######################################## # Syslog-ng service configuration # # Operating system: OpenBSD 4.6 # Hostname: server.test.com # IP address: NA # Maintainer: NA # Last modified: March 9, 2010 ######################################## #################### # Options #################### options { keep_hostname(yes); long_hostnames(off); sync(0); }; #################### # Sources #################### source local { internal(); pipe("/dev/klog" log_prefix("kernel: ")); unix-dgram("/dev/log"); }; #################### # Destinations #################### destination all { file("/var/log/all.log"); }; destination la_sudo { file("/var/log/sudo.log"); }; destination ld_cron { file("/var/log/cron.log"); }; destination ld_sshd { file("/var/log/sshd.log"); }; destination ls_kernel { file("/var/log/kernel.log"); }; #################### # Filters #################### filter fa_sudo { match("sudo:"); }; filter fd_cron { match("cron[\[0-9]+\]"); }; filter fd_sshd { match("sshd[\[0-9]+\]") and match("Server listening") or match("Connection from") or match("client software version") or match("Accepted password") or match("Failed password") or match("Connection closed") or match("Closing connection") or match("subsystem request") or match("Received signal 15"); }; filter f_kernel { match("kernel: "); }; filter f_server { host("server"); }; filter f_terms { not match("sudo:") and not match("cron[\[0-9]+\]") and not match("sshd[\[0-9]+\]") and not match("syslog-ng[\[0-9]+\]") and not match("kernel: "); }; #################### # Logs #################### log { source(local); filter(f_server); filter(f_terms); destination(all); }; log { source(local); filter(f_server); filter(fa_sudo); destination(la_sudo); }; log { source(local); filter(f_server); filter(fd_cron); destination(ld_cron); }; log { source(local); filter(f_server); filter(fd_sshd); destination(ld_sshd); }; log { source(local); filter(f_server); filter(f_kernel); destination(ls_kernel); };