Syslog-ng

Da Andreabont's Wiki.

Syslog-NG è un demone che centralizza i log da più macchine che comunicano gli eventi via rete.

Configurazione base

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
	flush_lines (0);
	time_reopen (10);
	log_fifo_size (1000);
	long_hostnames (off);
	use_dns (yes);
        #dns_cache(yes);
	use_fqdn (no);
	create_dirs (yes);
	keep_hostname (yes);
};

# SOURCES
source s_sys {

        # Kernel messages
	file ("/proc/kmsg" program_override("kernel: "));

        # Standard Linux log source
	unix-stream ("/dev/log");

	# Syslog-NG logs
        internal();

};

source remote { udp(); };

# DESTINATIONS
destination std { file( "/var/log/syslog-ng/$HOST/$YEAR$MONTH/$FACILITY" create_dirs(yes)); };

# LOG
log { source(s_sys); destination(std); };
log { source(remote); destination(std); };