modules/syslog_ng/templates/syslog-ng.conf.erb

   1 <%- if has_variable?("syslogversion") and @syslogversion.to_s == "3.5" -%>
   2 @version: 3.5
   3 @include "scl.conf"
   4 <%- elsif has_variable?("syslogversion") and @syslogversion.to_s == "3.8" -%>
   5 @version: 3.8
   6 @include "scl.conf"
   7 <%- elsif has_variable?("syslogversion") and @syslogversion.to_s == "3.19" -%>
   8 @version: 3.19
   9 @include "scl.conf"
  10 <%- else -%>
  11 @version: 3.3
  12 @include "scl.conf"
  13 <%- end -%>
  14
  15 ##
  16 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
  17 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
  18 ##
  19
  20 #
  21 # Configuration file for syslog-ng under Debian
  22 #
  23 # attempts at reproducing default syslog behavior
  24
  25 # the standard syslog levels are (in descending order of priority):
  26 # emerg alert crit err warning notice info debug
  27 # the aliases "error", "panic", and "warn" are deprecated
  28 # the "none" priority found in the original syslogd configuration is
  29 # only used in internal messages created by syslogd
  30
  31
  32 ######
  33 # options
  34
  35 options {
  36         # disable the chained hostname format in logs
  37         # (default is enabled)
  38         chain_hostnames(1);
  39
  40         # the time to wait before a died connection is re-established
  41         # (default is 60)
  42         time_reopen(10);
  43
  44         # the time to wait before an idle destination file is closed
  45         # (default is 60)
  46         time_reap(360);
  47
  48         # the number of lines buffered before written to file
  49         # you might want to increase this if your disk isn't catching with
  50         # all the log messages you get or if you want less disk activity
  51         # (say on a laptop)
  52         # (default is 0)
  53         #sync(0);
  54
  55         # the number of lines fitting in the output queue
  56         log_fifo_size(10000);
  57
  58         # enable or disable directory creation for destination files
  59         create_dirs(yes);
  60
  61         # default owner, group, and permissions for log files
  62         # (defaults are 0, 0, 0600)
  63         #owner(root);
  64         group(adm);
  65         perm(0640);
  66
  67         # default owner, group, and permissions for created directories
  68         # (defaults are 0, 0, 0700)
  69         #dir_owner(root);
  70         #dir_group(root);
  71         dir_perm(0755);
  72
  73         # enable or disable DNS usage
  74         # syslog-ng blocks on DNS queries, so enabling DNS may lead to
  75         # a Denial of Service attack
  76         # (default is yes)
  77         use_dns(no);
  78
  79         # maximum length of message in bytes
  80         # this is only limited by the program listening on the /dev/log Unix
  81         # socket, glibc can handle arbitrary length log messages, but -- for
  82         # example -- syslogd accepts only 1024 bytes
  83         # (default is 2048)
  84         #log_msg_size(2048);
  85
  86         #Disable statistic log messages.
  87         stats_freq(0);
  88
  89         # Some program send log messages through a private implementation.
  90         # and sometimes that implementation is bad. If this happen syslog-ng
  91         # may recognise the program name as hostname. Whit this option
  92         # we tell the syslog-ng that if a hostname match this regexp than that
  93         # is not a real hostname.
  94         bad_hostname("^gconfd$");
  95
  96         keep_hostname(no);
  97
  98         # We believe our own clock more than we believe the client clock.
  99         keep_timestamp(no);
 100 };
 101
 102
 103 ######
 104 # sources
 105
 106 # all known message sources
 107 source s_local {
 108         # message generated by Syslog-NG
 109         internal();
 110         system();
 111 <%- if has_variable?("haproxy") && @haproxy -%>
 112         unix-stream("/var/lib/haproxy/dev/log");
 113 <%- end -%>
 114 };
 115
 116 <% if @loghosts and @loghosts.include?(@fqdn)-%>
 117 source s_network {
 118         tcp6(port(5140) max-connections(400)
 119                 tls( key_file("/etc/exim4/ssl/thishost.key")
 120                      cert_file("/etc/exim4/ssl/thishost.crt")
 121                      ca_dir("/etc/exim4/ssl/")
 122                 )
 123         );
 124 };
 125
 126 source s_network_fastly {
 127         tcp6(port(5141) max-connections(100)
 128                 tls( key_file("/etc/exim4/ssl/thishost.key")
 129                      cert_file("/etc/exim4/ssl/thishost.crt")
 130                      peer-verify(optional-untrusted))
 131         );
 132 };
 133 <%- end -%>
 134
 135
 136 ######
 137 # destinations
 138
 139 # some standard log files
 140 destination df_auth { file("/var/log/auth.log"); };
 141 destination df_syslog { file("/var/log/syslog"); };
 142 destination df_cron { file("/var/log/cron.log"); };
 143 destination df_daemon { file("/var/log/daemon.log"); };
 144 destination df_kern { file("/var/log/kern.log"); };
 145 destination df_lpr { file("/var/log/lpr.log"); };
 146 destination df_mail { file("/var/log/mail.log" group(maillog)); };
 147 # destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
 148 destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
 149 destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
 150 destination df_user { file("/var/log/user.log" perm(0644)); };
 151 destination df_uucp { file("/var/log/uucp.log"); };
 152
 153 # these files are meant for the mail system log files
 154 # and provide re-usable destinations for {mail,cron,...}.info,
 155 # {mail,cron,...}.notice, etc.
 156 destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
 157 destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
 158 destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
 159 destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
 160 destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
 161
 162 # these files are meant for the news system, and are kept separated
 163 # because they should be owned by "news" instead of "root"
 164 destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
 165 destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
 166 destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
 167
 168 # some more classical and useful files found in standard syslog configurations
 169 destination df_debug { file("/var/log/debug"); };
 170 destination df_messages { file("/var/log/messages"); };
 171
 172 <%- if @kernel == 'Linux' -%>
 173 # pipes
 174 # a console to view log messages under X
 175 destination dp_xconsole { pipe("/dev/xconsole"); };
 176
 177 <%- end -%>
 178 # consoles
 179 # this will send messages to everyone logged in
 180 destination du_all { usertty("*"); };
 181
 182
 183 ######
 184 # filters
 185
 186 # all messages from the auth and authpriv facilities
 187 filter f_auth { facility(auth, authpriv); };
 188
 189 # all messages except from the auth and authpriv facilities
 190 filter f_syslog { not facility(auth, authpriv, mail); };
 191
 192 # respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
 193 # and uucp facilities
 194 filter f_cron { facility(cron); };
 195 filter f_daemon { facility(daemon); };
 196 filter f_kern { facility(kern); };
 197 filter f_lpr { facility(lpr); };
 198 filter f_mail { facility(mail); };
 199 filter f_news { facility(news); };
 200 filter f_user { facility(user); };
 201 filter f_uucp { facility(uucp); };
 202
 203 # some filters to select messages of priority greater or equal to info, warn,
 204 # and err
 205 # (equivalents of syslogd's *.info, *.warn, and *.err)
 206 filter f_at_least_info { level(info..emerg); };
 207 filter f_at_least_notice { level(notice..emerg); };
 208 filter f_at_least_warn { level(warn..emerg); };
 209 filter f_at_least_err { level(err..emerg); };
 210 filter f_at_least_crit { level(crit..emerg); };
 211
 212 # all messages of priority debug not coming from the auth, authpriv, news, and
 213 # mail facilities
 214 filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
 215
 216 # all messages of info, notice, or warn priority not coming form the auth,
 217 # authpriv, cron, daemon, mail, and news facilities
 218 filter f_messages {
 219         level(info,notice,warn)
 220             and not facility(auth,authpriv,cron,daemon,mail,news);
 221 };
 222
 223 # messages with priority emerg
 224 filter f_emerg { level(emerg); };
 225
 226 <%- if @kernel == 'Linux' -%>
 227 # complex filter for messages usually sent to the xconsole
 228 filter f_xconsole {
 229     facility(daemon,mail)
 230         or level(debug,info,notice,warn)
 231         or (facility(news)
 232                 and level(crit,err,notice));
 233 };
 234
 235 <%- end -%>
 236
 237 # order matters if you use "flags(final);" to mark the end of processing in a
 238 # "log" statement
 239
 240 ###############################################################################
 241 ########## ON LOG CLIENTS #####################################################
 242 ###############################################################################
 243 ###############################################################################
 244 ###############################################################################
 245 # all log clients, including the log server, log their locally created
 246 # messages to the standard places.
 247
 248 # auth,authpriv.*                 /var/log/auth.log
 249 log {
 250         source(s_local);
 251         filter(f_auth);
 252         destination(df_auth);
 253 };
 254
 255 # *.*;auth,authpriv.none          -/var/log/syslog
 256 log {
 257         source(s_local);
 258         filter(f_syslog);
 259         destination(df_syslog);
 260 };
 261
 262 # this is commented out in the default syslog.conf
 263 # cron.*                         /var/log/cron.log
 264 #log {
 265 #        source(s_local);
 266 #        filter(f_cron);
 267 #        destination(df_cron);
 268 #};
 269
 270 # daemon.*                        -/var/log/daemon.log
 271 log {
 272         source(s_local);
 273         filter(f_daemon);
 274         destination(df_daemon);
 275 };
 276
 277 # kern.*                          -/var/log/kern.log
 278 log {
 279         source(s_local);
 280         filter(f_kern);
 281         destination(df_kern);
 282 };
 283
 284 # lpr.*                           -/var/log/lpr.log
 285 log {
 286         source(s_local);
 287         filter(f_lpr);
 288         destination(df_lpr);
 289 };
 290
 291 # mail.*                          -/var/log/mail.log
 292 log {
 293         source(s_local);
 294         filter(f_mail);
 295         destination(df_mail);
 296 };
 297
 298 # user.*                          -/var/log/user.log
 299 log {
 300         source(s_local);
 301         filter(f_user);
 302         destination(df_user);
 303 };
 304
 305 # uucp.*                          /var/log/uucp.log
 306 log {
 307         source(s_local);
 308         filter(f_uucp);
 309         destination(df_uucp);
 310 };
 311
 312 # mail.info                       -/var/log/mail.info
 313 #log {
 314 #        source(s_local);
 315 #        filter(f_mail);
 316 #        filter(f_at_least_info);
 317 #        destination(df_mail_info);
 318 #};
 319
 320 # mail.warn                       -/var/log/mail.warn
 321 log {
 322         source(s_local);
 323         filter(f_mail);
 324         filter(f_at_least_warn);
 325         destination(df_mail_warn);
 326 };
 327
 328 # mail.err                        /var/log/mail.err
 329 log {
 330         source(s_local);
 331         filter(f_mail);
 332         filter(f_at_least_err);
 333         destination(df_mail_err);
 334 };
 335
 336 # news.crit                       /var/log/news/news.crit
 337 log {
 338         source(s_local);
 339         filter(f_news);
 340         filter(f_at_least_crit);
 341         destination(df_news_dot_crit);
 342 };
 343
 344 # news.err                        /var/log/news/news.err
 345 log {
 346         source(s_local);
 347         filter(f_news);
 348         filter(f_at_least_err);
 349         destination(df_news_dot_err);
 350 };
 351
 352 # news.notice                     /var/log/news/news.notice
 353 log {
 354         source(s_local);
 355         filter(f_news);
 356         filter(f_at_least_notice);
 357         destination(df_news_dot_notice);
 358 };
 359
 360
 361 # *.=debug;\
 362 #         auth,authpriv.none;\
 363 #         news.none;mail.none     -/var/log/debug
 364 log {
 365         source(s_local);
 366         filter(f_debug);
 367         destination(df_debug);
 368 };
 369
 370
 371 # *.=info;*.=notice;*.=warn;\
 372 #         auth,authpriv.none;\
 373 #         cron,daemon.none;\
 374 #         mail,news.none          -/var/log/messages
 375 log {
 376         source(s_local);
 377         filter(f_messages);
 378         destination(df_messages);
 379 };
 380
 381 # *.emerg                         *
 382 log {
 383         source(s_local);
 384         filter(f_emerg);
 385         destination(du_all);
 386 };
 387
 388
 389 <%- if @kernel == 'Linux' -%>
 390 # daemon.*;mail.*;\
 391 #         news.crit;news.err;news.notice;\
 392 #         *.=debug;*.=info;\
 393 #         *.=notice;*.=warn       |/dev/xconsole
 394 log {
 395         source(s_local);
 396         filter(f_xconsole);
 397         destination(dp_xconsole);
 398 };
 399 <%- end -%>
 400
 401 <% if @loghosts -%>
 402   <% @loghosts.each do |loghost| -%>
 403 destination loghost-<%= loghost %> {
 404         tcp("<%= loghost %>" port (5140)
 405                 tls( key_file("/etc/ssl/private/thishost.key")
 406                      cert_file("/etc/ssl/debian/certs/thishost.crt")
 407                      ca_dir("/etc/ssl/debian/certs/")
 408                 )
 409         );
 410 };
 411   <% end -%>
 412 <% end -%>
 413
 414 log {
 415         source(s_local);
 416 <% if @loghosts -%>
 417   <% @loghosts.each do |loghost| -%>
 418     <%- if loghost != @fqdn -%>
 419         destination(loghost-<%= loghost %>);
 420     <% end -%>
 421   <% end -%>
 422 <% end -%>
 423 };
 424
 425 <% if @loghosts and @loghosts.include?(@fqdn)-%>
 426 ###############################################################################
 427 ########## ON LOG HOST ########################################################
 428 ###############################################################################
 429 ###############################################################################
 430 #
 431 # The log server, additionally, also logs all local and remote messages to
 432 # a few special places.
 433 destination hostdest_auth           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
 434                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 435 destination hostdest_syslog         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
 436                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 437 destination hostdest_cron           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
 438                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 439 destination hostdest_daemon         { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
 440                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 441 destination hostdest_kern           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
 442                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 443 destination hostdest_lpr            { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
 444                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 445 destination hostdest_mail           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
 446                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 447 destination hostdest_news           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
 448                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 449 destination hostdest_user           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
 450                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 451 destination hostdest_uucp           { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
 452                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 453 destination hostdest_debug          { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
 454                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 455 destination hostdest_messages       { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
 456                                       owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 457
 458
 459 #----------------------------------------------------------------------
 460 #  Special catch all destination hostdest_sorting by host
 461 #----------------------------------------------------------------------
 462 destination hostdest_facility_dot_info   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
 463                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 464 destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
 465                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 466 destination hostdest_facility_dot_warn   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
 467                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 468 destination hostdest_facility_dot_err    { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
 469                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 470 destination hostdest_facility_dot_crit   { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
 471                                            owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
 472
 473
 474 #----------------------------------------------------------------------
 475 #  Catch all log files
 476 #----------------------------------------------------------------------
 477 destination df_ALL_auth { file("/var/log/auth-all.log"); };
 478 destination df_ALL_mail { file("/var/log/mail-all.log"); };
 479 destination df_ALL_syslog { file("/var/log/syslog-all"); };
 480
 481 log { source(s_local);
 482       source(s_network);
 483       filter(f_auth); destination(hostdest_auth); };
 484 log { source(s_local);
 485       source(s_network);
 486       filter(f_syslog); destination(hostdest_syslog); };
 487 log { source(s_local);
 488       source(s_network);
 489       filter(f_daemon); destination(hostdest_daemon); };
 490 log { source(s_local);
 491       source(s_network);
 492       filter(f_kern); destination(hostdest_kern); };
 493 log { source(s_local);
 494       source(s_network);
 495       filter(f_lpr); destination(hostdest_lpr); };
 496 log { source(s_local);
 497       source(s_network);
 498       filter(f_mail); destination(hostdest_mail); };
 499 log { source(s_local);
 500       source(s_network);
 501       filter(f_news); destination(hostdest_mail); };
 502 log { source(s_local);
 503       source(s_network);
 504       filter(f_user); destination(hostdest_user); };
 505 log { source(s_local);
 506       source(s_network);
 507       filter(f_uucp); destination(hostdest_uucp); };
 508 log { source(s_local);
 509       source(s_network);
 510       filter(f_debug); destination(hostdest_debug); };
 511 log { source(s_local);
 512       source(s_network);
 513       filter(f_messages); destination(hostdest_messages); };
 514
 515 log { source(s_local);
 516       source(s_network);
 517       filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
 518 log { source(s_local);
 519       source(s_network);
 520       filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
 521 log { source(s_local);
 522       source(s_network);
 523       filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
 524
 525
 526 ## catch all:
 527 log { source(s_local);
 528       source(s_network);
 529       filter(f_auth); destination(df_ALL_auth); };
 530 log { source(s_local);
 531       source(s_network);
 532       filter(f_mail); destination(df_ALL_mail); };
 533 log { source(s_local);
 534       source(s_network);
 535       filter(f_syslog); destination(df_ALL_syslog); };
 536
 537 ## syslog endpoint for fastly services:
 538 destination fastly { file("/var/log/fastly.log"); };
 539
 540 log { source(s_network_fastly);
 541       destination(fastly); };
 542
 543
 544 <% end -%>