@version: 4.3 @include "scl.conf" # syslog-ng configuration file. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # Note: It also sources additional configuration files (*.conf) # located in /etc/syslog-ng/conf.d/. # # Options # options { # Create destination directories if missing. create_dirs(yes); # The default action of syslog-ng is to log a MARK line to the file every # 20 minutes. That's seems high for most people so turn it down to once an # hour. Set it to zero if you don't want the functionality at all. mark_freq(3600); # The default action of syslog-ng is to log a STATS line to the file every # 10 minutes. That's pretty ugly after a while. Change it to every 12 hours # so you get a nice daily update of how many messages syslog-ng missed (0). stats(freq(43200)); # Time to wait before a died connection is re-established (default is 60). time_reopen(5); # Disable DNS usage. # syslog-ng blocks on DNS queries, so enabling DNS may lead to a DoS attack. use_dns(no); dns-cache(no); # Default owner, group, and permissions for log files. owner(root); group(adm); perm(0640); # Default permissions for created directories. dir_perm(0755); }; # # Templates # template t_file { template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n"); }; # # Sources # source s_sys { # Standard system log source. system(); # Messages generated by syslog-ng. internal(); }; # # Destinations # destination d_auth { file("/var/log/auth.log" template(t_file)); }; destination d_boot { file("/var/log/boot.log" template(t_file)); }; destination d_cron { file("/var/log/cron.log" template(t_file)); }; destination d_kern { file("/var/log/kern.log" template(t_file)); }; destination d_mail { file("/var/log/mail.log" template(t_file) flush_lines(10)); }; destination d_mesg { file("/var/log/messages" template(t_file)); }; # Send messages to console of everyone logged in. destination d_cons_all { usertty("*"); }; # Send message to the root's console. destination d_cons_root { usertty("root"); }; # # Filters # filter f_auth { facility(auth, authpriv); }; filter f_boot { facility(local7); }; filter f_cron { facility(cron); }; filter f_emerg { level(emerg); }; filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; filter f_default { level(info..emerg) and not (facility(auth) or facility(authpriv) or facility(cron) or facility(kern) or facility(mail)); }; # # Logs # log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_boot); destination(d_boot); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_emerg); destination(d_cons_root); }; log { source(s_sys); filter(f_kern); destination(d_kern); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; # Source additional configuration files (.conf extension only) @include "/etc/syslog-ng/conf.d/*.conf"