# $Id$ # # Central loghost syslog-ng configuration. options { log_fifo_size(8192); # garden gnomes shouldn't log (Gnome has a buggy log implementation) # needs to be set on client systems, too... bad_hostname("gconfd"); use_time_recvd(no); group(logs); create_dirs(yes); dir_group(logs); dir_perm(0750); perm(0640); chain_hostnames(no); keep_hostname(yes); stats(3600); use_fqdn(yes); }; # TODO look into enabling 'keep-alive' or 'tcp-keep-alive' on both # client and server systems to avoid prior connections lingering? source local { unix-stream("/dev/log"); udp(ip(0.0.0.0) port(514)); tcp(ip(0.0.0.0) port(5149) max-connections(333)); internal(); }; filter emergency { level(emerg); }; destination users { usertty("*"); }; log { source(local); filter(emergency); destination(users); }; filter f_1 { level(debug...emerg); }; destination d_1 { file("/var/log/everything" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; log { source(local); filter(f_1); destination(d_1); }; # Windows logs to custom location (via Snare Agent, see [GS #1518]) filter windows { program(MSWinEventLog); }; destination windows { file("/var/log/archive/windows/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; log { source(local); filter(windows); destination(windows); flags(final); }; filter f_2 { level(info...emerg); }; filter f_3 { not facility(mail); }; destination d_2 { file("/var/log/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; log { source(local); filter(f_2); filter(f_3); destination(d_2); }; filter f_5 { facility(mail) and level(debug...emerg); }; destination d_3 { file("/var/log/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY" template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no) ); }; log { source(local); filter(f_5); destination(d_3); };