Back to the main page

syslog-ng configuration file for client 


Here is the example of syslog-ng configuration file for a client. 
Please note that this client is not configured to work together with syslog-ng server from  this example .  
I guess they could, but I wrote these two pages totally separately with two different logging strategies. 

Anyway, they should still help you to get better understanding of syslog-ng and to learn on other people's ideas and examples. 

You can see that client doesn't have source to login from a network. 
There are many destinations, like console, sending message to root and logged-in user, local files and of course remote centralizes syslog-ng server. 

Filters try to emulate previously used /etc/syslog.conf file. 


# /usr/local/etc> cat syslog-ng.conf
@version: 3.0
##### this is conf file for client

# No Global options here, since they are defined on the server - syslog-ng

# Global options
# ----------------

options {
        ts_format(iso);
        keep_timestamp(no);
        create_dirs(yes);
        };

# ------------------------------------------------------------------------------
#                               Source
# 1. messages generated internally by syslog-ng
# 2. Driver for collecting messages on Solaris
# ------------------------------------------------------------------------------
source s_sys {
        internal();
        sun-streams("/dev/log" door("/etc/.syslog_door"));
        };

# ------------------------------------------------------------------------------
#                               Destinations
# ------------------------------------------------------------------------------

# --- Local console
destination d_local_console { file("/dev/sysmsg"); };

# --- root
destination d_local_terminal_root { usertty("root"); };

# --- all logged-in users
destination d_local_terminal_everyone { usertty("*"); };

# --- Local /var/log/syslog file
destination d_local_syslog_file { file("/var/log/syslog"); };

# --- Local /var/log/maillog file
destination d_local_maillog_file { file("/var/log/maillog"); };

# --- Local /var/log/authlog file
destination d_local_authlog_file { file("/var/log/authlog"); };

# --- syslog-dc host (X4200)
#
# this is when using new IETF-syslog protocol - will comment for now
#destination d_syslog-dc {
#                       syslog (
#                              "192.168.19.141"
#                               transport("tcp")
#                               port(514)
#                               );
#                       };
#
# this is when using BSD-syslog or legacy-syslog messages
# note: syslog-dc is hostname

destination d_syslog-dc { tcp ( "syslog-dc"); };

# ------------------------------------------------------------------------------
#                               Filters
# ------------------------------------------------------------------------------

# Local console and operator (root)
# ------------------------------------------------------------------
# Emulate our syslog.conf:
#       *.emerg                         *
#       *.alert                         root
#       *.err;kern.notice;auth.notice   /dev/sysmsg
#       *.info                          @loghost
#       *.info;kern.debug;auth.notice;mail.crit /var/log/syslog
#       mail.info                               /var/log/maillog
#       auth.info                               /var/log/authlog
# ------------------------------------------------------------------

filter f_local_terminal_everyone {
        host(record)
        and
        level(emerg);
        };

filter f_local_terminal_root {
        host(record)
        and
        level(alert..emerg);
        };

filter f_local_console {
        host(record)
        and
        (
        level(err..emerg)
        or
        ( level(notice..emerg) and facility(auth) )
        or
        ( level(notice..emerg) and facility(kern) )
        );
        };

filter f_local_syslog_file {
        host(record)
        and
        (
        level(info..emerg)
        or
        ( level(debug..emerg) and facility(kern) )
        or
        ( level(notice..emerg) and facility(auth) )
        or
        ( level(crit..emerg) and facility(mail) )
        );
        };

filter f_local_maillog_file {
        host(record)
        and
        ( level(info) and facility(mail) );
        };

filter f_local_authlog_file {
        host(record)
        and
        ( level(info) and facility(auth) );
        };

filter f_syslog-dc {
        host(record)
        and
        level(info);
        };

# ------------------------------------------------------------------------------
#                               Logging
# ------------------------------------------------------------------------------

# --- Local console, everyone logged-in and root
log { source(s_sys); filter(f_local_console); destination(d_local_console); };
log { source(s_sys); filter(f_local_terminal_everyone); destination(d_local_terminal_everyone); };
log { source(s_sys); filter(f_local_terminal_root); destination(d_local_terminal_root); };

# --- To local file /var/log/syslog
log { source(s_sys); filter(f_local_syslog_file); destination(d_local_syslog_file); };
# --- To local file /var/log/maillog
log { source(s_sys); filter(f_local_maillog_file); destination(d_local_maillog_file); };
# --- To local file /var/log/authlog
log { source(s_sys); filter(f_local_authlog_file); destination(d_local_authlog_file); };

# --- To syslog-dc
log { source(s_sys); filter(f_syslog-dc); destination(d_syslog-dc); };
Back to the main page