# options options { long_hostnames(off); sync(0); }; # sources source src { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); internal(); file("/dev/klog"); }; source net { udp(); }; # destinations destination messages { file("/var/log/messages"); }; destination security { file("/var/log/security"); }; destination authlog { file("/var/log/auth.log"); }; destination maillog { file("/var/log/maillog"); }; destination lpd-errs { file("/var/log/lpd-errs"); }; destination xferlog { file("/var/log/xferlog"); }; destination cron { file("/var/log/cron"); }; destination debuglog { file("/var/log/debug.log"); }; destination consolelog { file("/var/log/console.log"); }; destination all { file("/var/log/all.log"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination slip { file("/var/log/slip.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination console { file("/dev/console"); }; destination allusers { usertty("*"); }; destination remote { file("/var/log/remote/$YEAR/$MONTH/$DAY/$HOST.log" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination swatch { program("/usr/local/bin/swatch --read-pipe=\"cat /dev/fd/0\""); }; # log facility filters filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_not_authpriv { not facility(authpriv); }; filter f_console { facility(console); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_security { facility(security); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; # log level filters filter f_emerg { level(emerg); }; filter f_alert { level(alert..emerg); }; filter f_crit { level(crit..emerg); }; filter f_err { level(err..emerg); }; filter f_warning { level(warning..emerg); }; filter f_notice { level(notice..emerg); }; filter f_info { level(info..emerg); }; filter f_debug { level(debug..emerg); }; filter f_is_debug { level(debug); }; ####################### ### Local Machine ##### ####################### # *.err;kern.warning;auth.notice;mail.crit /dev/console log { source(src); filter(f_err); destination(console); }; log { source(src); filter(f_kern); filter(f_warning); destination(console); }; log { source(src); filter(f_auth); filter(f_notice); destination(console); }; log { source(src); filter(f_mail); filter(f_crit); destination(console); }; # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); }; # security.* /var/log/security log { source(src); filter(f_security); destination(security); }; # auth.info;authpriv.info /var/log/auth.log log { source(src); filter(f_auth); filter(f_info); destination(authlog); }; log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); }; # mail.info /var/log/maillog log { source(src); filter(f_mail); filter(f_info); destination(maillog); }; # cron.* /var/log/cron log { source(src); filter(f_cron); destination(cron); }; # *.=debug /var/log/debug.log log { source(src); filter(f_is_debug); destination(debuglog); }; # *.emerg * log { source(src); filter(f_emerg); destination(allusers); }; ####################### ### Remote Hosts ###### ####################### # *.err;kern.warning;auth.notice;mail.crit log { source(net); filter(f_err); destination(remote); }; log { source(net); filter(f_kern); filter(f_warning); destination(remote); }; log { source(net); filter(f_auth); filter(f_notice); destination(remote); }; log { source(net); filter(f_mail); filter(f_crit); destination(remote); }; # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err log { source(net); filter(f_notice); filter(f_not_authpriv); destination(remote); }; log { source(net); filter(f_kern); filter(f_debug); destination(remote); }; log { source(net); filter(f_lpr); filter(f_info); destination(remote); }; log { source(net); filter(f_mail); filter(f_crit); destination(remote); }; log { source(net); filter(f_news); filter(f_err); destination(remote); }; # security.* log { source(net); filter(f_security); destination(remote); }; # auth.info;authpriv.info log { source(net); filter(f_auth); filter(f_info); destination(remote); }; log { source(net); filter(f_authpriv); filter(f_info); destination(remote); }; # mail.info log { source(net); filter(f_mail); filter(f_info); destination(remote); }; # cron.* log { source(net); filter(f_cron); destination(remote); }; # *.=debug log { source(net); filter(f_is_debug); destination(remote); }; # *.emerg log { source(net); filter(f_emerg); destination(remote); }; # local.* log { source(net); filter(f_local0); destination(remote); }; log { source(net); filter(f_local1); destination(remote); }; log { source(net); filter(f_local2); destination(remote); }; log { source(net); filter(f_local3); destination(remote); }; log { source(net); filter(f_local4); destination(remote); }; log { source(net); filter(f_local5); destination(remote); }; log { source(net); filter(f_local6); destination(remote); }; log { source(net); filter(f_local7); destination(remote); }; # Run everything through swatch log { source(net); destination(swatch); }; log { source(src); destination(swatch); };