-@version:3.0
-options { long_hostnames(off); flush_lines(0); stats_freq(3600); };
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
-source src { unix-stream("/dev/log"); internal(); };
-source kernsrc { file("/proc/kmsg"); };
+#@version:3.0
-destination messages { file("/var/log/messages"); };
-destination console { usertty("root"); };
-destination console_all { file("/dev/tty12"); };
+options {
+ flush_lines(0);
+ stats_freq(3600);
+ time_reopen (10);
+ log_fifo_size (1000);
+ long_hostnames (off);
+ use_dns (no);
+ use_fqdn (no);
+ create_dirs (no);
+ keep_hostname (yes);
+ };
-destination ids { program("/usr/sbin/ids-block"); };
+source sys {
+ file ("/proc/kmsg" log_prefix("kernel: "));
+ unix-stream ("/dev/log");
+ internal();
+ };
-#destination loghost { tcp("10.0.0.1" port(514)); };
+destination messages {
+ file("/var/log/messages");
+ };
+destination boot {
+ file("/var/log/boot.log");
+ };
+destination console {
+ usertty("root");
+ };
+destination console_all {
+ file("/dev/tty12");
+ };
+destination ids {
+ program("/usr/sbin/ids-block");
+ };
+destination loghost {
+ tcp("10.0.0.1" port(514));
+ };
-filter f_syslog { not facility(authpriv, mail) and not match(ppp.*LCP); };
-filter f_cron { facility(cron); };
-filter f_daemon { facility(daemon); };
-filter f_kern { facility(kern); };
-filter f_mail { facility(mail) and not match (imapd); };
-filter f_messages { not facility(auth, authpriv, mail, news); };
-filter f_emergency { level(emerg); };
+filter f_boot {
+ facility(local7);
+ };
+filter f_cron {
+ facility(cron);
+ };
+filter f_daemon {
+ facility(daemon);
+ };
+filter f_kern {
+ facility(kern);
+ };
+filter f_messages {
+ not facility(mail, news, cron);
+ };
+filter f_emergency {
+ level(emerg);
+ };
+filter f_ids {
+ facility(auth)
+ and message("snort")
+ and message("Priority: 1");
+ };
+filter f_ssh {
+ program("sshd.*")
+ and message("Failed password for root from");
+ };
-filter f_ids { facility(auth) and match("snort") and match("Priority: 1"); };
-filter f_ssh { program("sshd.*") and match("Failed password for root from"); };
-
-log { source(src); source(kernsrc); filter(f_messages); destination(messages); };
-log { source(src); source(kernsrc); filter(f_emergency); destination(console); };
-log { source(src); source(kernsrc); destination(console_all); };
-
-log { source(src); filter(f_ids); destination(ids); };
-log { source(src); filter(f_ssh); destination(ids); };
+log {
+ source(sys);
+ filter(f_messages);
+ destination(messages);
+ };
+log {
+ source(sys);
+ filter(f_emergency);
+ destination(console);
+ };
+log {
+ source(sys);
+ filter(f_boot);
+ destination(boot);
+ };
+log {
+ source(sys);
+ destination(console_all);
+ };
+log {
+ source(sys);
+ filter(f_ids);
+ destination(ids);
+ };
+log {
+ source(sys);
+ filter(f_ssh);
+ destination(ids);
+ };
projects / ipfire-3.x.git / commitdiff
