36dc0b3c5a
syslogd. Features include: - ability to filter messages based on content using regular expressions - forwarding logs on TCP WWW: http://www.balabit.com/products/syslog_ng/ -Vince Valenti vince@blue-box.net PR: ports/105370 Submitted by: Ivan Lago <ivan.lago at ifom-ieo-campus.it>
181 lines
5.4 KiB
Text
181 lines
5.4 KiB
Text
#
|
|
# This sample configuration file is essentially equilivent to the stock
|
|
# FreeBSD /etc/syslog.conf file.
|
|
#
|
|
|
|
#
|
|
# options
|
|
#
|
|
options { long_hostnames(off); sync(0); };
|
|
|
|
#
|
|
# sources
|
|
#
|
|
source src { unix-dgram("/var/run/log");
|
|
unix-dgram("/var/run/logpriv" perm(0600));
|
|
udp(); internal(); file("/dev/klog"); };
|
|
|
|
#
|
|
# destinations
|
|
#
|
|
destination messages { file("/var/log/messages"); };
|
|
destination security { file("/var/log/security"); };
|
|
destination authlog { file("/var/log/auth.log"); };
|
|
destination maillog { file("/var/log/maillog"); };
|
|
destination lpd-errs { file("/var/log/lpd-errs"); };
|
|
destination xferlog { file("/var/log/xferlog"); };
|
|
destination cron { file("/var/log/cron"); };
|
|
destination debuglog { file("/var/log/debug.log"); };
|
|
destination consolelog { file("/var/log/console.log"); };
|
|
destination all { file("/var/log/all.log"); };
|
|
destination newscrit { file("/var/log/news/news.crit"); };
|
|
destination newserr { file("/var/log/news/news.err"); };
|
|
destination newsnotice { file("/var/log/news/news.notice"); };
|
|
destination slip { file("/var/log/slip.log"); };
|
|
destination ppp { file("/var/log/ppp.log"); };
|
|
destination console { file("/dev/console"); };
|
|
destination allusers { usertty("*"); };
|
|
#destination loghost { udp("loghost" port(514)); };
|
|
|
|
#
|
|
# log facility filters
|
|
#
|
|
filter f_auth { facility(auth); };
|
|
filter f_authpriv { facility(authpriv); };
|
|
filter f_not_authpriv { not facility(authpriv); };
|
|
filter f_console { facility(console); };
|
|
filter f_cron { facility(cron); };
|
|
filter f_daemon { facility(daemon); };
|
|
filter f_ftp { facility(ftp); };
|
|
filter f_kern { facility(kern); };
|
|
filter f_lpr { facility(lpr); };
|
|
filter f_mail { facility(mail); };
|
|
filter f_news { facility(news); };
|
|
filter f_security { facility(security); };
|
|
filter f_user { facility(user); };
|
|
filter f_uucp { facility(uucp); };
|
|
filter f_local0 { facility(local0); };
|
|
filter f_local1 { facility(local1); };
|
|
filter f_local2 { facility(local2); };
|
|
filter f_local3 { facility(local3); };
|
|
filter f_local4 { facility(local4); };
|
|
filter f_local5 { facility(local5); };
|
|
filter f_local6 { facility(local6); };
|
|
filter f_local7 { facility(local7); };
|
|
|
|
#
|
|
# log level filters
|
|
#
|
|
filter f_emerg { level(emerg); };
|
|
filter f_alert { level(alert..emerg); };
|
|
filter f_crit { level(crit..emerg); };
|
|
filter f_err { level(err..emerg); };
|
|
filter f_warning { level(warning..emerg); };
|
|
filter f_notice { level(notice..emerg); };
|
|
filter f_info { level(info..emerg); };
|
|
filter f_debug { level(debug..emerg); };
|
|
filter f_is_debug { level(debug); };
|
|
|
|
#
|
|
# program filters
|
|
#
|
|
filter f_ppp { program("ppp"); };
|
|
filter f_slip { program("startslip"); };
|
|
|
|
#
|
|
# *.err;kern.warning;auth.notice;mail.crit /dev/console
|
|
#
|
|
log { source(src); filter(f_err); destination(console); };
|
|
log { source(src); filter(f_kern); filter(f_warning); destination(console); };
|
|
log { source(src); filter(f_auth); filter(f_notice); destination(console); };
|
|
log { source(src); filter(f_mail); filter(f_crit); destination(console); };
|
|
|
|
#
|
|
# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
|
|
#
|
|
log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };
|
|
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
|
|
log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
|
|
log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
|
|
log { source(src); filter(f_news); filter(f_err); destination(messages); };
|
|
|
|
#
|
|
# security.* /var/log/security
|
|
#
|
|
log { source(src); filter(f_security); destination(security); };
|
|
|
|
#
|
|
# auth.info;authpriv.info /var/log/auth.log
|
|
log { source(src); filter(f_auth); filter(f_info); destination(authlog); };
|
|
log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };
|
|
|
|
#
|
|
# mail.info /var/log/maillog
|
|
#
|
|
log { source(src); filter(f_mail); filter(f_info); destination(maillog); };
|
|
|
|
#
|
|
# lpr.info /var/log/lpd-errs
|
|
#
|
|
log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };
|
|
|
|
#
|
|
# ftp.info /var/log/xferlog
|
|
#
|
|
log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };
|
|
|
|
#
|
|
# cron.* /var/log/cron
|
|
#
|
|
log { source(src); filter(f_cron); destination(cron); };
|
|
|
|
#
|
|
# *.=debug /var/log/debug.log
|
|
#
|
|
log { source(src); filter(f_is_debug); destination(debuglog); };
|
|
|
|
#
|
|
# *.emerg *
|
|
#
|
|
log { source(src); filter(f_emerg); destination(allusers); };
|
|
|
|
#
|
|
# uncomment this to log all writes to /dev/console to /var/log/console.log
|
|
# console.info /var/log/console.log
|
|
#
|
|
#log { source(src); filter(f_console); filter(f_info); destination(consolelog); };
|
|
|
|
#
|
|
# uncomment this to enable logging of all log messages to /var/log/all.log
|
|
# touch /var/log/all.log and chmod it to mode 600 before it will work
|
|
# *.* /var/log/all.log
|
|
#
|
|
#log { source(src); destination(all); };
|
|
|
|
#
|
|
# uncomment this to enable logging to a remote loghost named loghost
|
|
# *.* @loghost
|
|
#
|
|
#log { source(src); destination(loghost); };
|
|
|
|
#
|
|
# uncomment these if you're running inn
|
|
# news.crit /var/log/news/news.crit
|
|
# news.err /var/log/news/news.err
|
|
# news.notice /var/log/news/news.notice
|
|
#
|
|
#log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
|
|
#log { source(src); filter(f_news); filter(f_err); destination(newserr); };
|
|
#log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
|
|
|
|
#
|
|
# !startslip
|
|
# *.* /var/log/slip.log
|
|
#
|
|
log { source(src); filter(f_slip); destination(slip); };
|
|
|
|
#
|
|
# !ppp
|
|
# *.* /var/log/ppp.log
|
|
#
|
|
log { source(src); filter(f_ppp); destination(ppp); };
|