source: trunk/lvs/debian/config/etc/syslog-ng/syslog-ng.conf @ 1609

Last change on this file since 1609 was 1609, checked in by ezyang, 11 years ago
Take syslog-ng update.
File size: 9.7 KB
Line 
1#
2# Configuration file for syslog-ng under Debian
3#
4# attempts at reproducing default syslog behavior
5
6# the standard syslog levels are (in descending order of priority):
7# emerg alert crit err warning notice info debug
8# the aliases "error", "panic", and "warn" are deprecated
9# the "none" priority found in the original syslogd configuration is
10# only used in internal messages created by syslogd
11
12
13######
14# options
15
16options {
17        # disable the chained hostname format in logs
18        # (default is enabled)
19        chain_hostnames(0);
20
21        # the time to wait before a died connection is re-established
22        # (default is 60)
23        time_reopen(10);
24
25        # the time to wait before an idle destination file is closed
26        # (default is 60)
27        time_reap(360);
28
29        # the number of lines buffered before written to file
30        # you might want to increase this if your disk isn't catching with
31        # all the log messages you get or if you want less disk activity
32        # (say on a laptop)
33        # (default is 0)
34        #sync(0);
35
36        # the number of lines fitting in the output queue
37        log_fifo_size(2048);
38
39        # enable or disable directory creation for destination files
40        create_dirs(yes);
41
42        # default owner, group, and permissions for log files
43        # (defaults are 0, 0, 0600)
44        #owner(root);
45        group(adm);
46        perm(0640);
47
48        # default owner, group, and permissions for created directories
49        # (defaults are 0, 0, 0700)
50        #dir_owner(root);
51        #dir_group(root);
52        dir_perm(0755);
53
54        # enable or disable DNS usage
55        # syslog-ng blocks on DNS queries, so enabling DNS may lead to
56        # a Denial of Service attack
57        # (default is yes)
58        use_dns(no);
59
60        # maximum length of message in bytes
61        # this is only limited by the program listening on the /dev/log Unix
62        # socket, glibc can handle arbitrary length log messages, but -- for
63        # example -- syslogd accepts only 1024 bytes
64        # (default is 2048)
65        #log_msg_size(2048);
66
67        #Disable statistic log messages.
68        stats_freq(0);
69
70        # Some program send log messages through a private implementation.
71        # and sometimes that implementation is bad. If this happen syslog-ng
72        # may recognise the program name as hostname. Whit this option
73        # we tell the syslog-ng that if a hostname match this regexp than that
74        # is not a real hostname.
75        bad_hostname("^gconfd$");
76};
77
78
79######
80# sources
81
82# all known message sources
83source s_all {
84        # message generated by Syslog-NG
85        internal();
86        # standard Linux log source (this is the default place for the syslog()
87        # function to send logs to)
88        unix-stream("/dev/log");
89        # messages from the kernel
90        file("/proc/kmsg" log_prefix("kernel: "));
91        # use the following line if you want to receive remote UDP logging messages
92        # (this is equivalent to the "-r" syslogd flag)
93        # udp();
94};
95
96
97######
98# destinations
99
100# some standard log files
101destination df_auth { file("/var/log/auth.log"); };
102destination df_syslog { file("/var/log/syslog"); };
103destination df_cron { file("/var/log/cron.log"); };
104destination df_daemon { file("/var/log/daemon.log"); };
105destination df_kern { file("/var/log/kern.log"); };
106destination df_lpr { file("/var/log/lpr.log"); };
107destination df_mail { file("/var/log/mail.log"); };
108destination df_user { file("/var/log/user.log"); };
109destination df_uucp { file("/var/log/uucp.log"); };
110
111# these files are meant for the mail system log files
112# and provide re-usable destinations for {mail,cron,...}.info,
113# {mail,cron,...}.notice, etc.
114destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
115destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
116destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
117destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
118destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
119
120# these files are meant for the news system, and are kept separated
121# because they should be owned by "news" instead of "root"
122destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
123destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
124destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
125
126# some more classical and useful files found in standard syslog configurations
127destination df_debug { file("/var/log/debug"); };
128destination df_messages { file("/var/log/messages"); };
129
130# pipes
131# a console to view log messages under X
132destination dp_xconsole { pipe("/dev/xconsole"); };
133
134# consoles
135# this will send messages to everyone logged in
136destination du_all { usertty("*"); };
137
138
139######
140# filters
141
142# all messages from the auth and authpriv facilities
143filter f_auth { facility(auth, authpriv); };
144
145# all messages except from the auth and authpriv facilities
146filter f_syslog { not facility(auth, authpriv); };
147
148# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
149# and uucp facilities
150filter f_cron { facility(cron); };
151filter f_daemon { facility(daemon); };
152filter f_kern { facility(kern); };
153filter f_lpr { facility(lpr); };
154filter f_mail { facility(mail); };
155filter f_news { facility(news); };
156filter f_user { facility(user); };
157filter f_uucp { facility(uucp); };
158
159# some filters to select messages of priority greater or equal to info, warn,
160# and err
161# (equivalents of syslogd's *.info, *.warn, and *.err)
162filter f_at_least_info { level(info..emerg); };
163filter f_at_least_notice { level(notice..emerg); };
164filter f_at_least_warn { level(warn..emerg); };
165filter f_at_least_err { level(err..emerg); };
166filter f_at_least_crit { level(crit..emerg); };
167
168# all messages of priority debug not coming from the auth, authpriv, news, and
169# mail facilities
170filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
171
172# all messages of info, notice, or warn priority not coming form the auth,
173# authpriv, cron, daemon, mail, and news facilities
174filter f_messages {
175        level(info,notice,warn)
176            and not facility(auth,authpriv,cron,daemon,mail,news);
177};
178
179# messages with priority emerg
180filter f_emerg { level(emerg); };
181
182# complex filter for messages usually sent to the xconsole
183filter f_xconsole {
184    facility(daemon,mail)
185        or level(debug,info,notice,warn)
186        or (facility(news)
187                and level(crit,err,notice));
188};
189
190
191######
192# logs
193# order matters if you use "flags(final);" to mark the end of processing in a
194# "log" statement
195
196# these rules provide the same behavior as the commented original syslogd rules
197
198# auth,authpriv.*                 /var/log/auth.log
199log {
200        source(s_all);
201        filter(f_auth);
202        destination(df_auth);
203};
204
205# *.*;auth,authpriv.none          -/var/log/syslog
206log {
207        source(s_all);
208        filter(f_syslog);
209        destination(df_syslog);
210};
211
212# this is commented out in the default syslog.conf
213# cron.*                         /var/log/cron.log
214#log {
215#        source(s_all);
216#        filter(f_cron);
217#        destination(df_cron);
218#};
219
220# daemon.*                        -/var/log/daemon.log
221log {
222        source(s_all);
223        filter(f_daemon);
224        destination(df_daemon);
225};
226
227# kern.*                          -/var/log/kern.log
228log {
229        source(s_all);
230        filter(f_kern);
231        destination(df_kern);
232};
233
234# lpr.*                           -/var/log/lpr.log
235log {
236        source(s_all);
237        filter(f_lpr);
238        destination(df_lpr);
239};
240
241# mail.*                          -/var/log/mail.log
242log {
243        source(s_all);
244        filter(f_mail);
245        destination(df_mail);
246};
247
248# user.*                          -/var/log/user.log
249log {
250        source(s_all);
251        filter(f_user);
252        destination(df_user);
253};
254
255# uucp.*                          /var/log/uucp.log
256log {
257        source(s_all);
258        filter(f_uucp);
259        destination(df_uucp);
260};
261
262# mail.info                       -/var/log/mail.info
263log {
264        source(s_all);
265        filter(f_mail);
266        filter(f_at_least_info);
267        destination(df_facility_dot_info);
268};
269
270# mail.warn                       -/var/log/mail.warn
271log {
272        source(s_all);
273        filter(f_mail);
274        filter(f_at_least_warn);
275        destination(df_facility_dot_warn);
276};
277
278# mail.err                        /var/log/mail.err
279log {
280        source(s_all);
281        filter(f_mail);
282        filter(f_at_least_err);
283        destination(df_facility_dot_err);
284};
285
286# news.crit                       /var/log/news/news.crit
287log {
288        source(s_all);
289        filter(f_news);
290        filter(f_at_least_crit);
291        destination(df_news_dot_crit);
292};
293
294# news.err                        /var/log/news/news.err
295log {
296        source(s_all);
297        filter(f_news);
298        filter(f_at_least_err);
299        destination(df_news_dot_err);
300};
301
302# news.notice                     /var/log/news/news.notice
303log {
304        source(s_all);
305        filter(f_news);
306        filter(f_at_least_notice);
307        destination(df_news_dot_notice);
308};
309
310
311# *.=debug;\
312#         auth,authpriv.none;\
313#         news.none;mail.none     -/var/log/debug
314log {
315        source(s_all);
316        filter(f_debug);
317        destination(df_debug);
318};
319
320
321# *.=info;*.=notice;*.=warn;\
322#         auth,authpriv.none;\
323#         cron,daemon.none;\
324#         mail,news.none          -/var/log/messages
325log {
326        source(s_all);
327        filter(f_messages);
328        destination(df_messages);
329};
330
331# *.emerg                         *
332log {
333        source(s_all);
334        filter(f_emerg);
335        destination(du_all);
336};
337
338
339# daemon.*;mail.*;\
340#         news.crit;news.err;news.notice;\
341#         *.=debug;*.=info;\
342#         *.=notice;*.=warn       |/dev/xconsole
343log {
344        source(s_all);
345        filter(f_xconsole);
346        destination(dp_xconsole);
347};
348
Note: See TracBrowser for help on using the repository browser.