aboutsummaryrefslogtreecommitdiff
path: root/system/syslog-ng/syslog-ng.conf
blob: 8ef417f5692067026678294db75e378628ea67ac (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
@version: 3.10
@include "scl.conf"

# Drop-in replacement for a stock Slackware syslog.conf
# For info about the format of this file, see "man syslog-ng.conf"
# Written by Mario Preksavec <mario at slackware dot hr>
# Updated by Janos Szigetvari <jszigetvari at gmail dot com>
# Thanks to Andrea Biardi <a.biardi at tiscali dot it>

options {
	flush_lines(0);
	time_reopen(60);
	log_fifo_size(10240);
	log_msg_size(8192);
	chain_hostnames(no);
	use_dns(no);
	use_fqdn(no);
	create_dirs(yes);
	keep_hostname(yes);
	owner("root");
	group("root");
	perm(0640);
	dir_perm(0755);
	stats_freq(0);
	check_hostname(yes);
	dns_cache(no);
};

source s_system {
	internal();
	system();
};

filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); };
filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); };
filter f_debug { level(debug); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_mail { facility(mail); };
filter f_emerg { level(emerg); };
filter f_uucp { facility(uucp); };

destination d_messages { file("/var/log/messages"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_debug { file("/var/log/debug"); };
destination d_secure { file("/var/log/secure"); };
destination d_cron { file("/var/log/cron"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_usertty {
  usertty("*");
  # Notify all logged-in users; note that, although running as root,
  # syslog-ng drops some key capabilities at runtime, so the process
  # must belong to the tty group in order to be able to open /dev/tty*
  # and /dev/pts/* for writing.
  # This can be done either by running sylog-ng with "-g tty" or by
  # adding root to the "tty" group.
};
destination d_spooler { file("/var/log/spooler"); };

# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(s_system); filter(f_messages); destination(d_messages); };

# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
log { source(s_system); filter(f_syslog); destination(d_syslog); };

# Debugging information is logged here.
log { source(s_system); filter(f_debug); destination(d_debug); };

# Private authentication message logging:
log { source(s_system); filter(f_authpriv); destination(d_secure); };

# Cron related logs:
log { source(s_system); filter(f_cron); destination(d_cron); };

# Mail related logs:
log { source(s_system); filter(f_mail); destination(d_maillog); };

# Emergency level messages go to all users:
log { source(s_system); filter(f_emerg); destination(d_usertty); };

# This log is for news and uucp errors:
log { source(s_system); filter(f_uucp); destination(d_spooler); };

# Uncomment this to see kernel messages on the console.
#filter f_kern { facility(kern); };
#destination d_console { file("/dev/console"); };
#log { source(s_system); filter(f_kern); destination(d_console); };

# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#filter f_news_crit { facility(news) and level(crit); };
#filter f_news_err { facility(news) and level(err); };
#filter f_news_notice { facility(news) and level(notice); };
#destination d_news_crit { file("/var/log/news/news.crit"); };
#destination d_news_err { file("/var/log/news/news.err"); };
#destination d_news_notice { file("/var/log/news/news.notice"); };
#log { source(s_system); filter(f_news_crit); destination(d_news_crit); };
#log { source(s_system); filter(f_news_err); destination(d_news_err); };
#log { source(s_system); filter(f_news_notice); destination(f_news_notice); };