<%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%> @version: 3.0 <%- elsif has_variable?("syslogversion") and syslogversion.to_s == "3.5" -%> @version: 3.5 @include "scl.conf" <%- else -%> @version: 3.3 @include "scl.conf" <%- end -%> ## ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git ## # # Configuration file for syslog-ng under Debian # # attempts at reproducing default syslog behavior # the standard syslog levels are (in descending order of priority): # emerg alert crit err warning notice info debug # the aliases "error", "panic", and "warn" are deprecated # the "none" priority found in the original syslogd configuration is # only used in internal messages created by syslogd ###### # options options { # disable the chained hostname format in logs # (default is enabled) chain_hostnames(1); # the time to wait before a died connection is re-established # (default is 60) time_reopen(10); # the time to wait before an idle destination file is closed # (default is 60) time_reap(360); # the number of lines buffered before written to file # you might want to increase this if your disk isn't catching with # all the log messages you get or if you want less disk activity # (say on a laptop) # (default is 0) #sync(0); # the number of lines fitting in the output queue <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%> log_fifo_size(2048); <%- else -%> log_fifo_size(10000); <%- end -%> # enable or disable directory creation for destination files create_dirs(yes); # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) #owner(root); group(adm); perm(0640); # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) #dir_owner(root); #dir_group(root); dir_perm(0755); # enable or disable DNS usage # syslog-ng blocks on DNS queries, so enabling DNS may lead to # a Denial of Service attack # (default is yes) use_dns(no); # maximum length of message in bytes # this is only limited by the program listening on the /dev/log Unix # socket, glibc can handle arbitrary length log messages, but -- for # example -- syslogd accepts only 1024 bytes # (default is 2048) #log_msg_size(2048); #Disable statistic log messages. stats_freq(0); # Some program send log messages through a private implementation. # and sometimes that implementation is bad. If this happen syslog-ng # may recognise the program name as hostname. Whit this option # we tell the syslog-ng that if a hostname match this regexp than that # is not a real hostname. bad_hostname("^gconfd$"); keep_hostname(no); # We believe our own clock more than we believe the client clock. keep_timestamp(no); }; ###### # sources # all known message sources source s_local { # message generated by Syslog-NG internal(); <%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel file("/proc/kmsg" program_override("kernel: ")); <%- else -%> system(); <%- end -%> }; <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%> source s_network { tcp6(port(5140) max-connections(200) tls( key_file("/etc/exim4/ssl/thishost.key") cert_file("/etc/exim4/ssl/thishost.crt") ca_dir("/etc/exim4/ssl/") ) ); }; <%- end -%> ###### # destinations # some standard log files destination df_auth { file("/var/log/auth.log"); }; destination df_syslog { file("/var/log/syslog"); }; destination df_cron { file("/var/log/cron.log"); }; destination df_daemon { file("/var/log/daemon.log"); }; destination df_kern { file("/var/log/kern.log"); }; destination df_lpr { file("/var/log/lpr.log"); }; destination df_mail { file("/var/log/mail.log" group(maillog)); }; # destination df_mail_info { file("/var/log/mail.info" group(maillog)); }; destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); }; destination df_mail_err { file("/var/log/mail.err" group(maillog)); }; destination df_user { file("/var/log/user.log" perm(0644)); }; destination df_uucp { file("/var/log/uucp.log"); }; # these files are meant for the mail system log files # and provide re-usable destinations for {mail,cron,...}.info, # {mail,cron,...}.notice, etc. destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; # these files are meant for the news system, and are kept separated # because they should be owned by "news" instead of "root" destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; # some more classical and useful files found in standard syslog configurations destination df_debug { file("/var/log/debug"); }; destination df_messages { file("/var/log/messages"); }; <%- if kernel == 'Linux' -%> # pipes # a console to view log messages under X destination dp_xconsole { pipe("/dev/xconsole"); }; <%- end -%> # consoles # this will send messages to everyone logged in destination du_all { usertty("*"); }; ###### # filters # all messages from the auth and authpriv facilities filter f_auth { facility(auth, authpriv); }; # all messages except from the auth and authpriv facilities filter f_syslog { not facility(auth, authpriv, mail); }; # respectively: messages from the cron, daemon, kern, lpr, mail, news, user, # and uucp facilities filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; # some filters to select messages of priority greater or equal to info, warn, # and err # (equivalents of syslogd's *.info, *.warn, and *.err) filter f_at_least_info { level(info..emerg); }; filter f_at_least_notice { level(notice..emerg); }; filter f_at_least_warn { level(warn..emerg); }; filter f_at_least_err { level(err..emerg); }; filter f_at_least_crit { level(crit..emerg); }; # all messages of priority debug not coming from the auth, authpriv, news, and # mail facilities filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; # all messages of info, notice, or warn priority not coming form the auth, # authpriv, cron, daemon, mail, and news facilities filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); }; # messages with priority emerg filter f_emerg { level(emerg); }; <%- if kernel == 'Linux' -%> # complex filter for messages usually sent to the xconsole filter f_xconsole { facility(daemon,mail) or level(debug,info,notice,warn) or (facility(news) and level(crit,err,notice)); }; <%- end -%> # order matters if you use "flags(final);" to mark the end of processing in a # "log" statement ############################################################################### ########## ON LOG CLIENTS ##################################################### ############################################################################### ############################################################################### ############################################################################### # all log clients, including the log server, log their locally created # messages to the standard places. # auth,authpriv.* /var/log/auth.log log { source(s_local); filter(f_auth); destination(df_auth); }; # *.*;auth,authpriv.none -/var/log/syslog log { source(s_local); filter(f_syslog); destination(df_syslog); }; # this is commented out in the default syslog.conf # cron.* /var/log/cron.log #log { # source(s_local); # filter(f_cron); # destination(df_cron); #}; # daemon.* -/var/log/daemon.log log { source(s_local); filter(f_daemon); destination(df_daemon); }; # kern.* -/var/log/kern.log log { source(s_local); filter(f_kern); destination(df_kern); }; # lpr.* -/var/log/lpr.log log { source(s_local); filter(f_lpr); destination(df_lpr); }; # mail.* -/var/log/mail.log log { source(s_local); filter(f_mail); destination(df_mail); }; # user.* -/var/log/user.log log { source(s_local); filter(f_user); destination(df_user); }; # uucp.* /var/log/uucp.log log { source(s_local); filter(f_uucp); destination(df_uucp); }; # mail.info -/var/log/mail.info #log { # source(s_local); # filter(f_mail); # filter(f_at_least_info); # destination(df_mail_info); #}; # mail.warn -/var/log/mail.warn log { source(s_local); filter(f_mail); filter(f_at_least_warn); destination(df_mail_warn); }; # mail.err /var/log/mail.err log { source(s_local); filter(f_mail); filter(f_at_least_err); destination(df_mail_err); }; # news.crit /var/log/news/news.crit log { source(s_local); filter(f_news); filter(f_at_least_crit); destination(df_news_dot_crit); }; # news.err /var/log/news/news.err log { source(s_local); filter(f_news); filter(f_at_least_err); destination(df_news_dot_err); }; # news.notice /var/log/news/news.notice log { source(s_local); filter(f_news); filter(f_at_least_notice); destination(df_news_dot_notice); }; # *.=debug;\ # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug log { source(s_local); filter(f_debug); destination(df_debug); }; # *.=info;*.=notice;*.=warn;\ # auth,authpriv.none;\ # cron,daemon.none;\ # mail,news.none -/var/log/messages log { source(s_local); filter(f_messages); destination(df_messages); }; # *.emerg * log { source(s_local); filter(f_emerg); destination(du_all); }; <%- if kernel == 'Linux' -%> # daemon.*;mail.*;\ # news.crit;news.err;news.notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn |/dev/xconsole log { source(s_local); filter(f_xconsole); destination(dp_xconsole); }; <%- end -%> <%- if hostname != "lotti" -%> destination loghost-lotti { tcp("lotti.debian.org" port (5140) tls( key_file("/etc/ssl/debian/keys/thishost.key") cert_file("/etc/ssl/debian/certs/thishost.crt") ca_dir("/etc/ssl/debian/certs/") ) ); }; <%- end -%> <%- if hostname != "lully" -%> destination loghost-lully { tcp("lully.debian.org" port (5140) tls( key_file("/etc/ssl/debian/keys/thishost.key") cert_file("/etc/ssl/debian/certs/thishost.crt") ca_dir("/etc/ssl/debian/certs/") ) ); }; <%- end -%> <%- if hostname != "loghost-grnet-01" -%> destination loghost-loghost-grnet-01 { tcp("loghost-grnet-01.debian.org" port (5140) tls( key_file("/etc/ssl/debian/keys/thishost.key") cert_file("/etc/ssl/debian/certs/thishost.crt") ca_dir("/etc/ssl/debian/certs/") ) ); }; <%- end -%> log { source(s_local); <%- if hostname != "lotti" -%> destination(loghost-lotti); <%- end -%> <%- if hostname != "lully" -%> destination(loghost-lully); <%- end -%> <%- if hostname != "loghost-grnet-01" -%> destination(loghost-loghost-grnet-01); <%- end -%> }; <%- if (hostname == "lotti") || (hostname == "lully") || (hostname == "loghost-grnet-01") -%> ############################################################################### ########## ON LOG HOST ######################################################## ############################################################################### ############################################################################### # # The log server, additionally, also logs all local and remote messages to # a few special places. destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; #---------------------------------------------------------------------- # Special catch all destination hostdest_sorting by host #---------------------------------------------------------------------- destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit" owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; #---------------------------------------------------------------------- # Catch all log files #---------------------------------------------------------------------- destination df_ALL_auth { file("/var/log/auth-all.log"); }; destination df_ALL_mail { file("/var/log/mail-all.log"); }; destination df_ALL_syslog { file("/var/log/syslog-all"); }; log { source(s_local); source(s_network); filter(f_auth); destination(hostdest_auth); }; log { source(s_local); source(s_network); filter(f_syslog); destination(hostdest_syslog); }; log { source(s_local); source(s_network); filter(f_daemon); destination(hostdest_daemon); }; log { source(s_local); source(s_network); filter(f_kern); destination(hostdest_kern); }; log { source(s_local); source(s_network); filter(f_lpr); destination(hostdest_lpr); }; log { source(s_local); source(s_network); filter(f_mail); destination(hostdest_mail); }; log { source(s_local); source(s_network); filter(f_news); destination(hostdest_mail); }; log { source(s_local); source(s_network); filter(f_user); destination(hostdest_user); }; log { source(s_local); source(s_network); filter(f_uucp); destination(hostdest_uucp); }; log { source(s_local); source(s_network); filter(f_debug); destination(hostdest_debug); }; log { source(s_local); source(s_network); filter(f_messages); destination(hostdest_messages); }; log { source(s_local); source(s_network); filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); }; log { source(s_local); source(s_network); filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); }; log { source(s_local); source(s_network); filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); }; ## catch all: log { source(s_local); source(s_network); filter(f_auth); destination(df_ALL_auth); }; log { source(s_local); source(s_network); filter(f_mail); destination(df_ALL_mail); }; log { source(s_local); source(s_network); filter(f_syslog); destination(df_ALL_syslog); }; <%- end -%>