1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
@version: 3.10
@include "scl.conf"
# Drop-in replacement for a stock Slackware syslog.conf
# For info about the format of this file, see "man syslog-ng.conf"
# Written by Mario Preksavec <mario at slackware dot hr>
# Updated by Janos Szigetvari <jszigetvari at gmail dot com>
# Thanks to Andrea Biardi <a.biardi at tiscali dot it>
options {
flush_lines(0);
time_reopen(60);
log_fifo_size(10240);
log_msg_size(8192);
chain_hostnames(no);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
owner("root");
group("root");
perm(0640);
dir_perm(0755);
stats_freq(0);
check_hostname(yes);
dns_cache(no);
};
source s_system {
internal();
system();
};
filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); };
filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); };
filter f_debug { level(debug); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_mail { facility(mail); };
filter f_emerg { level(emerg); };
filter f_uucp { facility(uucp); };
destination d_messages { file("/var/log/messages"); };
destination d_syslog { file("/var/log/syslog"); };
destination d_debug { file("/var/log/debug"); };
destination d_secure { file("/var/log/secure"); };
destination d_cron { file("/var/log/cron"); };
destination d_maillog { file("/var/log/maillog"); };
destination d_usertty {
usertty("*");
# Notify all logged-in users; note that, although running as root,
# syslog-ng drops some key capabilities at runtime, so the process
# must belong to the tty group in order to be able to open /dev/tty*
# and /dev/pts/* for writing.
# This can be done either by running sylog-ng with "-g tty" or by
# adding root to the "tty" group.
};
destination d_spooler { file("/var/log/spooler"); };
# Log anything 'info' or higher, but lower than 'warn'.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
log { source(s_system); filter(f_messages); destination(d_messages); };
# Log anything 'warn' or higher.
# Exclude authpriv, cron, mail, and news. These are logged elsewhere.
log { source(s_system); filter(f_syslog); destination(d_syslog); };
# Debugging information is logged here.
log { source(s_system); filter(f_debug); destination(d_debug); };
# Private authentication message logging:
log { source(s_system); filter(f_authpriv); destination(d_secure); };
# Cron related logs:
log { source(s_system); filter(f_cron); destination(d_cron); };
# Mail related logs:
log { source(s_system); filter(f_mail); destination(d_maillog); };
# Emergency level messages go to all users:
log { source(s_system); filter(f_emerg); destination(d_usertty); };
# This log is for news and uucp errors:
log { source(s_system); filter(f_uucp); destination(d_spooler); };
# Uncomment this to see kernel messages on the console.
#filter f_kern { facility(kern); };
#destination d_console { file("/dev/console"); };
#log { source(s_system); filter(f_kern); destination(d_console); };
# Uncomment these if you'd like INN to keep logs on everything.
# You won't need this if you don't run INN (the InterNetNews daemon).
#filter f_news_crit { facility(news) and level(crit); };
#filter f_news_err { facility(news) and level(err); };
#filter f_news_notice { facility(news) and level(notice); };
#destination d_news_crit { file("/var/log/news/news.crit"); };
#destination d_news_err { file("/var/log/news/news.err"); };
#destination d_news_notice { file("/var/log/news/news.notice"); };
#log { source(s_system); filter(f_news_crit); destination(d_news_crit); };
#log { source(s_system); filter(f_news_err); destination(d_news_err); };
#log { source(s_system); filter(f_news_notice); destination(f_news_notice); };
|