destination console {usertty("root");};
destination console_all {file("/dev/tty12");};
destination ids {program("/usr/sbin/ids-block");};
-destination ntpdate {program("ntpdate pool.ntp.org");};
#destination loghost {#tcp("10.0.0.1" port(514));};
filter f_boot {facility(local7);};
filter f_emergency {level(emerg);};
filter f_snort {match("snort") and match("Priority: 1");};
filter f_ssh {program("sshd.*") and match("Failed password for root from");};
-filter f_setclock {match("time error") and match("is too large") and match("set clock manually");};
log {source(sys);filter(f_messages);destination(messages);};
log {source(sys);filter(f_emergency);destination(console);};
log {source(sys);filter(f_boot);destination(boot);};
log {source(sys);destination(console_all);};
-log {source(sys);filter(f_snort) or filter(f_ssh);destination(ids);};
-log {source(sys);filter(f_setclock);destination(ntpdate);};
+log {source(sys);filter(f_snort);destination(ids);};
log {source(sys);filter(f_kern);destination(kernel);};