+<% if syslogversion == "3" -%>
+@version: 3.0
+<%end%>
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
#
# Configuration file for syslog-ng under Debian
#
# we tell the syslog-ng that if a hostname match this regexp than that
# is not a real hostname.
bad_hostname("^gconfd$");
+
+<% if hostname == "heininen" -%>
+ # we trust our mutual authenticated syslog clients
+ keep_hostname(yes);
+<%end%>
+
};
source s_all {
# message generated by Syslog-NG
internal();
-<% if $kernel == 'Linux' %>
+<% if kernel == 'Linux' %>
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
+<% if syslogversion == "2" -%>
file("/proc/kmsg" log_prefix("kernel: "));
<% else %>
+ file("/proc/kmsg" program_override("kernel: "));
+<%end%>
+<%else%>
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-dgram("/var/run/log");
# messages from the kernel
+<% if syslogversion == "2" -%>
file("/dev/klog" log_prefix("kernel: "));
+<% else %>
+ file("/dev/klog" program_override("kernel: "));
<%end%>
+<%end%>
+<% if hostname == "paganini" -%>
# use the following line if you want to receive remote UDP logging messages
# (this is equivalent to the "-r" syslogd flag)
- # udp();
+ udp();
+<%end%>
};
+<% if hostname == "heininen" -%>
+source s_network {
+ tcp6(port(5140)
+ tls( key_file("/etc/exim4/ssl/thishost.key")
+ cert_file("/etc/exim4/ssl/thishost.crt")
+ ca_dir("/etc/exim4/ssl/")
+ )
+ );
+};
+<%end%>
+
######
# destinations
destination df_debug { file("/var/log/debug"); };
destination df_messages { file("/var/log/messages"); };
+<% if kernel == 'Linux' %>
# pipes
# a console to view log messages under X
destination dp_xconsole { pipe("/dev/xconsole"); };
+<% end %>
# consoles
# this will send messages to everyone logged in
destination du_all { usertty("*"); };
# messages with priority emerg
filter f_emerg { level(emerg); };
+<% if kernel == 'Linux' %>
# complex filter for messages usually sent to the xconsole
filter f_xconsole {
facility(daemon,mail)
and level(crit,err,notice));
};
-
+<% end %>
######
# logs
# order matters if you use "flags(final);" to mark the end of processing in a
# auth,authpriv.* /var/log/auth.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_auth);
destination(df_auth);
};
# *.*;auth,authpriv.none -/var/log/syslog
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_syslog);
destination(df_syslog);
};
# daemon.* -/var/log/daemon.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_daemon);
destination(df_daemon);
};
# kern.* -/var/log/kern.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_kern);
destination(df_kern);
};
# lpr.* -/var/log/lpr.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_lpr);
destination(df_lpr);
};
# mail.* -/var/log/mail.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_mail);
destination(df_mail);
};
# user.* -/var/log/user.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_user);
destination(df_user);
};
# uucp.* /var/log/uucp.log
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_uucp);
destination(df_uucp);
};
# mail.info -/var/log/mail.info
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_mail);
filter(f_at_least_info);
destination(df_mail_info);
# mail.warn -/var/log/mail.warn
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_mail);
filter(f_at_least_warn);
destination(df_mail_warn);
# mail.err /var/log/mail.err
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_mail);
filter(f_at_least_err);
destination(df_mail_err);
# news.crit /var/log/news/news.crit
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_news);
filter(f_at_least_crit);
destination(df_news_dot_crit);
# news.err /var/log/news/news.err
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_news);
filter(f_at_least_err);
destination(df_news_dot_err);
# news.notice /var/log/news/news.notice
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_news);
filter(f_at_least_notice);
destination(df_news_dot_notice);
# news.none;mail.none -/var/log/debug
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_debug);
destination(df_debug);
};
# mail,news.none -/var/log/messages
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_messages);
destination(df_messages);
};
# *.emerg *
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_emerg);
destination(du_all);
};
+<% if kernel == 'Linux' %>
# daemon.*;mail.*;\
# news.crit;news.err;news.notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole
log {
source(s_all);
+<% if hostname == "heininen" -%>
+ source(s_network);
+<% end %>
filter(f_xconsole);
destination(dp_xconsole);
};
+<%end%>
+<% if hostname != "heininen" -%>
+ <% if syslogversion == "3" %>
+destination loghost-heininen {
+ tcp6("heininen.debian.org" port (5140)
+ tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ cert_file("/etc/ssl/debian/certs/thishost.crt")
+ ca_dir("/etc/ssl/debian/certs/")
+ )
+ )
+};
+log {
+ source(s_all);
+ destination(loghost-heininen);
+};
+ <%end%>
+<%end%>