######################################## # Syslog-ng service configuration # # Operating system: MythDora 10.21 # Hostname: server.test.com # IP address: NA # Maintainer: NA # Last modified: March 9, 2010 ######################################## #################### # Options #################### options { keep_hostname(yes); long_hostnames(off); sync(0); }; #################### # Sources #################### source local { internal(); file("/proc/kmsg" log_prefix("kernel: ")); unix-stream("dev/log"); }; #################### # Destinations #################### destination all { file("/var/log/all.log"); }; destination la_sudo { file("/var/log/sudo.log"); }; destination ld_crond { file("/var/log/crond.log"); }; destination ld_sshd { file("/var/log/sshd.log"); }; destination ls_kernel { file("/var/log/kernel.log"); }; #################### # Filters #################### filter fa_sudo { match("sudo:"); }; filter fd_crond { match("crond[\[0-9]+\]"); }; filter fd_sshd { match("sshd[\[0-9]+\]") and (match("Server listening") or match("Connection from") or match("client software version") or match("Accepted password") or match("Failed password") or match("Connection closed") or match("Closing connection") or match("subsystem request") or match("Received signal 15")); }; filter fs_kernel { match("kernel:"); }; filter f_server { host("server"); }; filter f_terms { not match("sudo:") and not match("crond[\[0-9]+\]") and not match("CROND[\[0-9]+\]") and not match("sshd[\[0-9]+\]") and not match("syslog-ng[\[0-9]+\]") and not match("kernel:"); }; #################### # Logs #################### log { source(local); filter(f_server); filter(f_terms); destination(all); }; log { source(local); filter(f_server); filter(fa_sudo); destination(la_sudo); }; log { source(local); filter(f_server); filter(fd_crond); destination(ld_crond); }; log { source(local); filter(f_server); filter(fd_sshd); destination(ld_sshd); }; log { source(local); filter(f_server); filter(fs_kernel); destination(ls_kernel); };