Changed syslog-ng config and added some filters

diff --git a/config/syslog-ng/syslog-ng.conf b/config/syslog-ng/syslog-ng.conf
index 2d0bf45279dd23338e995ea5b386e3997a5048f4..e6f3221aac58aed52b1d542e77ad81fb4173ada8 100644 (file)
--- a/config/syslog-ng/syslog-ng.conf
+++ b/config/syslog-ng/syslog-ng.conf
@@ -33,93 +33,31 @@ options {
        keep_hostname (yes);
        };
 
-source sys {
-       file ("/proc/kmsg" log_prefix("kernel: "));
-       unix-stream ("/dev/log");
-       internal();
-       };
+source sys {file ("/proc/kmsg" log_prefix("kernel: "));unix-stream ("/dev/log");internal();};
 
-destination messages {
-       file("/var/log/messages");
-       };
-destination boot {
-       file("/var/log/boot.log");
-       };
-destination kernel {
-       file("/var/log/kernel.log");
-       };
-destination console {
-       usertty("root");
-       };
-destination console_all {
-       file("/dev/tty12");
-       };
-destination ids {
-       program("/usr/sbin/ids-block");
-       };
-#destination loghost {
-#      tcp("10.0.0.1" port(514));
-#      };
+destination messages {file("/var/log/messages");};
+destination boot {file("/var/log/boot.log");};
+destination kernel {file("/var/log/kernel.log");};
+destination console {usertty("root");};
+destination console_all {file("/dev/tty12");};
+destination ids {program("/usr/sbin/ids-block");};
+destination ntpdate {program("ntpdate pool.ntp.org");};
+#destination loghost {#tcp("10.0.0.1" port(514));};
 
-filter f_boot {
-       facility(local7);
-       };
-filter f_cron {
-       facility(cron);
-       };
-filter f_daemon {
-       facility(daemon);
-       };
-filter f_kern {
-       facility(kern);
-       };
-filter f_messages {
-       not facility(mail, news, cron);
-       };
-filter f_emergency {
-       level(emerg);
-       };
-filter f_ids {
-       facility(auth)
-       and match("snort")
-       and match("Priority: 1");
-       };
-filter f_ssh {
-       program("sshd.*")
-       and match("Failed password for root from");
-       };
+filter f_boot {facility(local7);};
+filter f_cron {facility(cron);};
+filter f_daemon {facility(daemon);};
+filter f_kern {facility(kern);};
+filter f_messages {not facility(mail, news, cron);};
+filter f_emergency {level(emerg);};
+filter f_snort {match("snort") and match("Priority: 1");};
+filter f_ssh {program("sshd.*") and match("Failed password for root from");};
+filter f_setclock {match("time error") and match("is too large") and match("set clock manually");};
 
-log {
-       source(sys);
-       filter(f_messages);
-       destination(messages);
-       };
-log {
-       source(sys);
-       filter(f_emergency);
-       destination(console);
-       };
-log {
-       source(sys);
-       filter(f_boot);
-       destination(boot);
-       };
-log {
-       source(sys);
-       destination(console_all);
-       };
-log {
-       source(sys);
-       filter(f_ids);
-       destination(ids);
-       };
-log {
-       source(sys);
-       filter(f_ssh);
-       destination(ids);
-       };
-log {
-       source(sys);
-       filter(f_kern);
-       destination(kernel);
-       };
+log {source(sys);filter(f_messages);destination(messages);};
+log {source(sys);filter(f_emergency);destination(console);};
+log {source(sys);filter(f_boot);destination(boot);};
+log {source(sys);destination(console_all);};
+log {source(sys);filter(f_snort) or filter(f_ssh);destination(ids);};
+log {source(sys);filter(f_setclock);destination(ntpdate);};
+log {source(sys);filter(f_kern);destination(kernel);};