[ipfire-3.x.git] / config / syslog-ng / syslog-ng.conf

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt           #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

#@version:3.0

options {
	flush_lines(0);
	stats_freq(3600);
	time_reopen (10);
	time_sleep(200);
	log_fifo_size (1000);
	long_hostnames (off);
	use_dns (no);
	use_fqdn (no);
	create_dirs (no);
	keep_hostname (yes);
	};

source sys {
	file ("/proc/kmsg" log_prefix("kernel: "));
	unix-stream ("/dev/log");
	internal();
	};

destination messages {
	file("/var/log/messages");
	};
destination boot {
	file("/var/log/boot.log");
	};
destination kernel {
	file("/var/log/kernel.log");
	};
destination console {
	usertty("root");
	};
destination console_all {
	file("/dev/tty12");
	};
destination ids {
	program("/usr/sbin/ids-block");
	};
#destination loghost {
#	tcp("10.0.0.1" port(514));
#	};

filter f_boot {
	facility(local7);
	};
filter f_cron {
	facility(cron);
	};
filter f_daemon {
	facility(daemon);
	};
filter f_kern {
	facility(kern);
	};
filter f_messages {
	not facility(mail, news, cron);
	};
filter f_emergency {
	level(emerg);
	};
filter f_ids {
	facility(auth)
	and match("snort")
	and match("Priority: 1");
	};
filter f_ssh {
	program("sshd.*")
	and match("Failed password for root from");
	};

log {
	source(sys);
	filter(f_messages);
	destination(messages);
	};
log {
	source(sys);
	filter(f_emergency);
	destination(console);
	};
log {
	source(sys);
	filter(f_boot);
	destination(boot);
	};
log {
	source(sys);
	destination(console_all);
	};
log {
	source(sys);
	filter(f_ids);
	destination(ids);
	};
log {
	source(sys);
	filter(f_ssh);
	destination(ids);
	};
log {
	source(sys);
	filter(f_kern);
	destination(kernel);
	};
Commit	Line	Data
15fe0b7e CS	1	###############################################################################
	2	# #
	3	# IPFire.org - A linux based firewall #
	4	# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	###############################################################################
d178ccd6	20
15fe0b7e	21	#@version:3.0
d178ccd6	22
15fe0b7e CS	23	options {
	24	flush_lines(0);
	25	stats_freq(3600);
	26	time_reopen (10);
7a73612b	27	time_sleep(200);
15fe0b7e CS	28	log_fifo_size (1000);
	29	long_hostnames (off);
	30	use_dns (no);
	31	use_fqdn (no);
	32	create_dirs (no);
	33	keep_hostname (yes);
	34	};
d178ccd6	35
15fe0b7e CS	36	source sys {
	37	file ("/proc/kmsg" log_prefix("kernel: "));
	38	unix-stream ("/dev/log");
	39	internal();
	40	};
c88b182f	41
15fe0b7e CS	42	destination messages {
	43	file("/var/log/messages");
	44	};
	45	destination boot {
	46	file("/var/log/boot.log");
	47	};
537cc5b0	48	destination kernel {
4a2af74b	49	file("/var/log/kernel.log");
537cc5b0	50	};
15fe0b7e CS	51	destination console {
	52	usertty("root");
	53	};
	54	destination console_all {
	55	file("/dev/tty12");
	56	};
	57	destination ids {
	58	program("/usr/sbin/ids-block");
	59	};
dd07679e MT	60	#destination loghost {
	61	# tcp("10.0.0.1" port(514));
	62	# };
c88b182f	63
15fe0b7e CS	64	filter f_boot {
	65	facility(local7);
	66	};
	67	filter f_cron {
	68	facility(cron);
	69	};
	70	filter f_daemon {
	71	facility(daemon);
	72	};
	73	filter f_kern {
	74	facility(kern);
	75	};
	76	filter f_messages {
	77	not facility(mail, news, cron);
	78	};
	79	filter f_emergency {
	80	level(emerg);
	81	};
	82	filter f_ids {
	83	facility(auth)
ef3707f4 CS	84	and match("snort")
ef3707f4 CS	85	and match("Priority: 1");
15fe0b7e CS	86	};
	87	filter f_ssh {
	88	program("sshd.*")
ef3707f4	89	and match("Failed password for root from");
15fe0b7e	90	};
d178ccd6	91
15fe0b7e CS	92	log {
	93	source(sys);
	94	filter(f_messages);
	95	destination(messages);
	96	};
	97	log {
	98	source(sys);
	99	filter(f_emergency);
	100	destination(console);
	101	};
	102	log {
	103	source(sys);
	104	filter(f_boot);
	105	destination(boot);
	106	};
	107	log {
	108	source(sys);
	109	destination(console_all);
	110	};
	111	log {
	112	source(sys);
	113	filter(f_ids);
	114	destination(ids);
	115	};
	116	log {
	117	source(sys);
	118	filter(f_ssh);
	119	destination(ids);
	120	};
537cc5b0 CS	121	log {
	122	source(sys);
	123	filter(f_kern);
	124	destination(kernel);
	125	};