414 lines
17 KiB
Plaintext
414 lines
17 KiB
Plaintext
@version: 3.4
|
|
|
|
#
|
|
# Syslog-ng configuration file, compatible with default Debian syslogd
|
|
# installation. Originally written by anonymous (I can't find his name)
|
|
# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)
|
|
|
|
# Common log format with fractional seconds, hostname, and priority
|
|
template t_log {
|
|
template("${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC}.${MSEC} ${HOST} ${MSGHDR}${PRIORITY} ${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
# Format for logs that provide their own timestamp, priority, etc...
|
|
template t_preformatted {
|
|
template("${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_ocf_log {
|
|
template("${R_YEAR}-${R_MONTH}-${R_DAY}T${R_HOUR}:${R_MIN}:${R_SEC}.${R_MSEC} ${HOST} ${MSGHDR}${PRIORITY} ${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
# Format for openstack logs that provide their own timestamp, priority, etc...
|
|
template t_openstack {
|
|
template("${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_libvirtd {
|
|
template("${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC}.${MSEC} ${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_nfv {
|
|
template("${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC}.${MSEC} ${HOST} ${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_fm {
|
|
template("${R_YEAR}-${R_MONTH}-${R_DAY}T${R_HOUR}:${R_MIN}:${R_SEC}.${R_MSEC} ${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_ima_appraise {
|
|
template ("${HOST} ${MSGONLY}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
template t_lighttpd {
|
|
template ("${MSGONLY}\n");
|
|
template-escape(no);
|
|
};
|
|
|
|
# First, set some global options.
|
|
options { chain_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no);
|
|
owner("root"); group("root"); perm(0640); stats_freq(0);
|
|
bad_hostname("^gconfd$");
|
|
frac_digits(3);
|
|
log_msg_size(65535);
|
|
file-template(t_log);
|
|
keep_timestamp(no);
|
|
};
|
|
|
|
########################
|
|
# Sources
|
|
########################
|
|
# This is the default behavior of sysklogd package
|
|
# Logs may come from unix stream, but not from another machine.
|
|
#
|
|
source s_src {
|
|
systemd-syslog();
|
|
file("/proc/kmsg" program-override("kernel") flags(kernel));
|
|
internal();
|
|
};
|
|
|
|
# If you wish to get logs from remote machine you should uncomment
|
|
# this and comment the above source line.
|
|
#
|
|
#source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };
|
|
|
|
# UDP source for HAProxy
|
|
source s_udp { udp(ip(127.0.0.1) port(514)); };
|
|
|
|
# Lighttpd chrooted syslog source
|
|
source s_lighttpd { unix-stream("/var/www/dev/log"
|
|
create-dirs(yes)
|
|
dir-perm(0755)
|
|
group("sys_protected")
|
|
owner("www")); };
|
|
|
|
########################
|
|
# Destinations
|
|
########################
|
|
#
|
|
# remote_log_server destination is added when remotelogging is enabled.
|
|
# The /etc/syslog-ng/remotelogging.conf file has the log statement to
|
|
# send messages to the remote log server.
|
|
#
|
|
# Note: remotelogging.conf must be updated when adding a logfile.
|
|
#
|
|
#destination remote_log_server {udp("10.1.2.3" port(514));};
|
|
#
|
|
# First some standard logfile
|
|
#
|
|
destination d_auth { file("/var/log/auth.log"); };
|
|
destination d_cron { file("/var/log/cron.log"); };
|
|
destination d_daemon { file("/var/log/daemon.log"); };
|
|
destination d_daemon_ocf { file("/var/log/daemon-ocf.log" template(t_ocf_log)); };
|
|
destination d_containerd { file("/var/log/containerd.log"); };
|
|
destination d_collectd { file("/var/log/collectd.log"); };
|
|
destination d_kern { file("/var/log/kern.log"); };
|
|
destination d_lpr { file("/var/log/lpr.log"); };
|
|
destination d_mail { file("/var/log/mail.log"); };
|
|
destination d_syslog { file("/var/log/syslog"); };
|
|
destination d_user { file("/var/log/user.log"); };
|
|
destination d_uucp { file("/var/log/uucp.log"); };
|
|
destination d_postgres { file("/var/log/postgres.log"); };
|
|
destination d_platform { file("/var/log/platform.log"); };
|
|
destination d_openstack { file("/var/log/openstack.log" template(t_openstack)); };
|
|
destination d_sm { file("/var/log/sm.log"); };
|
|
|
|
# HAProxy Log destination
|
|
destination d_haproxy { file("/var/log/haproxy.log"); };
|
|
|
|
# Fault Management Log destination
|
|
destination d_fm_api { file("/var/log/fm-api.log" template(t_openstack)); };
|
|
destination d_fm_event { file("/var/log/fm-event.log"); };
|
|
destination d_fm_manager { file("/var/log/fm-manager.log" template(t_fm) perm(0600)); };
|
|
|
|
# IMA Log destination
|
|
destination d_ima { file("/var/log/ima.log"); };
|
|
# The destination for IMA Appraisals are FM Events
|
|
destination d_ima_appraise {
|
|
program(
|
|
"/usr/sbin/fm_event_syslogger"
|
|
template(t_ima_appraise)
|
|
log-fifo-size(2Mb)
|
|
);
|
|
};
|
|
|
|
# Sysinv Log destination
|
|
destination d_sysinv { file("/var/log/sysinv.log" template(t_openstack)); };
|
|
destination d_sysinvapi { file("/var/log/sysinv-api.log" template(t_openstack)); };
|
|
|
|
# Openstack Log destinations
|
|
destination d_horizon { file("/var/log/horizon.log" template(t_openstack)); };
|
|
destination d_libvirtd { file("/var/log/libvirt/libvirtd.log" template(t_libvirtd)); };
|
|
destination d_keystoneall { file("/var/log/keystone/keystone-all.log" template(t_openstack)); };
|
|
destination d_keystoneapi { file("/var/log/keystone/keystone-api.log" template(t_openstack)); };
|
|
destination d_barbicanapi { file("/var/log/barbican/barbican-api.log" template(t_openstack)); };
|
|
destination d_barbicandbsync { file("/var/log/barbican/barbican-dbsync.log" template(t_openstack)); };
|
|
destination d_barbicankeystonelistener { file("/var/log/barbican/barbican-keystone-listener.log" template(t_openstack)); };
|
|
destination d_barbicanworker { file("/var/log/barbican/barbican-worker.log" template(t_openstack)); };
|
|
destination d_barbicancleaner { file("/var/log/barbican/barbican-cleaner.log" template(t_openstack)); };
|
|
|
|
# NFV-VIM Log destinations
|
|
destination d_vim { file("/var/log/nfv-vim.log" template(t_nfv)); };
|
|
destination d_vim_api { file("/var/log/nfv-vim-api.log" template(t_nfv)); };
|
|
destination d_vim_webserver { file("/var/log/nfv-vim-webserver.log" template(t_nfv)); };
|
|
|
|
# Local Log destinations
|
|
destination d_local5 { file("/var/log/local5.log"); };
|
|
destination d_local6 { file("/var/log/local6.log"); };
|
|
destination d_local7 { file("/var/log/local7.log"); };
|
|
|
|
# This files are the log come from the mail subsystem.
|
|
#
|
|
destination d_mailinfo { file("/var/log/mail/mail.info"); };
|
|
destination d_mailwarn { file("/var/log/mail/mail.warn"); };
|
|
destination d_mailerr { file("/var/log/mail/mail.err"); };
|
|
|
|
# Logging for INN news system
|
|
#
|
|
destination d_newscrit { file("/var/log/news/news.crit"); };
|
|
destination d_newserr { file("/var/log/news/news.err"); };
|
|
destination d_newsnotice { file("/var/log/news/news.notice"); };
|
|
|
|
# Some 'catch-all' logfiles.
|
|
#
|
|
destination d_debug { file("/var/log/debug"); };
|
|
destination d_error { file("/var/log/error"); };
|
|
destination d_messages { file("/var/log/messages"); };
|
|
|
|
# The root's console.
|
|
#
|
|
destination d_console { usertty("root"); };
|
|
|
|
# Virtual console.
|
|
#
|
|
destination d_console_all { file("/dev/tty10"); };
|
|
|
|
# The named pipe /dev/xconsole is for the nsole' utility. To use it,
|
|
# you must invoke nsole' with the -file' option:
|
|
#
|
|
# $ xconsole -file /dev/xconsole [...]
|
|
#
|
|
destination d_xconsole { pipe("/dev/xconsole"); };
|
|
|
|
# Send the messages to an other host
|
|
#
|
|
#destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };
|
|
|
|
# Debian only
|
|
destination d_ppp { file("/var/log/ppp.log"); };
|
|
|
|
# Bash history.
|
|
destination d_bash { file("/var/log/bash.log" owner("root") group("root") perm(0600)); };
|
|
|
|
# Lighttpd chrooted access log
|
|
destination d_lighttpd { file("/var/www/var/log/lighttpd-access.log" template(t_lighttpd)); };
|
|
|
|
########################
|
|
# Filters
|
|
########################
|
|
# Here's come the filter options. With this rules, we can set which
|
|
# message go where.
|
|
|
|
filter f_dbg { level(debug); };
|
|
filter f_info { level(info); };
|
|
filter f_notice { level(notice); };
|
|
filter f_warn { level(warn); };
|
|
filter f_err { level(err); };
|
|
filter f_crit { level(crit .. emerg); };
|
|
|
|
filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
|
|
filter f_error { level(err .. emerg) ; };
|
|
|
|
filter f_messages { level(info,notice,warn) and
|
|
not facility(auth,authpriv,cron,daemon,mail,news); };
|
|
|
|
filter f_auth { facility(auth, authpriv) and not program("audispd"); };
|
|
filter f_cron { facility(cron); };
|
|
filter f_daemon { facility(daemon) and not program("containerd") and not program("collectd") and not program("^(OCF_).") and not match("snmp-auditor" value("MESSAGE")); };
|
|
filter f_daemon_ocf { facility(daemon) and program("^(OCF_)."); };
|
|
filter f_containerd { facility(daemon) and program("containerd"); };
|
|
filter f_collectd { facility(daemon) and program("collectd"); };
|
|
filter f_kern { facility(kern); };
|
|
filter f_lpr { facility(lpr); };
|
|
filter f_local { facility(local0, local1, local3, local4, local5,
|
|
local6, local7); };
|
|
filter f_mail { facility(mail); };
|
|
#filter f_news { facility(news); };
|
|
filter f_newscrit { facility(news) and filter(f_crit); };
|
|
filter f_newserr { facility(news) and filter(f_err); };
|
|
filter f_newsnotice { facility(news) and filter(f_notice); };
|
|
#filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); };
|
|
filter f_syslog { facility(syslog); };
|
|
filter f_user { facility(user) and not filter(f_vim) and not filter(f_vim_api)
|
|
and not filter(f_sshlog) and not filter(f_bash)
|
|
and not filter(f_vim_webserver) and not match("fmClientCli"); };
|
|
filter f_uucp { facility(uucp); };
|
|
|
|
#filter f_cnews { level(notice, err, crit) and facility(news); };
|
|
filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); };
|
|
|
|
filter f_ppp { facility(local2); };
|
|
filter f_console { level(warn .. emerg); };
|
|
|
|
# Local Log Filters
|
|
filter f_local0 { facility(local0); };
|
|
filter f_local1 { facility(local1)
|
|
and not program(fmManager); };
|
|
filter f_local2 { facility(local2)
|
|
and not program(barbican-api)
|
|
and not program(barbican-dbsync)
|
|
and not program(barbican-keystone-listener)
|
|
and not program(barbican-worker)
|
|
and not program(barbican-cleaner)
|
|
and not program(fm)
|
|
and not filter(f_keystoneall)
|
|
and not filter(f_keystoneapi) };
|
|
filter f_local3 { facility(local3); };
|
|
filter f_local5 { facility(local5); };
|
|
filter f_local6 { facility(local6); };
|
|
filter f_local7 { facility(local7); };
|
|
|
|
# Fault Management Filter
|
|
filter f_fm_api { facility(local2) and program(fm) };
|
|
filter f_fm_event { facility(local5) and program(fmManager); };
|
|
filter f_fm_manager { facility(local1) and program(fmManager); };
|
|
|
|
# IMA Filters
|
|
filter f_ima { facility(auth) and program(audispd) and match("type=INTEGRITY_") ; };
|
|
filter f_ima_appraise { filter(f_ima) and match("appraise_data") ; };
|
|
|
|
# Sysinv Log Filter
|
|
filter f_sysinv { facility(local6) and program(sysinv) and not match("sysinv.api.hooks.auditor"); };
|
|
filter f_sysinvapi { facility(local6) and program(sysinv) and match("sysinv.api.hooks.auditor"); };
|
|
|
|
# Openstack Log Filters
|
|
filter f_horizon { facility(local7) };
|
|
filter f_libvirtd { program(libvirtd) };
|
|
filter f_keystoneall { facility(local2) and message("keystone.*") and not match("keystone.common.wsgi"); };
|
|
filter f_keystoneapi { facility(local2) and match("keystone.common.wsgi"); };
|
|
filter f_barbicanapi { facility(local2) and program(barbican-api); };
|
|
filter f_barbicandbsync { facility(local2) and program(barbican-dbsync); };
|
|
filter f_barbicankeystonelistener { facility(local2) and program(barbican-keystone-listener); };
|
|
filter f_barbicanworker { facility(local2) and program(barbican-worker); };
|
|
filter f_barbicancleaner { facility(local2) and program(barbican-cleaner); };
|
|
|
|
# NFV-VIM Log Filters
|
|
filter f_vim { facility(user) and program(VIM_); };
|
|
filter f_vim_api { facility(user) and program(VIM-API_); };
|
|
filter f_vim_webserver { facility(user) and program(VIM-WEB_); };
|
|
|
|
# bash Log Filter
|
|
filter f_bash { facility(user) and program("^(-)?(ba)?(su|sh)$"); };
|
|
|
|
# Lighttpd ostree pull requests (using separated message() functions instead
|
|
# of a single regexp matching the whole message to improve performance)
|
|
filter f_lighttpd { not(message('] "GET /iso/') and
|
|
message('" 200 ') and
|
|
message(' "libostree/') and
|
|
message('/ostree_repo/objects/') and
|
|
message("(?:\.filez|\.dirtree) "))};
|
|
|
|
########################
|
|
# Log paths
|
|
########################
|
|
log { source(s_src); filter(f_auth); destination(d_auth); };
|
|
log { source(s_src); filter(f_cron); destination(d_cron); };
|
|
log { source(s_src); filter(f_daemon); destination(d_daemon); };
|
|
log { source(s_src); filter(f_daemon_ocf); destination(d_daemon_ocf); };
|
|
log { source(s_src); filter(f_containerd); destination(d_containerd); };
|
|
log { source(s_src); filter(f_collectd); destination(d_collectd); };
|
|
log { source(s_src); filter(f_kern); destination(d_kern); };
|
|
log { source(s_src); filter(f_lpr); destination(d_lpr); };
|
|
#log { source(s_src); filter(f_syslog3); destination(d_syslog); };
|
|
log { source(s_src); filter(f_syslog); destination(d_syslog); };
|
|
log { source(s_src); filter(f_user); destination(d_user); };
|
|
log { source(s_src); filter(f_uucp); destination(d_uucp); };
|
|
log { source(s_src); filter(f_local0); destination(d_postgres); };
|
|
log { source(s_src); filter(f_local1); destination(d_platform); };
|
|
log { source(s_src); filter(f_local2); destination(d_openstack); };
|
|
log { source(s_src); filter(f_local3); destination(d_sm); };
|
|
|
|
# HAProxy Log Path
|
|
log { source(s_udp); filter(f_local1); destination(d_haproxy); };
|
|
|
|
# Fault Management Log Path
|
|
log { source(s_src); filter(f_fm_api); destination(d_fm_api); };
|
|
log { source(s_src); filter(f_fm_event); destination(d_fm_event); };
|
|
log { source(s_src); filter(f_fm_manager); destination(d_fm_manager); };
|
|
|
|
# IMA Log Path
|
|
log { source(s_src); filter(f_ima); destination(d_ima); };
|
|
# we need to pass along IMA Appraisal failures to FM in order to
|
|
# generate FM EVENT logs
|
|
log { source(s_src); filter(f_ima_appraise); destination(d_ima_appraise); };
|
|
|
|
# Sysinv Log Path
|
|
log {source(s_src); filter(f_sysinv); destination(d_sysinv); };
|
|
log {source(s_src); filter(f_sysinvapi); destination(d_sysinvapi); };
|
|
|
|
# Openstack Log Paths
|
|
log { source(s_src); filter(f_horizon); destination(d_horizon); };
|
|
log { source(s_src); filter(f_libvirtd); destination(d_libvirtd); };
|
|
log { source(s_src); filter(f_keystoneall); destination(d_keystoneall); };
|
|
log { source(s_src); filter(f_keystoneapi); destination(d_keystoneapi); };
|
|
log { source(s_src); filter(f_barbicanapi); destination(d_barbicanapi); };
|
|
log { source(s_src); filter(f_barbicandbsync); destination(d_barbicandbsync); };
|
|
log { source(s_src); filter(f_barbicankeystonelistener); destination(d_barbicankeystonelistener); };
|
|
log { source(s_src); filter(f_barbicanworker); destination(d_barbicanworker); };
|
|
log { source(s_src); filter(f_barbicancleaner); destination(d_barbicancleaner); };
|
|
|
|
# NFV-VIM Log Paths
|
|
log {source(s_src); filter(f_vim); destination(d_vim); };
|
|
log {source(s_src); filter(f_vim_api); destination(d_vim_api); };
|
|
log {source(s_src); filter(f_vim_webserver); destination(d_vim_webserver); };
|
|
|
|
# Local Log Paths
|
|
log { source(s_src); filter(f_mail); destination(d_mail); };
|
|
#log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };
|
|
#log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };
|
|
#log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); };
|
|
|
|
log { source(s_src); filter(f_newscrit); destination(d_newscrit); };
|
|
log { source(s_src); filter(f_newserr); destination(d_newserr); };
|
|
log { source(s_src); filter(f_newsnotice); destination(d_newsnotice); };
|
|
#log { source(s_src); filter(f_cnews); destination(d_console_all); };
|
|
#log { source(s_src); filter(f_cother); destination(d_console_all); };
|
|
|
|
#log { source(s_src); filter(f_ppp); destination(d_ppp); };
|
|
|
|
log { source(s_src); filter(f_console); destination(d_console_all);
|
|
destination(d_xconsole); };
|
|
log { source(s_src); filter(f_crit); destination(d_console); };
|
|
|
|
# All messages send to a remote site
|
|
#
|
|
#log { source(s_src); destination(d_net); };
|
|
|
|
# Bash log Path
|
|
log { source(s_src); filter(f_bash); destination(d_bash); };
|
|
|
|
# Lighttpd Log Path
|
|
log { source(s_lighttpd); filter(f_lighttpd); destination(d_lighttpd); };
|
|
|
|
# sshlog definitions
|
|
#
|
|
template t_sshlog {
|
|
template("${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${HOST} ${MSGHDR}${MSG}\n");
|
|
template-escape(no);
|
|
};
|
|
destination d_sshlog { file("/var/log/sshlog.log" template(t_sshlog)); };
|
|
filter f_sshlog { program(".*sshlog$"); };
|
|
log { source(s_src); filter(f_sshlog); destination(d_sshlog); };
|
|
|
|
|
|
# Include conf.d files
|
|
@include "/etc/syslog-ng/conf.d/"
|