modules/syslog_ng/templates/syslog-ng.conf.erb

   1 <%- if has_variable?("syslogversion") and @syslogversion.to_s == "3.1" -%>
   2 @version: 3.0
   3 <%- elsif has_variable?("syslogversion") and @syslogversion.to_s == "3.5" -%>
   4 @version: 3.5
   5 @include "scl.conf"
   6 <%- elsif has_variable?("syslogversion") and @syslogversion.to_s == "3.8" -%>
   7 @version: 3.8
   8 @include "scl.conf"
   9 <%- else -%>
  10 @version: 3.3
  11 @include "scl.conf"
  12 <%- end -%>
  13
  14 ##
  15 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
  16 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
  17 ##
  18
  19 #
  20 # Configuration file for syslog-ng under Debian
  21 #
  22 # attempts at reproducing default syslog behavior
  23
  24 # the standard syslog levels are (in descending order of priority):
  25 # emerg alert crit err warning notice info debug
  26 # the aliases "error", "panic", and "warn" are deprecated
  27 # the "none" priority found in the original syslogd configuration is
  28 # only used in internal messages created by syslogd
  29
  30
  31 ######
  32 # options
  33
  34 options {
  35         # disable the chained hostname format in logs
  36         # (default is enabled)
  37         chain_hostnames(1);
  38
  39         # the time to wait before a died connection is re-established
  40         # (default is 60)
  41         time_reopen(10);
  42
  43         # the time to wait before an idle destination file is closed
  44         # (default is 60)
  45         time_reap(360);
  46
  47         # the number of lines buffered before written to file
  48         # you might want to increase this if your disk isn't catching with
  49         # all the log messages you get or if you want less disk activity
  50         # (say on a laptop)
  51         # (default is 0)
  52         #sync(0);
  53
  54         # the number of lines fitting in the output queue
  55 <%- if has_variable?("syslogversion") and @syslogversion.to_s == "3.1" -%>
  56         log_fifo_size(2048);
  57 <%- else -%>
  58         log_fifo_size(10000);
  59 <%- end -%>
  60
  61         # enable or disable directory creation for destination files
  62         create_dirs(yes);
  63
  64         # default owner, group, and permissions for log files
  65         # (defaults are 0, 0, 0600)
  66         #owner(root);
  67         group(adm);
  68         perm(0640);
  69
  70         # default owner, group, and permissions for created directories
  71         # (defaults are 0, 0, 0700)
  72         #dir_owner(root);
  73         #dir_group(root);
  74         dir_perm(0755);
  75
  76         # enable or disable DNS usage
  77         # syslog-ng blocks on DNS queries, so enabling DNS may lead to
  78         # a Denial of Service attack
  79         # (default is yes)
  80         use_dns(no);
  81
  82         # maximum length of message in bytes
  83         # this is only limited by the program listening on the /dev/log Unix
  84         # socket, glibc can handle arbitrary length log messages, but -- for
  85         # example -- syslogd accepts only 1024 bytes
  86         # (default is 2048)
  87         #log_msg_size(2048);
  88
  89         #Disable statistic log messages.
  90         stats_freq(0);
  91
  92         # Some program send log messages through a private implementation.
  93         # and sometimes that implementation is bad. If this happen syslog-ng
  94         # may recognise the program name as hostname. Whit this option
  95         # we tell the syslog-ng that if a hostname match this regexp than that
  96         # is not a real hostname.
  97         bad_hostname("^gconfd$");
  98
  99         keep_hostname(no);
 100
 101         # We believe our own clock more than we believe the client clock.
 102         keep_timestamp(no);
 103 };
 104
 105
 106 ######
 107 # sources
 108
 109 # all known message sources
 110 source s_local {
 111         # message generated by Syslog-NG
 112         internal();
 113 <%- if has_variable?("syslogversion") and @syslogversion.to_s == "3.1" -%>
 114         # standard Linux log source (this is the default place for the syslog()
 115         # function to send logs to)
 116         unix-stream("/dev/log");
 117         # messages from the kernel
 118         file("/proc/kmsg" program_override("kernel: "));
 119 <%- else -%>
 120         system();
 121 <%- end -%>
 122 <%- if has_variable?("haproxy") && @haproxy -%>
 123         unix-stream("/var/lib/haproxy/dev/log");
 124 <%- end -%>
 125 };
 126
 127 <%- if (@hostname == "lotti") || (@hostname == "lully") || (@hostname == "loghost-grnet-01") || (@hostname == "loghost-osuosl-01") -%>
 128 source s_network {
 129         tcp6(port(5140) max-connections(400)
 130                 tls( key_file("/etc/exim4/ssl/thishost.key")
 131                      cert_file("/etc/exim4/ssl/thishost.crt")
 132                      ca_dir("/etc/exim4/ssl/")
 133                 )
 134         );
 135 };
 136
 137 source s_network_fastly {
 138         tcp6(port(5141) max-connections(100)
 139                 tls( key_file("/etc/exim4/ssl/thishost.key")
 140                      cert_file("/etc/exim4/ssl/thishost.crt")
 141                      peer-verify(optional-untrusted))
 142         );
 143 };
 144 <%- end -%>
 145
 146
 147 ######
 148 # destinations
 149
 150 # some standard log files
 151 destination df_auth { file("/var/log/auth.log"); };
 152 destination df_syslog { file("/var/log/syslog"); };
 153 destination df_cron { file("/var/log/cron.log"); };
 154 destination df_daemon { file("/var/log/daemon.log"); };
 155 destination df_kern { file("/var/log/kern.log"); };
 156 destination df_lpr { file("/var/log/lpr.log"); };
 157 destination df_mail { file("/var/log/mail.log" group(maillog)); };
 158 # destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
 159 destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
 160 destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
 161 destination df_user { file("/var/log/user.log" perm(0644)); };
 162 destination df_uucp { file("/var/log/uucp.log"); };
 163
 164 # these files are meant for the mail system log files
 165 # and provide re-usable destinations for {mail,cron,...}.info,
 166 # {mail,cron,...}.notice, etc.
 167 destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
 168 destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
 169 destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
 170 destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
 171 destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
 172
 173 # these files are meant for the news system, and are kept separated
 174 # because they should be owned by "news" instead of "root"
 175 destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
 176 destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
 177 destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
 178
 179 # some more classical and useful files found in standard syslog configurations
 180 destination df_debug { file("/var/log/debug"); };
 181 destination df_messages { file("/var/log/messages"); };
 182
 183 <%- if @kernel == 'Linux' -%>
 184 # pipes
 185 # a console to view log messages under X
 186 destination dp_xconsole { pipe("/dev/xconsole"); };
 187
 188 <%- end -%>
 189 # consoles
 190 # this will send messages to everyone logged in
 191 destination du_all { usertty("*"); };
 192
 193
 194 ######
 195 # filters
 196
 197 # all messages from the auth and authpriv facilities
 198 filter f_auth { facility(auth, authpriv); };
 199
 200 # all messages except from the auth and authpriv facilities
 201 filter f_syslog { not facility(auth, authpriv, mail); };
 202
 203 # respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
 204 # and uucp facilities
 205 filter f_cron { facility(cron); };
 206 filter f_daemon { facility(daemon); };
 207 filter f_kern { facility(kern); };
 208 filter f_lpr { facility(lpr); };
 209 filter f_mail { facility(mail); };
 210 filter f_news { facility(news); };
 211 filter f_user { facility(user); };
 212 filter f_uucp { facility(uucp); };
 213
 214 # some filters to select messages of priority greater or equal to info, warn,
 215 # and err
 216 # (equivalents of syslogd's *.info, *.warn, and *.err)
 217 filter f_at_least_info { level(info..emerg); };
 218 filter f_at_least_notice { level(notice..emerg); };
 219 filter f_at_least_warn { level(warn..emerg); };
 220 filter f_at_least_err { level(err..emerg); };
 221 filter f_at_least_crit { level(crit..emerg); };
 222
 223 # all messages of priority debug not coming from the auth, authpriv, news, and
 224 # mail facilities
 225 filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
 226
 227 # all messages of info, notice, or warn priority not coming form the auth,
 228 # authpriv, cron, daemon, mail, and news facilities
 229 filter f_messages {
 230         level(info,notice,warn)
 231             and not facility(auth,authpriv,cron,daemon,mail,news);
 232 };
 233
 234 # messages with priority emerg
 235 filter f_emerg { level(emerg); };
 236
 237 <%- if @kernel == 'Linux' -%>
 238 # complex filter for messages usually sent to the xconsole
 239 filter f_xconsole {
 240     facility(daemon,mail)
 241         or level(debug,info,notice,warn)
 242         or (facility(news)
 243                 and level(crit,err,notice));
 244 };
 245
 246 <%- end -%>
 247
 248 # order matters if you use "flags(final);" to mark the end of processing in a
 249 # "log" statement
 250
 251 ###############################################################################
 252 ########## ON LOG CLIENTS #####################################################
 253 ###############################################################################
 254 ###############################################################################
 255 ###############################################################################
 256 # all log clients, including the log server, log their locally created
 257 # messages to the standard places.
 258
 259 # auth,authpriv.*                 /var/log/auth.log
 260 log {
 261         source(s_local);
 262         filter(f_auth);
 263         destination(df_auth);
 264 };
 265
 266 # *.*;auth,authpriv.none          -/var/log/syslog
 267 log {
 268         source(s_local);
 269         filter(f_syslog);
 270         destination(df_syslog);
 271 };
 272
 273 # this is commented out in the default syslog.conf
 274 # cron.*                         /var/log/cron.log
 275 #log {
 276 #        source(s_local);
 277 #        filter(f_cron);
 278 #        destination(df_cron);
 279 #};
 280
 281 # daemon.*                        -/var/log/daemon.log
 282 log {
 283         source(s_local);
 284         filter(f_daemon);
 285         destination(df_daemon);
 286 };
 287
 288 # kern.*                          -/var/log/kern.log
 289 log {
 290         source(s_local);
 291         filter(f_kern);
 292         destination(df_kern);
 293 };
 294
 295 # lpr.*                           -/var/log/lpr.log
 296 log {
 297         source(s_local);
 298         filter(f_lpr);
 299         destination(df_lpr);
 300 };
 301
 302 # mail.*                          -/var/log/mail.log
 303 log {
 304         source(s_local);
 305         filter(f_mail);
 306         destination(df_mail);
 307 };
 308
 309 # user.*                          -/var/log/user.log
 310 log {
 311         source(s_local);
 312         filter(f_user);
 313         destination(df_user);
 314 };
 315
 316 # uucp.*                          /var/log/uucp.log
 317 log {
 318         source(s_local);
 319         filter(f_uucp);
 320         destination(df_uucp);
 321 };
 322
 323 # mail.info                       -/var/log/mail.info
 324 #log {
 325 #        source(s_local);
 326 #        filter(f_mail);
 327 #        filter(f_at_least_info);
 328 #        destination(df_mail_info);
 329 #};
 330
 331 # mail.warn                       -/var/log/mail.warn
 332 log {
 333         source(s_local);
 334         filter(f_mail);
 335         filter(f_at_least_warn);
 336         destination(df_mail_warn);
 337 };
 338
 339 # mail.err                        /var/log/mail.err
 340 log {
 341         source(s_local);
 342         filter(f_mail);
 343         filter(f_at_least_err);
 344         destination(df_mail_err);
 345 };
 346
 347 # news.crit                       /var/log/news/news.crit
 348 log {
 349         source(s_local);
 350         filter(f_news);
 351         filter(f_at_least_crit);
 352         destination(df_news_dot_crit);
 353 };
 354
 355 # news.err                        /var/log/news/news.err
 356 log {
 357         source(s_local);
 358         filter(f_news);
 359         filter(f_at_least_err);
 360         destination(df_news_dot_err);
 361 };
 362
 363 # news.notice                     /var/log/news/news.notice
 364 log {
 365         source(s_local);
 366         filter(f_news);
 367         filter(f_at_least_notice);
 368         destination(df_news_dot_notice);
 369 };
 370
 371
 372 # *.=debug;\
 373 #         auth,authpriv.none;\
 374 #         news.none;mail.none     -/var/log/debug
 375 log {
 376         source(s_local);
 377         filter(f_debug);
 378         destination(df_debug);
 379 };
 380
 381
 382 # *.=info;*.=notice;*.=warn;\
 383 #         auth,authpriv.none;\
 384 #         cron,daemon.none;\
 385 #         mail,news.none          -/var/log/messages
 386 log {
 387         source(s_local);
 388         filter(f_messages);
 389         destination(df_messages);
 390 };
 391
 392 # *.emerg                         *
 393 log {
 394         source(s_local);
 395         filter(f_emerg);
 396         destination(du_all);
 397 };
 398
 399
 400 <%- if @kernel == 'Linux' -%>
 401 # daemon.*;mail.*;\
 402 #         news.crit;news.err;news.notice;\
 403 #         *.=debug;*.=info;\
 404 #         *.=notice;*.=warn       |/dev/xconsole
 405 log {
 406         source(s_local);
 407         filter(f_xconsole);
 408         destination(dp_xconsole);
 409 };
 410 <%- end -%>
 411
 412
 413  <%- if @hostname != "lotti" -%>
 414 destination loghost-lotti {
 415         tcp("lotti.debian.org" port (5140)
 416                 tls( key_file("/etc/ssl/private/thishost.key")
 417                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 418                      ca_dir("/etc/ssl/debian/certs/")
 419                 )
 420         );
 421 };
 422  <%- end -%>
 423   <%- if @hostname != "lully" -%>
 424 destination loghost-lully {
 425         tcp("lully.debian.org" port (5140)
 426                 tls( key_file("/etc/ssl/private/thishost.key")
 427                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 428                      ca_dir("/etc/ssl/debian/certs/")
 429                 )
 430         );
 431 };
 432  <%- end -%>
 433   <%- if @hostname != "loghost-grnet-01" -%>
 434 destination loghost-loghost-grnet-01 {
 435         tcp("loghost-grnet-01.debian.org" port (5140)
 436                 tls( key_file("/etc/ssl/private/thishost.key")
 437                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 438                      ca_dir("/etc/ssl/debian/certs/")
 439                 )
 440         );
 441 };
 442  <%- end -%>
 443   <%- if @hostname != "loghost-osuosl-01" -%>
 444 destination loghost-loghost-osuosl-01 {
 445         tcp("loghost-osuosl-01.debian.org" port (5140)
 446                 tls( key_file("/etc/ssl/private/thishost.key")
 447                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 448                      ca_dir("/etc/ssl/debian/certs/")
 449                 )
 450         );
 451 };
 452  <%- end -%>
 453
 454 log {
 455         source(s_local);
 456  <%- if @hostname != "lotti" -%>
 457         destination(loghost-lotti);
 458  <%- end -%>
 459  <%- if @hostname != "lully" -%>
 460         destination(loghost-lully);
 461  <%- end -%>
 462  <%- if @hostname != "loghost-grnet-01" -%>
 463         destination(loghost-loghost-grnet-01);
 464  <%- end -%>
 465  <%- if @hostname != "loghost-osuosl-01" -%>
 466         destination(loghost-loghost-osuosl-01);
 467  <%- end -%>
 468 };
 469
 470
 471
 472 <%- if (@hostname == "lotti") || (@hostname == "lully") || (@hostname == "loghost-grnet-01") || (@hostname == "loghost-osuosl-01") -%>
 473 ###############################################################################
 474 ########## ON LOG HOST ########################################################
 475 ###############################################################################
 476 ###############################################################################
 477 #
 478 # The log server, additionally, also logs all local and remote messages to
 479 # a few special places.
 480 destination hostdest_auth           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
 481                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 482 destination hostdest_syslog         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
 483                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 484 destination hostdest_cron           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
 485                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 486 destination hostdest_daemon         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
 487                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 488 destination hostdest_kern           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
 489                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 490 destination hostdest_lpr            { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
 491                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 492 destination hostdest_mail           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
 493                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 494 destination hostdest_news           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
 495                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 496 destination hostdest_user           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
 497                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 498 destination hostdest_uucp           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
 499                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 500 destination hostdest_debug          { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
 501                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 502 destination hostdest_messages       { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
 503                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 504
 505
 506 #----------------------------------------------------------------------
 507 #  Special catch all destination hostdest_sorting by host
 508 #----------------------------------------------------------------------
 509 destination hostdest_facility_dot_info   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
 510                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 511 destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
 512                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 513 destination hostdest_facility_dot_warn   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
 514                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 515 destination hostdest_facility_dot_err    { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
 516                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 517 destination hostdest_facility_dot_crit   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
 518                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 519
 520
 521 #----------------------------------------------------------------------
 522 #  Catch all log files
 523 #----------------------------------------------------------------------
 524 destination df_ALL_auth { file("/var/log/auth-all.log"); };
 525 destination df_ALL_mail { file("/var/log/mail-all.log"); };
 526 destination df_ALL_syslog { file("/var/log/syslog-all"); };
 527
 528 log { source(s_local);
 529       source(s_network);
 530       filter(f_auth); destination(hostdest_auth); };
 531 log { source(s_local);
 532       source(s_network);
 533       filter(f_syslog); destination(hostdest_syslog); };
 534 log { source(s_local);
 535       source(s_network);
 536       filter(f_daemon); destination(hostdest_daemon); };
 537 log { source(s_local);
 538       source(s_network);
 539       filter(f_kern); destination(hostdest_kern); };
 540 log { source(s_local);
 541       source(s_network);
 542       filter(f_lpr); destination(hostdest_lpr); };
 543 log { source(s_local);
 544       source(s_network);
 545       filter(f_mail); destination(hostdest_mail); };
 546 log { source(s_local);
 547       source(s_network);
 548       filter(f_news); destination(hostdest_mail); };
 549 log { source(s_local);
 550       source(s_network);
 551       filter(f_user); destination(hostdest_user); };
 552 log { source(s_local);
 553       source(s_network);
 554       filter(f_uucp); destination(hostdest_uucp); };
 555 log { source(s_local);
 556       source(s_network);
 557       filter(f_debug); destination(hostdest_debug); };
 558 log { source(s_local);
 559       source(s_network);
 560       filter(f_messages); destination(hostdest_messages); };
 561
 562 log { source(s_local);
 563       source(s_network);
 564       filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
 565 log { source(s_local);
 566       source(s_network);
 567       filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
 568 log { source(s_local);
 569       source(s_network);
 570       filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
 571
 572
 573 ## catch all:
 574 log { source(s_local);
 575       source(s_network);
 576       filter(f_auth); destination(df_ALL_auth); };
 577 log { source(s_local);
 578       source(s_network);
 579       filter(f_mail); destination(df_ALL_mail); };
 580 log { source(s_local);
 581       source(s_network);
 582       filter(f_syslog); destination(df_ALL_syslog); };
 583
 584 ## syslog endpoint for fastly services:
 585 destination fastly { file("/var/log/fastly.log"); };
 586
 587 log { source(s_network_fastly);
 588       destination(fastly); };
 589
 590 <%- end -%>