Linux news and config tip: file syslog-ng.conf if you want keep log

options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
# udp(ip(0.0.0.0) port(514));
# tcp(ip(0.0.0.0) port(514));
};

destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };

#filter f_filter1 { facility(kern); };
filter f_filter2 { level(info..emerg) and
not facility(mail,authpriv,cron); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };

#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };

# Source from remote client
source s_client {
tcp(ip(0.0.0.0) port(514) keep-alive(yes) max-connections(300));
udp(ip(0.0.0.0) port(514));
};

############################################################################
# Log from p3scan Mail service Transparent (pop3, pop3s, smtp).
############################################################################
filter f_p3scan { program("p3scan") and match("CLEAN:"); };

destination d_p3scan {
file("/var/log/net-daily/$YEAR/$MONTH/MAIL-IN-OUT.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_p3scan); destination(d_p3scan); };

############################################################################
# Log from squid (proxy) server kept access.log from LAN.
############################################################################
#filter f_squid { program("squid") and facility(user); };
filter f_squid { match("squid"); };

destination d_squid {
file("/var/log/net-daily/$YEAR/$MONTH/squid.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_squid); destination(d_squid); };

############################################################################
# Log dhcp server.
############################################################################
filter f_dhcp { program("dnsmasq") and facility(daemon); };

destination d_dhcp {
file("/var/log/net-daily/$YEAR/$MONTH/dhcp.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_dhcp); destination(d_dhcp); };

############################################################################
# Log ssh server.
############################################################################
filter f_ssh { program("sshd") and facility(auth, authpriv); };

destination d_ssh {
file("/var/log/net-daily/$YEAR/$MONTH/ssh.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_ssh); destination(d_ssh); };

############################################################################
# Log HTTP service.
############################################################################
filter f_http1 { match("HTTP"); };
filter f_http2 { program("kernel"); };

destination d_http {
file("/var/log/net-daily/$YEAR/$MONTH/http.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_http1); filter(f_http2); destination(d_http); };

############################################################################
# Log HTTPS service.
############################################################################
filter f_https1 { match("HTTPS"); };
filter f_https2 { program("kernel"); };

destination d_https {
file("/var/log/net-daily/$YEAR/$MONTH/https.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_https1); filter(f_https2); destination(d_https); };

############################################################################
# Log smtp service.
############################################################################
filter f_smtp1 { match("SMTP"); };
filter f_smtp2 { program("kernel"); };

destination d_smtp {
file("/var/log/net-daily/$YEAR/$MONTH/smtp.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_smtp1); filter(f_smtp2); destination(d_smtp); };

############################################################################
# Log ftp service.
############################################################################
filter f_ftp1 { match("FTP"); };
filter f_ftp2 { program("kernel"); };

destination d_ftp {
file("/var/log/net-daily/$YEAR/$MONTH/ftp.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_ftp1); filter(f_ftp2); destination(d_ftp); };

############################################################################
# Log mail server from imap service.
############################################################################
filter f_imap1 { match("IMAP"); };
filter f_imap2 { program("kernel"); };

destination d_imap {
file("/var/log/net-daily/$YEAR/$MONTH/imap.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_imap1); filter(f_imap2); destination(d_imap); };

############################################################################
# Log mail server from pop3 service.
############################################################################
filter f_pop3_1 { match("POP3"); };
filter f_pop3_2 { program("kernel"); };

destination d_pop3 {
file("/var/log/net-daily/$YEAR/$MONTH/pop3.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_pop3_1); filter(f_pop3_2); destination(d_pop3); };

#------------------------- Chat and Instand messages -----------------------
#---------------------------------------------------------------------------

############################################################################
# Log MSN used iptable check MSN,ICQ,... service.
############################################################################
filter f_msn1 { match("MSN"); };
filter f_msn2 { program("kernel"); };

destination d_msn {
file("/var/log/net-daily/$YEAR/$MONTH/MSN.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_msn1); filter(f_msn2); destination(d_msn); };

############################################################################
# Log JABBER used iptable check MSN,ICQ,... service.
############################################################################
filter f_jabber1 { match("JABBER"); };
filter f_jabber2 { program("kernel"); };

destination d_jabber {
file("/var/log/net-daily/$YEAR/$MONTH/JABBER.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_jabber1); filter(f_jabber2); destination(d_jabber); };

############################################################################
# Log JABBERS used iptable check MSN,ICQ,... service.
############################################################################
filter f_jabbers1 { match("JABBERS"); };
filter f_jabbers2 { program("kernel"); };

destination d_jabbers {
file("/var/log/net-daily/$YEAR/$MONTH/JABBERS.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_jabbers1); filter(f_jabbers2); destination(d_jabbers); };

############################################################################
# Log ICQ/AIM used iptable check MSN,ICQ,... service.
############################################################################
filter f_icq1 { match("ICQ/AIM"); };
filter f_icq2 { program("kernel"); };

destination d_icq {
file("/var/log/net-daily/$YEAR/$MONTH/ICQ.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_icq1); filter(f_icq2); destination(d_icq); };

############################################################################
# Log YAHOO used iptable check MSN,ICQ,... service.
############################################################################
filter f_yahoo1 { match("YAHOO"); };
filter f_yahoo2 { program("kernel"); };

destination d_yahoo {
file("/var/log/net-daily/$YEAR/$MONTH/YAHOO.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_yahoo1); filter(f_yahoo2); destination(d_yahoo); };

############################################################################
# Log IRC used iptable check MSN,ICQ,... service.
############################################################################
filter f_irc1 { match("IRC"); };
filter f_irc2 { program("kernel"); };

destination d_irc {
file("/var/log/net-daily/$YEAR/$MONTH/IRC.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_irc1); filter(f_irc2); destination(d_irc); };

############################################################################
# Log GADU-GADU used iptable check MSN,ICQ,... service.
############################################################################
filter f_gadu1 { match("GADU-GADU"); };
filter f_gadu2 { program("kernel"); };

destination d_gadu {
file("/var/log/net-daily/$YEAR/$MONTH/GADU-GADU.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_gadu1); filter(f_gadu2); destination(d_gadu); };

#------------------------- Server Application ------------------------------
#---------------------------------------------------------------------------

############################################################################
# Log mail server use postfix service.
############################################################################
filter f_postfix { program("^postfix/"); };

destination d_postfix {
file("/var/log/net-daily/$YEAR/$MONTH/postfix.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_postfix); destination(d_postfix); };

############################################################################
# Log apache (httpd) web server.
############################################################################
filter f_www { program("logger"); };
#filter f_www1 { program("apache"); };

destination d_www {
file("/var/log/net-daily/$YEAR/$MONTH/www.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_www); destination(d_www); };

############################################################################
# Log Samba File server.
############################################################################
filter f_samba { level(info..emerg) and program("smbd"); };

destination d_samba {
file("/var/log/net-daily/$YEAR/$MONTH/samba.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_samba); destination(d_samba); };

############################################################################
# Log ldap server.
############################################################################
filter f_ldap { program("slapd"); };

destination d_ldap {
file("/var/log/net-daily/$YEAR/$MONTH/ldap.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_ldap); destination(d_ldap); flags(final); };

############################################################################
# Log radius server.
############################################################################
filter f_radius { program("radiusd"); };

destination d_radius {
file("/var/log/net-daily/$YEAR/$MONTH/radius.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_radius); destination(d_radius); };

filter f_router { facility(local2); };

destination d_router {
file("/var/log/net-daily/$YEAR/$MONTH/router.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_router); destination(d_router); };

filter f_switch { facility(local3); };

destination d_switch {
file("/var/log/net-daily/$YEAR/$MONTH/switch.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

#log { source(s_sys); filter(f_switch); destination(d_switch); };

filter f_firewall { facility(local4); };

destination d_firewall {
file("/var/log/net-daily/$YEAR/$MONTH/firewall.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_firewall); destination(d_firewall); };

filter f_vpnbox { facility(local5); };

destination d_vpnbox {
file("/var/log/net-daily/$YEAR/$MONTH/vpnbox.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_vpnbox); destination(d_vpnbox); };

filter f_wifi { facility(local7); };

destination d_wifi {
file("/var/log/net-daily/$YEAR/$MONTH/wifi.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_sys); filter(f_wifi); destination(d_wifi); };

#------------------------- Windows Server Application ----------------------
#---------------------------------------------------------------------------

############################################################################
# Log Microsoft windows IIS6 www server
############################################################################
filter windows_www { facility(local6) and match(W3SVC1); };

destination windows_www {
file("/var/log/net-daily/$HOST/$YEAR/$MONTH/windows_www.$YEAR-$MONTH-$DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
owner(root) group(root) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_client); filter(windows_www); destination(windows_www); flags(final); };

############################################################################
# Log Microsoft windows IIS6 ftp server
############################################################################
filter windows_ftp { facility(local6) and match(FTPSvcLog); };

destination windows_ftp {
file("/var/log/net-daily/$HOST/$YEAR/$MONTH/windows_ftp.$YEAR-$MONTH-$DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no)
owner(root) group(root) perm(665)
create_dirs(yes) dir_perm(0775));
};

log { source(s_client); filter(windows_ftp); destination(windows_ftp); flags(final); };

############################################################################
# Log Microsoft windows EventLog
############################################################################
filter windows_EvtLog { program(MSWinEventLog); };

destination windows_EvtLog {
file("/var/log/net-daily/$HOST/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775)
template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
template_escape(no));
};

log { source(s_client); filter(windows_EvtLog); destination(windows_EvtLog); flags(final);};

Linux news and config tip

Saturday, February 25, 2012

file syslog-ng.conf if you want keep log

No comments: