main/syslog-ng/syslog-ng.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

@version:3.22
@include "scl.conf"

# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: It also sources additional configuration files (*.conf)
#	   located in /etc/syslog-ng/conf.d/.

#
# Options
#
options {
	# Create destination directories if missing.
	create_dirs(yes);

	# The default action of syslog-ng is to log a MARK line to the file every
	# 20 minutes. That's seems high for most people so turn it down to once an
	# hour. Set it to zero if you don't want the functionality at all.
	mark_freq(3600);

	# The default action of syslog-ng is to log a STATS line to the file every
	# 10 minutes. That's pretty ugly after a while. Change it to every 12 hours
	# so you get a nice daily update of how many messages syslog-ng missed (0).
	stats_freq(43200);

	# Time to wait before a died connection is re-established (default is 60).
	time_reopen(5);

	# Disable DNS usage.
	# syslog-ng blocks on DNS queries, so enabling DNS may lead to a DoS attack.
	use_dns(no);
	dns-cache(no);

	# Default owner, group, and permissions for log files.
	owner(root);
	group(adm);
	perm(0640);

	# Default permissions for created directories.
	dir_perm(0755);
};


#
# Templates
#

template t_file {
	template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n");
};


#
# Sources
#

source s_sys {
	# Standard system log source.
	system();

	# Messages generated by syslog-ng.
	internal();
};


#
# Destinations
#

destination d_auth { file("/var/log/auth.log" template(t_file)); };
destination d_boot { file("/var/log/boot.log" template(t_file)); };
destination d_cron { file("/var/log/cron.log" template(t_file)); };
destination d_kern { file("/var/log/kern.log" template(t_file)); };
destination d_mail { file("/var/log/mail.log" template(t_file) flush_lines(10)); };
destination d_mesg { file("/var/log/messages" template(t_file)); };

# Send messages to console of everyone logged in.
destination d_cons_all { usertty("*"); };

# Send message to the root's console.
destination d_cons_root { usertty("root"); };


#
# Filters
#

filter f_auth { facility(auth, authpriv); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
filter f_emerg { level(emerg); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };

filter f_default {
	level(info..emerg)
	and not (facility(auth)
		or facility(authpriv)
		or facility(cron)
		or facility(kern)
		or facility(mail));
};


#
# Logs
#

log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
log { source(s_sys); filter(f_emerg); destination(d_cons_root); };
log { source(s_sys); filter(f_kern); destination(d_kern); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_default); destination(d_mesg); };

# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"