfo);  destination (l_authlog);  };
log { source (s_local); filter (f_mail);     destination (l_maillog);  };
log { source (s_local); filter (f_info);     destination (l_info);  };
log { source (s_local); filter (f_local0);   destination (l_ipflog);   };
#log { source (s_local); filter (f_debug);   destination (l_debug);   };
log { source (s_local); filter (f_local1);   destination (l_imaplog);  };
log { source (s_local); filter (f_syslog);   destination (l_syslog);   };
log { source (s_local); filter (f_emerg); filter (f_user_none);
                                             destination (l_console);  };
log { source (s_local); filter (f_mesg);  filter (f_user_none);
                                             destination (l_messages); };

# All sources, since we want to archive local and remote logs
log { source (s_local); source (s_stunnel); filter (f_authinfo);
     destination (r_authlog);   };
log { source (s_local); source (s_stunnel); filter (f_mail);
     destination (r_maillog);   };
log { source (s_local); source (s_stunnel); filter (f_info);
   destination (r_info);      };
log { source (s_local); source (s_stunnel); filter (f_local0);
   destination (r_ipflog);      };
#log { source (s_local); source (s_stunnel); filter (f_debug);
#   destination (r_debug);      };
log { source (s_local); source (s_stunnel); filter (f_local1);
   destination (r_imaplog);     };
log { source (s_local); source (s_stunnel); filter (f_syslog);
   destination (r_syslog);      };
log { source (s_local); source (s_stunnel); filter (f_emerg);
      filter (f_user_none);
      destination (l_console);  };
log { source (s_local); source (s_stunnel); filter (f_mesg);
   filter (f_user_none);
      destination (l_messages); };

###
# Include all config files in /etc/syslog-ng/conf.d/
###
@include "/etc/syslog-ng/conf.d/*.conf"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0