@version: 3.0 options { flush_lines (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); mark_freq(300); stats_freq(3600); keep_hostname (yes); }; source sys { unix-dgram ("/dev/log"); unix-dgram ("/var/lib/klogd/dev/log");internal(); }; #source remote { udp(); }; destination kerninfo { file("/var/log/kernel/info"); }; destination kernwarn { file("/var/log/kernel/warnings"); }; destination kernerr { file("/var/log/kernel/errors"); }; destination userinfo { file("/var/log/user/info"); }; destination userwarn { file("/var/log/user/warnings"); }; destination usererr { file("/var/log/user/errors"); }; destination mailinfo { file("/var/log/mail/info"); }; destination mailwarn { file("/var/log/mail/warnings"); }; destination mailerr { file("/var/log/mail/errors"); }; destination mailall { file("/var/log/mail/all"); }; destination auth { file("/var/log/auth/messages"); }; destination authpriv { file("/var/log/auth/secure"); }; destination authall { file("/var/log/auth/all"); }; destination daemoninfo { file("/var/log/daemons/info"); }; destination daemonwarn { file("/var/log/daemons/warnings"); }; destination daemonerr { file("/var/log/daemons/errors"); }; destination lprinfo { file("/var/log/lpr/info"); }; destination lprwarn { file("/var/log/lpr/warnings"); }; destination lprerr { file("/var/log/lpr/error"); }; destination newsinfo { file("/var/log/news/info"); }; destination newswarn { file("/var/log/news/warnings"); }; destination newserr { file("/var/log/news/error"); }; destination uucpinfo { file("/var/log/uucp/info"); }; destination uucpwarn { file("/var/log/uucp/warnings"); }; destination uucperr { file("/var/log/uucp/error"); }; destination croninfo { file("/var/log/cron/info"); }; destination cronwarn { file("/var/log/cron/warnings"); }; destination cronerr { file("/var/log/cron/error"); }; destination ftpinfo { file("/var/log/ftp/info"); }; destination ftpwarn { file("/var/log/ftp/warnings"); }; destination ftperr { file("/var/log/ftp/error"); }; destination mesg { file("/var/log/syslog/messages"); }; destination alert { file("/var/log/syslog/alert"); }; destination emerg { file("/var/log/syslog/emerg"); }; destination spool { file("/var/log/syslog/spooler"); }; destination boot { file("/var/log/syslog/boot"); }; destination consoleall { file("/dev/tty12"); }; #destination mailall { usertty("*"); }; #destination for remote logs, change loghost to fqdn for remote host #destination loghost { udp("loghost" port(999)); }; #destination from remote hosts #destination remote_kern { file("/var/log/remote/remote_kernel.log"); }; #destination remote_daem { file("/var/log/remote/remote_daemon.log"); }; #destination remote_auth { file("/var/log/remote/remote_auth.log"); }; #destination remote_user { file("/var/log/remote/remote_user.log"); }; #destination remote_boot { file("/var/log/remote/remote_boot.log"); }; # Generic filters filter f_info { level(debug,info,notice); }; filter f_warn { level(warn); }; filter f_error { level(error); }; filter f_emergency { level(emerg); }; filter f_alert { level(alert); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_kernel { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_news { facility(news); }; filter f_daemon { facility(daemon); }; filter f_uucp { facility(uucp); }; filter f_ftp { facility(ftp); }; # Specific filters filter f_authall { facility(auth,authpriv); }; filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_user { facility(user); }; # Log anything (except mail) of level info or higher. Don't log private authentication messages filter f_mesgs { level(info) and not facility(mail,authpriv); }; # authpriv logging (restricted) filter f_secure { facility(authpriv); }; filter f_spool { facility(uucp) or (facility(news) and level(crit)); }; filter f_boot { facility(local7); }; filter f_syslog { not facility(auth, authpriv); }; # Log to logfiles log { source(sys); filter(f_kernel); filter(f_info); destination(kerninfo); }; log { source(sys); filter(f_kernel); filter(f_warn); destination(kernwarn); }; log { source(sys); filter(f_kernel); filter(f_error); destination(kernerr); }; log { source(sys); filter(f_user); filter(f_info); destination(userinfo); }; log { source(sys); filter(f_user); filter(f_warn); destination(userwarn); }; log { source(sys); filter(f_user); filter(f_error); destination(usererr); }; log { source(sys); filter(f_mail); filter(f_info); destination(mailinfo); }; log { source(sys); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(sys); filter(f_mail); filter(f_error); destination(mailerr); }; log { source(sys); filter(f_mail); destination(mailall); }; log { source(sys); filter(f_daemon); filter(f_info); destination(daemoninfo); }; log { source(sys); filter(f_daemon); filter(f_warn); destination(daemonwarn); }; log { source(sys); filter(f_daemon); filter(f_error); destination(daemonerr); }; log { source(sys); filter(f_authall); destination(authall); }; log { source(sys); filter(f_auth); destination(auth); }; log { source(sys); filter(f_authpriv); destination(authpriv); }; log { source(sys); filter(f_lpr); filter(f_info); destination(lprinfo); }; log { source(sys); filter(f_lpr); filter(f_warn); destination(lprwarn); }; log { source(sys); filter(f_lpr); filter(f_error); destination(lprerr); }; log { source(sys); filter(f_news); filter(f_info); destination(newsinfo); }; log { source(sys); filter(f_news); filter(f_warn); destination(newswarn); }; log { source(sys); filter(f_news); filter(f_error); destination(newserr); }; log { source(sys); filter(f_uucp); filter(f_info); destination(uucpinfo); }; log { source(sys); filter(f_uucp); filter(f_warn); destination(uucpwarn); }; log { source(sys); filter(f_uucp); filter(f_error); destination(uucperr); }; log { source(sys); filter(f_cron); filter(f_info); destination(croninfo); }; log { source(sys); filter(f_cron); filter(f_warn); destination(cronwarn); }; log { source(sys); filter(f_cron); filter(f_error); destination(cronerr); }; log { source(sys); filter(f_ftp); filter(f_info); destination(ftpinfo); }; log { source(sys); filter(f_ftp); filter(f_warn); destination(ftpwarn); }; log { source(sys); filter(f_ftp); filter(f_error); destination(ftperr); }; log { source(sys); filter(f_mesgs); destination(mesg); }; log { source(sys); filter(f_alert); destination(alert); }; log { source(sys); filter(f_emergency); destination(emerg); }; log { source(sys); filter(f_spool); destination(spool); }; log { source(sys); filter(f_boot); destination(boot); }; log { source(sys); destination(consoleall); }; # Log to console #log { source(sys); filter(f_emergency); destination(mailall); }; # Logs from remote hosts #log { source(net); filter(f_kern); destination(remote_kern); }; #log { source(net); filter(f_daemon); destination(remote_daem); }; #log { source(net); filter(f_authall); destination(remote_auth); }; #log { source(net); filter(f_user); destination(remote_user); }; #log { source(net); filter(f_boot); destination(remote_boot); };