X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=templates%2Fsyslog-ng.conf.erb;h=c5a881e6f615c6689e136f81cfc3ffffa5e31d9a;hb=HEAD;hp=6231a763c3789c6490ff91b803a9fc7c67b93ae7;hpb=f6905ea2b3d60ce0d6ad0c72a6a41268ed025fd5;p=mirror%2Fdsa-puppet.git diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb deleted file mode 100644 index 6231a763c..000000000 --- a/templates/syslog-ng.conf.erb +++ /dev/null @@ -1,538 +0,0 @@ -<%- if defined? syslogversion && syslogversion.to_s == "3" -%> -@version: 3.0 -<%- end -%> -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# -# Configuration file for syslog-ng under Debian -# -# attempts at reproducing default syslog behavior - -# the standard syslog levels are (in descending order of priority): -# emerg alert crit err warning notice info debug -# the aliases "error", "panic", and "warn" are deprecated -# the "none" priority found in the original syslogd configuration is -# only used in internal messages created by syslogd - - -###### -# options - -options { - # disable the chained hostname format in logs - # (default is enabled) - chain_hostnames(0); - - # the time to wait before a died connection is re-established - # (default is 60) - time_reopen(10); - - # the time to wait before an idle destination file is closed - # (default is 60) - time_reap(360); - - # the number of lines buffered before written to file - # you might want to increase this if your disk isn't catching with - # all the log messages you get or if you want less disk activity - # (say on a laptop) - # (default is 0) - #sync(0); - - # the number of lines fitting in the output queue - log_fifo_size(2048); - - # enable or disable directory creation for destination files - create_dirs(yes); - - # default owner, group, and permissions for log files - # (defaults are 0, 0, 0600) - #owner(root); - group(adm); - perm(0640); - - # default owner, group, and permissions for created directories - # (defaults are 0, 0, 0700) - #dir_owner(root); - #dir_group(root); - dir_perm(0755); - - # enable or disable DNS usage - # syslog-ng blocks on DNS queries, so enabling DNS may lead to - # a Denial of Service attack - # (default is yes) - use_dns(no); - - # maximum length of message in bytes - # this is only limited by the program listening on the /dev/log Unix - # socket, glibc can handle arbitrary length log messages, but -- for - # example -- syslogd accepts only 1024 bytes - # (default is 2048) - #log_msg_size(2048); - - #Disable statistic log messages. - stats_freq(0); - - # Some program send log messages through a private implementation. - # and sometimes that implementation is bad. If this happen syslog-ng - # may recognise the program name as hostname. Whit this option - # we tell the syslog-ng that if a hostname match this regexp than that - # is not a real hostname. - bad_hostname("^gconfd$"); - -<%- if hostname == "heininen" -%> - # we trust our mutual authenticated syslog clients - keep_hostname(yes); -<%- end -%> - -}; - - -###### -# sources - -# all known message sources -source s_local { - # message generated by Syslog-NG - internal(); -<%- if kernel == 'Linux' -%> - # standard Linux log source (this is the default place for the syslog() - # function to send logs to) - unix-stream("/dev/log"); - # messages from the kernel -<%- if defined? syslogversion && syslogversion.to_s == "2" -%> - file("/proc/kmsg" log_prefix("kernel: ")); -<%- else -%> - file("/proc/kmsg" program_override("kernel: ")); -<%- end -%> -<%- else -%> - # standard Linux log source (this is the default place for the syslog() - # function to send logs to) - unix-dgram("/var/run/log"); - # messages from the kernel -<%- if defined? syslogversion && syslogversion.to_s == "2" -%> - file("/dev/klog" log_prefix("kernel: ")); -<%- else -%> - file("/dev/klog" program_override("kernel: ")); -<%- end -%> -<%- end -%> -<%- if hostname == "paganini" -%> - # use the following line if you want to receive remote UDP logging messages - # (this is equivalent to the "-r" syslogd flag) - udp(); -<%- end -%> -}; - -<%- if hostname == "heininen" -%> -source s_network { - tcp6(port(5140) max-connections(200) - tls( key_file("/etc/exim4/ssl/thishost.key") - cert_file("/etc/exim4/ssl/thishost.crt") - ca_dir("/etc/exim4/ssl/") - ) - ); -}; -<%- end -%> - - -###### -# destinations - -# some standard log files -destination df_auth { file("/var/log/auth.log"); }; -destination df_syslog { file("/var/log/syslog"); }; -destination df_cron { file("/var/log/cron.log"); }; -destination df_daemon { file("/var/log/daemon.log"); }; -destination df_kern { file("/var/log/kern.log"); }; -destination df_lpr { file("/var/log/lpr.log"); }; -destination df_mail { file("/var/log/mail.log" group(maillog)); }; -destination df_mail_info { file("/var/log/mail.info" group(maillog)); }; -destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); }; -destination df_mail_err { file("/var/log/mail.err" group(maillog)); }; -destination df_user { file("/var/log/user.log" perm(0644)); }; -destination df_uucp { file("/var/log/uucp.log"); }; - -# these files are meant for the mail system log files -# and provide re-usable destinations for {mail,cron,...}.info, -# {mail,cron,...}.notice, etc. -destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; -destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; -destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; -destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; -destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; - -# these files are meant for the news system, and are kept separated -# because they should be owned by "news" instead of "root" -destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; -destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; -destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; - -# some more classical and useful files found in standard syslog configurations -destination df_debug { file("/var/log/debug"); }; -destination df_messages { file("/var/log/messages"); }; - -<%- if kernel == 'Linux' -%> -# pipes -# a console to view log messages under X -destination dp_xconsole { pipe("/dev/xconsole"); }; - -<%- end -%> -# consoles -# this will send messages to everyone logged in -destination du_all { usertty("*"); }; - - -###### -# filters - -# all messages from the auth and authpriv facilities -filter f_auth { facility(auth, authpriv); }; - -# all messages except from the auth and authpriv facilities -filter f_syslog { not facility(auth, authpriv, mail); }; - -# respectively: messages from the cron, daemon, kern, lpr, mail, news, user, -# and uucp facilities -filter f_cron { facility(cron); }; -filter f_daemon { facility(daemon); }; -filter f_kern { facility(kern); }; -filter f_lpr { facility(lpr); }; -filter f_mail { facility(mail); }; -filter f_news { facility(news); }; -filter f_user { facility(user); }; -filter f_uucp { facility(uucp); }; - -# some filters to select messages of priority greater or equal to info, warn, -# and err -# (equivalents of syslogd's *.info, *.warn, and *.err) -filter f_at_least_info { level(info..emerg); }; -filter f_at_least_notice { level(notice..emerg); }; -filter f_at_least_warn { level(warn..emerg); }; -filter f_at_least_err { level(err..emerg); }; -filter f_at_least_crit { level(crit..emerg); }; - -# all messages of priority debug not coming from the auth, authpriv, news, and -# mail facilities -filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; - -# all messages of info, notice, or warn priority not coming form the auth, -# authpriv, cron, daemon, mail, and news facilities -filter f_messages { - level(info,notice,warn) - and not facility(auth,authpriv,cron,daemon,mail,news); -}; - -# messages with priority emerg -filter f_emerg { level(emerg); }; - -<%- if kernel == 'Linux' -%> -# complex filter for messages usually sent to the xconsole -filter f_xconsole { - facility(daemon,mail) - or level(debug,info,notice,warn) - or (facility(news) - and level(crit,err,notice)); -}; - -<%- end -%> - -# order matters if you use "flags(final);" to mark the end of processing in a -# "log" statement - -############################################################################### -########## ON LOG CLIENTS ##################################################### -############################################################################### -############################################################################### -############################################################################### -# all log clients, including the log server, log their locally created -# messages to the standard places. - -# auth,authpriv.* /var/log/auth.log -log { - source(s_local); - filter(f_auth); - destination(df_auth); -}; - -# *.*;auth,authpriv.none -/var/log/syslog -log { - source(s_local); - filter(f_syslog); - destination(df_syslog); -}; - -# this is commented out in the default syslog.conf -# cron.* /var/log/cron.log -#log { -# source(s_local); -# filter(f_cron); -# destination(df_cron); -#}; - -# daemon.* -/var/log/daemon.log -log { - source(s_local); - filter(f_daemon); - destination(df_daemon); -}; - -# kern.* -/var/log/kern.log -log { - source(s_local); - filter(f_kern); - destination(df_kern); -}; - -# lpr.* -/var/log/lpr.log -log { - source(s_local); - filter(f_lpr); - destination(df_lpr); -}; - -# mail.* -/var/log/mail.log -log { - source(s_local); - filter(f_mail); - destination(df_mail); -}; - -# user.* -/var/log/user.log -log { - source(s_local); - filter(f_user); - destination(df_user); -}; - -# uucp.* /var/log/uucp.log -log { - source(s_local); - filter(f_uucp); - destination(df_uucp); -}; - -# mail.info -/var/log/mail.info -log { - source(s_local); - filter(f_mail); - filter(f_at_least_info); - destination(df_mail_info); -}; - -# mail.warn -/var/log/mail.warn -log { - source(s_local); - filter(f_mail); - filter(f_at_least_warn); - destination(df_mail_warn); -}; - -# mail.err /var/log/mail.err -log { - source(s_local); - filter(f_mail); - filter(f_at_least_err); - destination(df_mail_err); -}; - -# news.crit /var/log/news/news.crit -log { - source(s_local); - filter(f_news); - filter(f_at_least_crit); - destination(df_news_dot_crit); -}; - -# news.err /var/log/news/news.err -log { - source(s_local); - filter(f_news); - filter(f_at_least_err); - destination(df_news_dot_err); -}; - -# news.notice /var/log/news/news.notice -log { - source(s_local); - filter(f_news); - filter(f_at_least_notice); - destination(df_news_dot_notice); -}; - - -# *.=debug;\ -# auth,authpriv.none;\ -# news.none;mail.none -/var/log/debug -log { - source(s_local); - filter(f_debug); - destination(df_debug); -}; - - -# *.=info;*.=notice;*.=warn;\ -# auth,authpriv.none;\ -# cron,daemon.none;\ -# mail,news.none -/var/log/messages -log { - source(s_local); - filter(f_messages); - destination(df_messages); -}; - -# *.emerg * -log { - source(s_local); - filter(f_emerg); - destination(du_all); -}; - - -<%- if kernel == 'Linux' -%> -# daemon.*;mail.*;\ -# news.crit;news.err;news.notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn |/dev/xconsole -log { - source(s_local); - filter(f_xconsole); - destination(dp_xconsole); -}; -<%- end -%> - - -<%- if hostname != "heininen" -%> - <%- if defined? syslogversion && syslogversion.to_s == "3" -%> -destination loghost-heininen { - tcp("heininen.debian.org" port (5140) - tls( key_file("/etc/ssl/debian/keys/thishost.key") - cert_file("/etc/ssl/debian/certs/thishost.crt") - ca_dir("/etc/ssl/debian/certs/") - ) - ); -}; - - -log { - source(s_local); - destination(loghost-heininen); -}; - <%- end -%> -<%- end -%> - - - -<%- if hostname == "heininen" -%> -############################################################################### -########## ON LOG HOST ######################################################## -############################################################################### -############################################################################### -# -# The log server, additionally, also logs all local and remote messages to -# a few special places. -destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; - - -#---------------------------------------------------------------------- -# Special catch all destination hostdest_sorting by host -#---------------------------------------------------------------------- -destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; - - -#---------------------------------------------------------------------- -# Catch all log files -#---------------------------------------------------------------------- -destination df_ALL_auth { file("/var/log/auth-all.log"); }; -destination df_ALL_mail { file("/var/log/mail-all.log"); }; -destination df_ALL_syslog { file("/var/log/syslog-all"); }; - -log { source(s_local); - source(s_network); - filter(f_auth); destination(hostdest_auth); }; -log { source(s_local); - source(s_network); - filter(f_syslog); destination(hostdest_syslog); }; -log { source(s_local); - source(s_network); - filter(f_daemon); destination(hostdest_daemon); }; -log { source(s_local); - source(s_network); - filter(f_kern); destination(hostdest_kern); }; -log { source(s_local); - source(s_network); - filter(f_lpr); destination(hostdest_lpr); }; -log { source(s_local); - source(s_network); - filter(f_mail); destination(hostdest_mail); }; -log { source(s_local); - source(s_network); - filter(f_news); destination(hostdest_mail); }; -log { source(s_local); - source(s_network); - filter(f_user); destination(hostdest_user); }; -log { source(s_local); - source(s_network); - filter(f_uucp); destination(hostdest_uucp); }; -log { source(s_local); - source(s_network); - filter(f_debug); destination(hostdest_debug); }; -log { source(s_local); - source(s_network); - filter(f_messages); destination(hostdest_messages); }; - -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); }; -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); }; -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); }; - - -## catch all: -log { source(s_local); - source(s_network); - filter(f_auth); destination(df_ALL_auth); }; -log { source(s_local); - source(s_network); - filter(f_mail); destination(df_ALL_mail); }; -log { source(s_local); - source(s_network); - filter(f_syslog); destination(df_ALL_syslog); }; -<%- end -%>