Portál AbcLinuxu, 5. května 2025 10:08
27.10.2007 02:58
David Heidelberg | skóre: 46
| blog: blog_
# Global options
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
stats (3600);
};
# Define local system
source s_sys {
pipe ( "/proc/kmsg" log_prefix ( "kernel: " ) );
unix-stream ( "/dev/log" );
internal();
};
# Define network
source s_net { udp (); };
# The following logging has been designed to roughly mimick RHEL4s standard
# /etc/syslog.conf. We are logging *everything* to the /var/syslog-ng filesystem
# from this system, but still want to maintain traditional local logs.
# Define local destinations
destination d_cons { file ( "/dev/console" ); };
destination d_mesg { file ( "/var/log/messages" ); };
destination d_auth { file ( "/var/log/secure" ); };
destination d_mail { file ( "/var/log/maillog" ); };
destination d_spol { file ( "/var/log/spooler" ); };
destination d_boot { file ( "/var/log/boot.log" ); };
destination d_cron { file ( "/var/log/cron" ); };
destination d_mlal { usertty ( "*" ); };
destination d_kern { file ( "/var/log/kern" ); };
# Define local filters
filter f_mesg {
level ( info..emerg ) and not ( facility ( mail ) or facility ( authpriv ) or facility ( cron ) );
};
filter f_auth { facility ( authpriv ); };
filter f_mail { facility ( mail ); };
filter f_cron { facility ( cron ); };
filter f_emrg { level ( emerg ); };
filter f_spol { facility ( uucp ) or ( facility ( news ) and level ( crit ) ); };
filter f_boot { facility ( local7 ); };
# Define local logging
log { source ( s_sys ); filter ( f_mesg ); destination ( d_mesg ); };
log { source ( s_sys ); filter ( f_auth ); destination ( d_auth ); };
log { source ( s_sys ); filter ( f_mail ); destination ( d_mail ); };
log { source ( s_sys ); filter ( f_cron ); destination ( d_cron ); };
log { source ( s_sys ); filter ( f_emrg ); destination ( d_mlal ); };
log { source ( s_sys ); filter ( f_spol ); destination ( d_spol ); };
log { source ( s_sys ); filter ( f_boot ); destination ( d_boot ); };
# Define remote logging destination - we log to our /var/syslog-ng filesystem
# and store the logs by hostname first, and then by date. We create_dirs as required
# and ensure that all files are chown root:root and chmod 600. Any dirs created are
# chmod 700. We also define a template here which will dictate the format of each log
# entry
destination d_remote_logs {
file ( "/var/syslog-ng/$FULLHOST/$YEAR/$MONTH/$DAY/all.log"
owner( root ) group( root ) perm ( 0600 ) dir_perm( 0700 ) create_dirs ( yes )
template ( "$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE\n" ) );
};
# Log to remote destination for local and incoming remote logs
log { source ( s_net ); destination ( d_remote_logs ); };
log { source ( s_sys ); destination ( d_remote_logs ); };
Aktuální configy klientů:
options {
chain_hostnames(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
#destination messages { udp("/var/log/messages"); };
destination messages { udp("192.168.1.1"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
Na otázku zatím nikdo bohužel neodpověděl.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.