modules/syslog-ng/templates/syslog-ng.conf.erb

   1 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
   2 @version: 3.0
   3 <%- elsif has_variable?("syslogversion") and syslogversion.to_s == "3.5" -%>
   4 @version: 3.5
   5 @include "scl.conf"
   6 <%- else -%>
   7 @version: 3.3
   8 @include "scl.conf"
   9 <%- end -%>
  10
  11 ##
  12 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
  13 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
  14 ##
  15
  16 #
  17 # Configuration file for syslog-ng under Debian
  18 #
  19 # attempts at reproducing default syslog behavior
  20
  21 # the standard syslog levels are (in descending order of priority):
  22 # emerg alert crit err warning notice info debug
  23 # the aliases "error", "panic", and "warn" are deprecated
  24 # the "none" priority found in the original syslogd configuration is
  25 # only used in internal messages created by syslogd
  26
  27
  28 ######
  29 # options
  30
  31 options {
  32         # disable the chained hostname format in logs
  33         # (default is enabled)
  34         chain_hostnames(1);
  35
  36         # the time to wait before a died connection is re-established
  37         # (default is 60)
  38         time_reopen(10);
  39
  40         # the time to wait before an idle destination file is closed
  41         # (default is 60)
  42         time_reap(360);
  43
  44         # the number of lines buffered before written to file
  45         # you might want to increase this if your disk isn't catching with
  46         # all the log messages you get or if you want less disk activity
  47         # (say on a laptop)
  48         # (default is 0)
  49         #sync(0);
  50
  51         # the number of lines fitting in the output queue
  52 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
  53         log_fifo_size(2048);
  54 <%- else -%>
  55         log_fifo_size(10000);
  56 <%- end -%>
  57
  58         # enable or disable directory creation for destination files
  59         create_dirs(yes);
  60
  61         # default owner, group, and permissions for log files
  62         # (defaults are 0, 0, 0600)
  63         #owner(root);
  64         group(adm);
  65         perm(0640);
  66
  67         # default owner, group, and permissions for created directories
  68         # (defaults are 0, 0, 0700)
  69         #dir_owner(root);
  70         #dir_group(root);
  71         dir_perm(0755);
  72
  73         # enable or disable DNS usage
  74         # syslog-ng blocks on DNS queries, so enabling DNS may lead to
  75         # a Denial of Service attack
  76         # (default is yes)
  77         use_dns(no);
  78
  79         # maximum length of message in bytes
  80         # this is only limited by the program listening on the /dev/log Unix
  81         # socket, glibc can handle arbitrary length log messages, but -- for
  82         # example -- syslogd accepts only 1024 bytes
  83         # (default is 2048)
  84         #log_msg_size(2048);
  85
  86         #Disable statistic log messages.
  87         stats_freq(0);
  88
  89         # Some program send log messages through a private implementation.
  90         # and sometimes that implementation is bad. If this happen syslog-ng
  91         # may recognise the program name as hostname. Whit this option
  92         # we tell the syslog-ng that if a hostname match this regexp than that
  93         # is not a real hostname.
  94         bad_hostname("^gconfd$");
  95
  96         keep_hostname(no);
  97
  98         # We believe our own clock more than we believe the client clock.
  99         keep_timestamp(no);
 100 };
 101
 102
 103 ######
 104 # sources
 105
 106 # all known message sources
 107 source s_local {
 108         # message generated by Syslog-NG
 109         internal();
 110 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
 111         # standard Linux log source (this is the default place for the syslog()
 112         # function to send logs to)
 113         unix-stream("/dev/log");
 114         # messages from the kernel
 115         file("/proc/kmsg" program_override("kernel: "));
 116 <%- else -%>
 117         system();
 118 <%- end -%>
 119 };
 120
 121 <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%>
 122 source s_network {
 123         tcp6(port(5140) max-connections(200)
 124                 tls( key_file("/etc/exim4/ssl/thishost.key")
 125                      cert_file("/etc/exim4/ssl/thishost.crt")
 126                      ca_dir("/etc/exim4/ssl/")
 127                 )
 128         );
 129 };
 130 <%- end -%>
 131
 132
 133 ######
 134 # destinations
 135
 136 # some standard log files
 137 destination df_auth { file("/var/log/auth.log"); };
 138 destination df_syslog { file("/var/log/syslog"); };
 139 destination df_cron { file("/var/log/cron.log"); };
 140 destination df_daemon { file("/var/log/daemon.log"); };
 141 destination df_kern { file("/var/log/kern.log"); };
 142 destination df_lpr { file("/var/log/lpr.log"); };
 143 destination df_mail { file("/var/log/mail.log" group(maillog)); };
 144 # destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
 145 destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
 146 destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
 147 destination df_user { file("/var/log/user.log" perm(0644)); };
 148 destination df_uucp { file("/var/log/uucp.log"); };
 149
 150 # these files are meant for the mail system log files
 151 # and provide re-usable destinations for {mail,cron,...}.info,
 152 # {mail,cron,...}.notice, etc.
 153 destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
 154 destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
 155 destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
 156 destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
 157 destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
 158
 159 # these files are meant for the news system, and are kept separated
 160 # because they should be owned by "news" instead of "root"
 161 destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
 162 destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
 163 destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
 164
 165 # some more classical and useful files found in standard syslog configurations
 166 destination df_debug { file("/var/log/debug"); };
 167 destination df_messages { file("/var/log/messages"); };
 168
 169 <%- if kernel == 'Linux' -%>
 170 # pipes
 171 # a console to view log messages under X
 172 destination dp_xconsole { pipe("/dev/xconsole"); };
 173
 174 <%- end -%>
 175 # consoles
 176 # this will send messages to everyone logged in
 177 destination du_all { usertty("*"); };
 178
 179
 180 ######
 181 # filters
 182
 183 # all messages from the auth and authpriv facilities
 184 filter f_auth { facility(auth, authpriv); };
 185
 186 # all messages except from the auth and authpriv facilities
 187 filter f_syslog { not facility(auth, authpriv, mail); };
 188
 189 # respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
 190 # and uucp facilities
 191 filter f_cron { facility(cron); };
 192 filter f_daemon { facility(daemon); };
 193 filter f_kern { facility(kern); };
 194 filter f_lpr { facility(lpr); };
 195 filter f_mail { facility(mail); };
 196 filter f_news { facility(news); };
 197 filter f_user { facility(user); };
 198 filter f_uucp { facility(uucp); };
 199
 200 # some filters to select messages of priority greater or equal to info, warn,
 201 # and err
 202 # (equivalents of syslogd's *.info, *.warn, and *.err)
 203 filter f_at_least_info { level(info..emerg); };
 204 filter f_at_least_notice { level(notice..emerg); };
 205 filter f_at_least_warn { level(warn..emerg); };
 206 filter f_at_least_err { level(err..emerg); };
 207 filter f_at_least_crit { level(crit..emerg); };
 208
 209 # all messages of priority debug not coming from the auth, authpriv, news, and
 210 # mail facilities
 211 filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
 212
 213 # all messages of info, notice, or warn priority not coming form the auth,
 214 # authpriv, cron, daemon, mail, and news facilities
 215 filter f_messages {
 216         level(info,notice,warn)
 217             and not facility(auth,authpriv,cron,daemon,mail,news);
 218 };
 219
 220 # messages with priority emerg
 221 filter f_emerg { level(emerg); };
 222
 223 <%- if kernel == 'Linux' -%>
 224 # complex filter for messages usually sent to the xconsole
 225 filter f_xconsole {
 226     facility(daemon,mail)
 227         or level(debug,info,notice,warn)
 228         or (facility(news)
 229                 and level(crit,err,notice));
 230 };
 231
 232 <%- end -%>
 233
 234 # order matters if you use "flags(final);" to mark the end of processing in a
 235 # "log" statement
 236
 237 ###############################################################################
 238 ########## ON LOG CLIENTS #####################################################
 239 ###############################################################################
 240 ###############################################################################
 241 ###############################################################################
 242 # all log clients, including the log server, log their locally created
 243 # messages to the standard places.
 244
 245 # auth,authpriv.*                 /var/log/auth.log
 246 log {
 247         source(s_local);
 248         filter(f_auth);
 249         destination(df_auth);
 250 };
 251
 252 # *.*;auth,authpriv.none          -/var/log/syslog
 253 log {
 254         source(s_local);
 255         filter(f_syslog);
 256         destination(df_syslog);
 257 };
 258
 259 # this is commented out in the default syslog.conf
 260 # cron.*                         /var/log/cron.log
 261 #log {
 262 #        source(s_local);
 263 #        filter(f_cron);
 264 #        destination(df_cron);
 265 #};
 266
 267 # daemon.*                        -/var/log/daemon.log
 268 log {
 269         source(s_local);
 270         filter(f_daemon);
 271         destination(df_daemon);
 272 };
 273
 274 # kern.*                          -/var/log/kern.log
 275 log {
 276         source(s_local);
 277         filter(f_kern);
 278         destination(df_kern);
 279 };
 280
 281 # lpr.*                           -/var/log/lpr.log
 282 log {
 283         source(s_local);
 284         filter(f_lpr);
 285         destination(df_lpr);
 286 };
 287
 288 # mail.*                          -/var/log/mail.log
 289 log {
 290         source(s_local);
 291         filter(f_mail);
 292         destination(df_mail);
 293 };
 294
 295 # user.*                          -/var/log/user.log
 296 log {
 297         source(s_local);
 298         filter(f_user);
 299         destination(df_user);
 300 };
 301
 302 # uucp.*                          /var/log/uucp.log
 303 log {
 304         source(s_local);
 305         filter(f_uucp);
 306         destination(df_uucp);
 307 };
 308
 309 # mail.info                       -/var/log/mail.info
 310 #log {
 311 #        source(s_local);
 312 #        filter(f_mail);
 313 #        filter(f_at_least_info);
 314 #        destination(df_mail_info);
 315 #};
 316
 317 # mail.warn                       -/var/log/mail.warn
 318 log {
 319         source(s_local);
 320         filter(f_mail);
 321         filter(f_at_least_warn);
 322         destination(df_mail_warn);
 323 };
 324
 325 # mail.err                        /var/log/mail.err
 326 log {
 327         source(s_local);
 328         filter(f_mail);
 329         filter(f_at_least_err);
 330         destination(df_mail_err);
 331 };
 332
 333 # news.crit                       /var/log/news/news.crit
 334 log {
 335         source(s_local);
 336         filter(f_news);
 337         filter(f_at_least_crit);
 338         destination(df_news_dot_crit);
 339 };
 340
 341 # news.err                        /var/log/news/news.err
 342 log {
 343         source(s_local);
 344         filter(f_news);
 345         filter(f_at_least_err);
 346         destination(df_news_dot_err);
 347 };
 348
 349 # news.notice                     /var/log/news/news.notice
 350 log {
 351         source(s_local);
 352         filter(f_news);
 353         filter(f_at_least_notice);
 354         destination(df_news_dot_notice);
 355 };
 356
 357
 358 # *.=debug;\
 359 #         auth,authpriv.none;\
 360 #         news.none;mail.none     -/var/log/debug
 361 log {
 362         source(s_local);
 363         filter(f_debug);
 364         destination(df_debug);
 365 };
 366
 367
 368 # *.=info;*.=notice;*.=warn;\
 369 #         auth,authpriv.none;\
 370 #         cron,daemon.none;\
 371 #         mail,news.none          -/var/log/messages
 372 log {
 373         source(s_local);
 374         filter(f_messages);
 375         destination(df_messages);
 376 };
 377
 378 # *.emerg                         *
 379 log {
 380         source(s_local);
 381         filter(f_emerg);
 382         destination(du_all);
 383 };
 384
 385
 386 <%- if kernel == 'Linux' -%>
 387 # daemon.*;mail.*;\
 388 #         news.crit;news.err;news.notice;\
 389 #         *.=debug;*.=info;\
 390 #         *.=notice;*.=warn       |/dev/xconsole
 391 log {
 392         source(s_local);
 393         filter(f_xconsole);
 394         destination(dp_xconsole);
 395 };
 396 <%- end -%>
 397
 398
 399  <%- if hostname != "lotti" -%>
 400 destination loghost-lotti {
 401         tcp("lotti.debian.org" port (5140)
 402                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
 403                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 404                      ca_dir("/etc/ssl/debian/certs/")
 405                 )
 406         );
 407 };
 408  <%- end -%>
 409   <%- if hostname != "lully" -%>
 410 destination loghost-lully {
 411         tcp("lully.debian.org" port (5140)
 412                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
 413                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 414                      ca_dir("/etc/ssl/debian/certs/")
 415                 )
 416         );
 417 };
 418  <%- end -%>
 419   <%- if hostname != "loghost-grnet-01" -%>
 420 destination loghost-loghost-grnet-01 {
 421         tcp("loghost-grnet-01.debian.org" port (5140)
 422                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
 423                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 424                      ca_dir("/etc/ssl/debian/certs/")
 425                 )
 426         );
 427 };
 428  <%- end -%>
 429
 430 log {
 431         source(s_local);
 432  <%- if hostname != "lotti" -%>
 433         destination(loghost-lotti);
 434  <%- end -%>
 435  <%- if hostname != "lully" -%>
 436         destination(loghost-lully);
 437  <%- end -%>
 438  <%- if hostname != "loghost-grnet-01" -%>
 439         destination(loghost-loghost-grnet-01);
 440  <%- end -%>
 441 };
 442
 443
 444
 445 <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%>
 446 ###############################################################################
 447 ########## ON LOG HOST ########################################################
 448 ###############################################################################
 449 ###############################################################################
 450 #
 451 # The log server, additionally, also logs all local and remote messages to
 452 # a few special places.
 453 destination hostdest_auth           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
 454                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 455 destination hostdest_syslog         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
 456                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 457 destination hostdest_cron           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
 458                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 459 destination hostdest_daemon         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
 460                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 461 destination hostdest_kern           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
 462                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 463 destination hostdest_lpr            { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
 464                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 465 destination hostdest_mail           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
 466                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 467 destination hostdest_news           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
 468                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 469 destination hostdest_user           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
 470                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 471 destination hostdest_uucp           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
 472                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 473 destination hostdest_debug          { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
 474                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 475 destination hostdest_messages       { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
 476                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 477
 478
 479 #----------------------------------------------------------------------
 480 #  Special catch all destination hostdest_sorting by host
 481 #----------------------------------------------------------------------
 482 destination hostdest_facility_dot_info   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
 483                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 484 destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
 485                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 486 destination hostdest_facility_dot_warn   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
 487                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 488 destination hostdest_facility_dot_err    { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
 489                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 490 destination hostdest_facility_dot_crit   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
 491                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 492
 493
 494 #----------------------------------------------------------------------
 495 #  Catch all log files
 496 #----------------------------------------------------------------------
 497 destination df_ALL_auth { file("/var/log/auth-all.log"); };
 498 destination df_ALL_mail { file("/var/log/mail-all.log"); };
 499 destination df_ALL_syslog { file("/var/log/syslog-all"); };
 500
 501 log { source(s_local);
 502       source(s_network);
 503       filter(f_auth); destination(hostdest_auth); };
 504 log { source(s_local);
 505       source(s_network);
 506       filter(f_syslog); destination(hostdest_syslog); };
 507 log { source(s_local);
 508       source(s_network);
 509       filter(f_daemon); destination(hostdest_daemon); };
 510 log { source(s_local);
 511       source(s_network);
 512       filter(f_kern); destination(hostdest_kern); };
 513 log { source(s_local);
 514       source(s_network);
 515       filter(f_lpr); destination(hostdest_lpr); };
 516 log { source(s_local);
 517       source(s_network);
 518       filter(f_mail); destination(hostdest_mail); };
 519 log { source(s_local);
 520       source(s_network);
 521       filter(f_news); destination(hostdest_mail); };
 522 log { source(s_local);
 523       source(s_network);
 524       filter(f_user); destination(hostdest_user); };
 525 log { source(s_local);
 526       source(s_network);
 527       filter(f_uucp); destination(hostdest_uucp); };
 528 log { source(s_local);
 529       source(s_network);
 530       filter(f_debug); destination(hostdest_debug); };
 531 log { source(s_local);
 532       source(s_network);
 533       filter(f_messages); destination(hostdest_messages); };
 534
 535 log { source(s_local);
 536       source(s_network);
 537       filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
 538 log { source(s_local);
 539       source(s_network);
 540       filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
 541 log { source(s_local);
 542       source(s_network);
 543       filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
 544
 545
 546 ## catch all:
 547 log { source(s_local);
 548       source(s_network);
 549       filter(f_auth); destination(df_ALL_auth); };
 550 log { source(s_local);
 551       source(s_network);
 552       filter(f_mail); destination(df_ALL_mail); };
 553 log { source(s_local);
 554       source(s_network);
 555       filter(f_syslog); destination(df_ALL_syslog); };
 556 <%- end -%>