allow gitdoadm to sudo to git
[mirror/dsa-puppet.git] / modules / syslog-ng / templates / syslog-ng.conf.erb
1 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
2 @version: 3.0
3 <%- elsif has_variable?("syslogversion") and syslogversion.to_s == "3.5" -%>
4 @version: 3.5
5 @include "scl.conf"
6 <%- else -%>
7 @version: 3.3
8 @include "scl.conf"
9 <%- end -%>
10
11 ##
12 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
13 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
14 ##
15
16 #
17 # Configuration file for syslog-ng under Debian
18 #
19 # attempts at reproducing default syslog behavior
20
21 # the standard syslog levels are (in descending order of priority):
22 # emerg alert crit err warning notice info debug
23 # the aliases "error", "panic", and "warn" are deprecated
24 # the "none" priority found in the original syslogd configuration is
25 # only used in internal messages created by syslogd
26
27
28 ######
29 # options
30
31 options {
32         # disable the chained hostname format in logs
33         # (default is enabled)
34         chain_hostnames(1);
35
36         # the time to wait before a died connection is re-established
37         # (default is 60)
38         time_reopen(10);
39
40         # the time to wait before an idle destination file is closed
41         # (default is 60)
42         time_reap(360);
43
44         # the number of lines buffered before written to file
45         # you might want to increase this if your disk isn't catching with
46         # all the log messages you get or if you want less disk activity
47         # (say on a laptop)
48         # (default is 0)
49         #sync(0);
50
51         # the number of lines fitting in the output queue
52 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
53         log_fifo_size(2048);
54 <%- else -%>
55         log_fifo_size(10000);
56 <%- end -%>
57
58         # enable or disable directory creation for destination files
59         create_dirs(yes);
60
61         # default owner, group, and permissions for log files
62         # (defaults are 0, 0, 0600)
63         #owner(root);
64         group(adm);
65         perm(0640);
66
67         # default owner, group, and permissions for created directories
68         # (defaults are 0, 0, 0700)
69         #dir_owner(root);
70         #dir_group(root);
71         dir_perm(0755);
72
73         # enable or disable DNS usage
74         # syslog-ng blocks on DNS queries, so enabling DNS may lead to
75         # a Denial of Service attack
76         # (default is yes)
77         use_dns(no);
78
79         # maximum length of message in bytes
80         # this is only limited by the program listening on the /dev/log Unix
81         # socket, glibc can handle arbitrary length log messages, but -- for
82         # example -- syslogd accepts only 1024 bytes
83         # (default is 2048)
84         #log_msg_size(2048);
85
86         #Disable statistic log messages.
87         stats_freq(0);
88
89         # Some program send log messages through a private implementation.
90         # and sometimes that implementation is bad. If this happen syslog-ng
91         # may recognise the program name as hostname. Whit this option
92         # we tell the syslog-ng that if a hostname match this regexp than that
93         # is not a real hostname.
94         bad_hostname("^gconfd$");
95
96         keep_hostname(no);
97
98         # We believe our own clock more than we believe the client clock.
99         keep_timestamp(no);
100 };
101
102
103 ######
104 # sources
105
106 # all known message sources
107 source s_local {
108         # message generated by Syslog-NG
109         internal();
110 <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
111         # standard Linux log source (this is the default place for the syslog()
112         # function to send logs to)
113         unix-stream("/dev/log");
114         # messages from the kernel
115         file("/proc/kmsg" program_override("kernel: "));
116 <%- else -%>
117         system();
118 <%- end -%>
119 };
120
121 <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%>
122 source s_network {
123         tcp6(port(5140) max-connections(200)
124                 tls( key_file("/etc/exim4/ssl/thishost.key")
125                      cert_file("/etc/exim4/ssl/thishost.crt")
126                      ca_dir("/etc/exim4/ssl/")
127                 )
128         );
129 };
130 <%- end -%>
131
132
133 ######
134 # destinations
135
136 # some standard log files
137 destination df_auth { file("/var/log/auth.log"); };
138 destination df_syslog { file("/var/log/syslog"); };
139 destination df_cron { file("/var/log/cron.log"); };
140 destination df_daemon { file("/var/log/daemon.log"); };
141 destination df_kern { file("/var/log/kern.log"); };
142 destination df_lpr { file("/var/log/lpr.log"); };
143 destination df_mail { file("/var/log/mail.log" group(maillog)); };
144 # destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
145 destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
146 destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
147 destination df_user { file("/var/log/user.log" perm(0644)); };
148 destination df_uucp { file("/var/log/uucp.log"); };
149
150 # these files are meant for the mail system log files
151 # and provide re-usable destinations for {mail,cron,...}.info,
152 # {mail,cron,...}.notice, etc.
153 destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
154 destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
155 destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
156 destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
157 destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
158
159 # these files are meant for the news system, and are kept separated
160 # because they should be owned by "news" instead of "root"
161 destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
162 destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
163 destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
164
165 # some more classical and useful files found in standard syslog configurations
166 destination df_debug { file("/var/log/debug"); };
167 destination df_messages { file("/var/log/messages"); };
168
169 <%- if kernel == 'Linux' -%>
170 # pipes
171 # a console to view log messages under X
172 destination dp_xconsole { pipe("/dev/xconsole"); };
173
174 <%- end -%>
175 # consoles
176 # this will send messages to everyone logged in
177 destination du_all { usertty("*"); };
178
179
180 ######
181 # filters
182
183 # all messages from the auth and authpriv facilities
184 filter f_auth { facility(auth, authpriv); };
185
186 # all messages except from the auth and authpriv facilities
187 filter f_syslog { not facility(auth, authpriv, mail); };
188
189 # respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
190 # and uucp facilities
191 filter f_cron { facility(cron); };
192 filter f_daemon { facility(daemon); };
193 filter f_kern { facility(kern); };
194 filter f_lpr { facility(lpr); };
195 filter f_mail { facility(mail); };
196 filter f_news { facility(news); };
197 filter f_user { facility(user); };
198 filter f_uucp { facility(uucp); };
199
200 # some filters to select messages of priority greater or equal to info, warn,
201 # and err
202 # (equivalents of syslogd's *.info, *.warn, and *.err)
203 filter f_at_least_info { level(info..emerg); };
204 filter f_at_least_notice { level(notice..emerg); };
205 filter f_at_least_warn { level(warn..emerg); };
206 filter f_at_least_err { level(err..emerg); };
207 filter f_at_least_crit { level(crit..emerg); };
208
209 # all messages of priority debug not coming from the auth, authpriv, news, and
210 # mail facilities
211 filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
212
213 # all messages of info, notice, or warn priority not coming form the auth,
214 # authpriv, cron, daemon, mail, and news facilities
215 filter f_messages {
216         level(info,notice,warn)
217             and not facility(auth,authpriv,cron,daemon,mail,news);
218 };
219
220 # messages with priority emerg
221 filter f_emerg { level(emerg); };
222
223 <%- if kernel == 'Linux' -%>
224 # complex filter for messages usually sent to the xconsole
225 filter f_xconsole {
226     facility(daemon,mail)
227         or level(debug,info,notice,warn)
228         or (facility(news)
229                 and level(crit,err,notice));
230 };
231
232 <%- end -%>
233
234 # order matters if you use "flags(final);" to mark the end of processing in a
235 # "log" statement
236
237 ###############################################################################
238 ########## ON LOG CLIENTS #####################################################
239 ###############################################################################
240 ###############################################################################
241 ###############################################################################
242 # all log clients, including the log server, log their locally created
243 # messages to the standard places.
244
245 # auth,authpriv.*                 /var/log/auth.log
246 log {
247         source(s_local);
248         filter(f_auth);
249         destination(df_auth);
250 };
251
252 # *.*;auth,authpriv.none          -/var/log/syslog
253 log {
254         source(s_local);
255         filter(f_syslog);
256         destination(df_syslog);
257 };
258
259 # this is commented out in the default syslog.conf
260 # cron.*                         /var/log/cron.log
261 #log {
262 #        source(s_local);
263 #        filter(f_cron);
264 #        destination(df_cron);
265 #};
266
267 # daemon.*                        -/var/log/daemon.log
268 log {
269         source(s_local);
270         filter(f_daemon);
271         destination(df_daemon);
272 };
273
274 # kern.*                          -/var/log/kern.log
275 log {
276         source(s_local);
277         filter(f_kern);
278         destination(df_kern);
279 };
280
281 # lpr.*                           -/var/log/lpr.log
282 log {
283         source(s_local);
284         filter(f_lpr);
285         destination(df_lpr);
286 };
287
288 # mail.*                          -/var/log/mail.log
289 log {
290         source(s_local);
291         filter(f_mail);
292         destination(df_mail);
293 };
294
295 # user.*                          -/var/log/user.log
296 log {
297         source(s_local);
298         filter(f_user);
299         destination(df_user);
300 };
301
302 # uucp.*                          /var/log/uucp.log
303 log {
304         source(s_local);
305         filter(f_uucp);
306         destination(df_uucp);
307 };
308
309 # mail.info                       -/var/log/mail.info
310 #log {
311 #        source(s_local);
312 #        filter(f_mail);
313 #        filter(f_at_least_info);
314 #        destination(df_mail_info);
315 #};
316
317 # mail.warn                       -/var/log/mail.warn
318 log {
319         source(s_local);
320         filter(f_mail);
321         filter(f_at_least_warn);
322         destination(df_mail_warn);
323 };
324
325 # mail.err                        /var/log/mail.err
326 log {
327         source(s_local);
328         filter(f_mail);
329         filter(f_at_least_err);
330         destination(df_mail_err);
331 };
332
333 # news.crit                       /var/log/news/news.crit
334 log {
335         source(s_local);
336         filter(f_news);
337         filter(f_at_least_crit);
338         destination(df_news_dot_crit);
339 };
340
341 # news.err                        /var/log/news/news.err
342 log {
343         source(s_local);
344         filter(f_news);
345         filter(f_at_least_err);
346         destination(df_news_dot_err);
347 };
348
349 # news.notice                     /var/log/news/news.notice
350 log {
351         source(s_local);
352         filter(f_news);
353         filter(f_at_least_notice);
354         destination(df_news_dot_notice);
355 };
356
357
358 # *.=debug;\
359 #         auth,authpriv.none;\
360 #         news.none;mail.none     -/var/log/debug
361 log {
362         source(s_local);
363         filter(f_debug);
364         destination(df_debug);
365 };
366
367
368 # *.=info;*.=notice;*.=warn;\
369 #         auth,authpriv.none;\
370 #         cron,daemon.none;\
371 #         mail,news.none          -/var/log/messages
372 log {
373         source(s_local);
374         filter(f_messages);
375         destination(df_messages);
376 };
377
378 # *.emerg                         *
379 log {
380         source(s_local);
381         filter(f_emerg);
382         destination(du_all);
383 };
384
385
386 <%- if kernel == 'Linux' -%>
387 # daemon.*;mail.*;\
388 #         news.crit;news.err;news.notice;\
389 #         *.=debug;*.=info;\
390 #         *.=notice;*.=warn       |/dev/xconsole
391 log {
392         source(s_local);
393         filter(f_xconsole);
394         destination(dp_xconsole);
395 };
396 <%- end -%>
397
398
399  <%- if hostname != "lotti" -%>
400 destination loghost-lotti {
401         tcp("lotti.debian.org" port (5140)
402                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
403                      cert_file("/etc/ssl/debian/certs/thishost.crt")
404                      ca_dir("/etc/ssl/debian/certs/")
405                 )
406         );
407 };
408  <%- end -%>
409   <%- if hostname != "lully" -%>
410 destination loghost-lully {
411         tcp("lully.debian.org" port (5140)
412                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
413                      cert_file("/etc/ssl/debian/certs/thishost.crt")
414                      ca_dir("/etc/ssl/debian/certs/")
415                 )
416         );
417 };
418  <%- end -%>
419   <%- if hostname != "loghost-grnet-01" -%>
420 destination loghost-loghost-grnet-01 {
421         tcp("loghost-grnet-01.debian.org" port (5140)
422                 tls( key_file("/etc/ssl/debian/keys/thishost.key")
423                      cert_file("/etc/ssl/debian/certs/thishost.crt")
424                      ca_dir("/etc/ssl/debian/certs/")
425                 )
426         );
427 };
428  <%- end -%>
429
430 log {
431         source(s_local);
432  <%- if hostname != "lotti" -%>
433         destination(loghost-lotti);
434  <%- end -%>
435  <%- if hostname != "lully" -%>
436         destination(loghost-lully);
437  <%- end -%>
438  <%- if hostname != "loghost-grnet-01" -%>
439         destination(loghost-loghost-grnet-01);
440  <%- end -%>
441 };
442
443
444
445 <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%>
446 ###############################################################################
447 ########## ON LOG HOST ########################################################
448 ###############################################################################
449 ###############################################################################
450 #
451 # The log server, additionally, also logs all local and remote messages to
452 # a few special places.
453 destination hostdest_auth           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
454                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
455 destination hostdest_syslog         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
456                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
457 destination hostdest_cron           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
458                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
459 destination hostdest_daemon         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
460                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
461 destination hostdest_kern           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
462                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
463 destination hostdest_lpr            { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
464                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
465 destination hostdest_mail           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
466                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
467 destination hostdest_news           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
468                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
469 destination hostdest_user           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
470                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
471 destination hostdest_uucp           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
472                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
473 destination hostdest_debug          { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
474                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
475 destination hostdest_messages       { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
476                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
477
478
479 #----------------------------------------------------------------------
480 #  Special catch all destination hostdest_sorting by host
481 #----------------------------------------------------------------------
482 destination hostdest_facility_dot_info   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
483                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
484 destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
485                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
486 destination hostdest_facility_dot_warn   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
487                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
488 destination hostdest_facility_dot_err    { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
489                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
490 destination hostdest_facility_dot_crit   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
491                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
492
493
494 #----------------------------------------------------------------------
495 #  Catch all log files
496 #----------------------------------------------------------------------
497 destination df_ALL_auth { file("/var/log/auth-all.log"); };
498 destination df_ALL_mail { file("/var/log/mail-all.log"); };
499 destination df_ALL_syslog { file("/var/log/syslog-all"); };
500
501 log { source(s_local);
502       source(s_network);
503       filter(f_auth); destination(hostdest_auth); };
504 log { source(s_local);
505       source(s_network);
506       filter(f_syslog); destination(hostdest_syslog); };
507 log { source(s_local);
508       source(s_network);
509       filter(f_daemon); destination(hostdest_daemon); };
510 log { source(s_local);
511       source(s_network);
512       filter(f_kern); destination(hostdest_kern); };
513 log { source(s_local);
514       source(s_network);
515       filter(f_lpr); destination(hostdest_lpr); };
516 log { source(s_local);
517       source(s_network);
518       filter(f_mail); destination(hostdest_mail); };
519 log { source(s_local);
520       source(s_network);
521       filter(f_news); destination(hostdest_mail); };
522 log { source(s_local);
523       source(s_network);
524       filter(f_user); destination(hostdest_user); };
525 log { source(s_local);
526       source(s_network);
527       filter(f_uucp); destination(hostdest_uucp); };
528 log { source(s_local);
529       source(s_network);
530       filter(f_debug); destination(hostdest_debug); };
531 log { source(s_local);
532       source(s_network);
533       filter(f_messages); destination(hostdest_messages); };
534
535 log { source(s_local);
536       source(s_network);
537       filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
538 log { source(s_local);
539       source(s_network);
540       filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
541 log { source(s_local);
542       source(s_network);
543       filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
544
545
546 ## catch all:
547 log { source(s_local);
548       source(s_network);
549       filter(f_auth); destination(df_ALL_auth); };
550 log { source(s_local);
551       source(s_network);
552       filter(f_mail); destination(df_ALL_mail); };
553 log { source(s_local);
554       source(s_network);
555       filter(f_syslog); destination(df_ALL_syslog); };
556 <%- end -%>