From: Christian Schmidt <maniacikarus@ipfire.org>
Date: Sat, 29 Aug 2009 08:47:06 +0000 (+0200)
Subject: Changed syslog-ng config and added some filters
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6954f58543a2e4f287f4bd64ef35580ddddc6456;p=ipfire-3.x.git

Changed syslog-ng config and added some filters
---

diff --git a/config/syslog-ng/syslog-ng.conf b/config/syslog-ng/syslog-ng.conf
index 2d0bf4527..e6f3221aa 100644
--- a/config/syslog-ng/syslog-ng.conf
+++ b/config/syslog-ng/syslog-ng.conf
@@ -33,93 +33,31 @@ options {
 	keep_hostname (yes);
 	};
 
-source sys {
-	file ("/proc/kmsg" log_prefix("kernel: "));
-	unix-stream ("/dev/log");
-	internal();
-	};
+source sys {file ("/proc/kmsg" log_prefix("kernel: "));unix-stream ("/dev/log");internal();};
 
-destination messages {
-	file("/var/log/messages");
-	};
-destination boot {
-	file("/var/log/boot.log");
-	};
-destination kernel {
-	file("/var/log/kernel.log");
-	};
-destination console {
-	usertty("root");
-	};
-destination console_all {
-	file("/dev/tty12");
-	};
-destination ids {
-	program("/usr/sbin/ids-block");
-	};
-#destination loghost {
-#	tcp("10.0.0.1" port(514));
-#	};
+destination messages {file("/var/log/messages");};
+destination boot {file("/var/log/boot.log");};
+destination kernel {file("/var/log/kernel.log");};
+destination console {usertty("root");};
+destination console_all {file("/dev/tty12");};
+destination ids {program("/usr/sbin/ids-block");};
+destination ntpdate {program("ntpdate pool.ntp.org");};
+#destination loghost {#tcp("10.0.0.1" port(514));};
 
-filter f_boot {
-	facility(local7);
-	};
-filter f_cron {
-	facility(cron);
-	};
-filter f_daemon {
-	facility(daemon);
-	};
-filter f_kern {
-	facility(kern);
-	};
-filter f_messages {
-	not facility(mail, news, cron);
-	};
-filter f_emergency {
-	level(emerg);
-	};
-filter f_ids {
-	facility(auth)
-	and match("snort")
-	and match("Priority: 1");
-	};
-filter f_ssh {
-	program("sshd.*")
-	and match("Failed password for root from");
-	};
+filter f_boot {facility(local7);};
+filter f_cron {facility(cron);};
+filter f_daemon {facility(daemon);};
+filter f_kern {facility(kern);};
+filter f_messages {not facility(mail, news, cron);};
+filter f_emergency {level(emerg);};
+filter f_snort {match("snort") and match("Priority: 1");};
+filter f_ssh {program("sshd.*") and match("Failed password for root from");};
+filter f_setclock {match("time error") and match("is too large") and match("set clock manually");};
 
-log {
-	source(sys);
-	filter(f_messages);
-	destination(messages);
-	};
-log {
-	source(sys);
-	filter(f_emergency);
-	destination(console);
-	};
-log {
-	source(sys);
-	filter(f_boot);
-	destination(boot);
-	};
-log {
-	source(sys);
-	destination(console_all);
-	};
-log {
-	source(sys);
-	filter(f_ids);
-	destination(ids);
-	};
-log {
-	source(sys);
-	filter(f_ssh);
-	destination(ids);
-	};
-log {
-	source(sys);
-	filter(f_kern);
-	destination(kernel);
-	};
+log {source(sys);filter(f_messages);destination(messages);};
+log {source(sys);filter(f_emergency);destination(console);};
+log {source(sys);filter(f_boot);destination(boot);};
+log {source(sys);destination(console_all);};
+log {source(sys);filter(f_snort) or filter(f_ssh);destination(ids);};
+log {source(sys);filter(f_setclock);destination(ntpdate);};
+log {source(sys);filter(f_kern);destination(kernel);};