# /usr/local/etc> cat syslog-ng.conf
@version: 3.0
##### this is conf file for client
# No Global options here, since they are defined on the server - syslog-ng
# Global options
# ----------------
options {
ts_format(iso);
keep_timestamp(no);
create_dirs(yes);
};
# ------------------------------------------------------------------------------
# Source
# 1. messages generated internally by syslog-ng
# 2. Driver for collecting messages on Solaris
# ------------------------------------------------------------------------------
source s_sys {
internal();
sun-streams("/dev/log" door("/etc/.syslog_door"));
};
# ------------------------------------------------------------------------------
# Destinations
# ------------------------------------------------------------------------------
# --- Local console
destination d_local_console { file("/dev/sysmsg"); };
# --- root
destination d_local_terminal_root { usertty("root"); };
# --- all logged-in users
destination d_local_terminal_everyone { usertty("*"); };
# --- Local /var/log/syslog file
destination d_local_syslog_file { file("/var/log/syslog"); };
# --- Local /var/log/maillog file
destination d_local_maillog_file { file("/var/log/maillog"); };
# --- Local /var/log/authlog file
destination d_local_authlog_file { file("/var/log/authlog"); };
# --- syslog-dc host (X4200)
#
# this is when using new IETF-syslog protocol - will comment for now
#destination d_syslog-dc {
# syslog (
# "192.168.19.141"
# transport("tcp")
# port(514)
# );
# };
#
# this is when using BSD-syslog or legacy-syslog messages
# note: syslog-dc is hostname
destination d_syslog-dc { tcp ( "syslog-dc"); };
# ------------------------------------------------------------------------------
# Filters
# ------------------------------------------------------------------------------
# Local console and operator (root)
# ------------------------------------------------------------------
# Emulate our syslog.conf:
# *.emerg *
# *.alert root
# *.err;kern.notice;auth.notice /dev/sysmsg
# *.info @loghost
# *.info;kern.debug;auth.notice;mail.crit /var/log/syslog
# mail.info /var/log/maillog
# auth.info /var/log/authlog
# ------------------------------------------------------------------
filter f_local_terminal_everyone {
host(record)
and
level(emerg);
};
filter f_local_terminal_root {
host(record)
and
level(alert..emerg);
};
filter f_local_console {
host(record)
and
(
level(err..emerg)
or
( level(notice..emerg) and facility(auth) )
or
( level(notice..emerg) and facility(kern) )
);
};
filter f_local_syslog_file {
host(record)
and
(
level(info..emerg)
or
( level(debug..emerg) and facility(kern) )
or
( level(notice..emerg) and facility(auth) )
or
( level(crit..emerg) and facility(mail) )
);
};
filter f_local_maillog_file {
host(record)
and
( level(info) and facility(mail) );
};
filter f_local_authlog_file {
host(record)
and
( level(info) and facility(auth) );
};
filter f_syslog-dc {
host(record)
and
level(info);
};
# ------------------------------------------------------------------------------
# Logging
# ------------------------------------------------------------------------------
# --- Local console, everyone logged-in and root
log { source(s_sys); filter(f_local_console); destination(d_local_console); };
log { source(s_sys); filter(f_local_terminal_everyone); destination(d_local_terminal_everyone); };
log { source(s_sys); filter(f_local_terminal_root); destination(d_local_terminal_root); };
# --- To local file /var/log/syslog
log { source(s_sys); filter(f_local_syslog_file); destination(d_local_syslog_file); };
# --- To local file /var/log/maillog
log { source(s_sys); filter(f_local_maillog_file); destination(d_local_maillog_file); };
# --- To local file /var/log/authlog
log { source(s_sys); filter(f_local_authlog_file); destination(d_local_authlog_file); };
# --- To syslog-dc
log { source(s_sys); filter(f_syslog-dc); destination(d_syslog-dc); };
|