логи named

cat /etc/syslog-ng/syslog-ng.conf:
---------
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.

options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
        };


source from_all {   unix-stream ("/dev/log");
                    file ("/proc/kmsg");
                    internal();
                };
source from_named { unix-stream ("/home/named/dev/log"); };


destination sendmail    { file("/var/log/sendmail.log"); };
destination drweb       { file("/var/log/drweb.log"); };
destination socks5      { file("/var/log/socks5.log"); };
destination pop3        { file("/var/log/pop3.log"); };
destination pppd        { file("/var/log/pppd.log"); };
destination sshd        { file("/var/log/sshd.log"); };
destination ftpd        { file("/var/log/ftpd.log"); };
destination crond       { file("/var/log/crond.log"); };
destination named       { file("/var/log/named.log"); };
destination boot        { file("/var/log/boot.log"); };
destination ipchains    { file("/var/log/ipchains.log"); };
destination other       { file("/var/log/other.log"); };


filter sendmail { program("sendmail"); };
filter drweb    { program("drwebd") or program("drweb-smf.static"); };
filter socks5   { program("ocks5"); };
filter pop3     { program("popa3d") or program("inetd") or program("imapd"); };
filter pppd     { program("pppd"); };
filter sshd     { program("sshd"); };
filter ftpd     { program("ftp") or program("ftpd") or program("in.ftpd"); };
filter crond    { program("crond"); };
filter named    { program("named"); };
filter tproxy   { program("tproxy"); };
filter ipchains { match("Packet log"); };
filter boot     { facility(local7); };
 
filter other    { not ( program("sendmail") or
                    program("drwebd") or program("drweb-smf.static") or
                    program("ocks5") or
                    program("popa3d") or program("inetd") or program("imapd") or
                    program("pppd") or match("PPP") or match("CSLIP") or match("ppp") or
                    program("sshd") or
                    program("in.ftpd") or program("ftpd") or match("ftp") or
                    program("crond") or
                    program("named") or
                    program("tproxy") or
                    match("Packet log"));
                };
 
 
log { source(from_all); filter(sendmail);       destination(sendmail); };
log { source(from_all); filter(drweb);          destination(drweb); };
log { source(from_all); filter(socks5);         destination(socks5); };
log { source(from_all); filter(pop3);           destination(pop3); };
log { source(from_all); filter(pppd);           destination(pppd); };
log { source(from_all); filter(sshd);           destination(sshd); };
log { source(from_all); filter(ftpd);           destination(ftpd); };
log { source(from_all); filter(crond);          destination(crond); };
log { source(from_all); filter(ipchains);       destination(ipchains); };
log { source(from_all); filter(other);          destination(other); };
log { source(from_named);       filter(named);  destination(named); };
log { source(from_all); source(from_named);     filter(boot);   destination(boot); };
-----------

От себя добавлю: named у меня chroot-ится в /home/named - поэтому
и сокет дополнительный нужно открывать (/home/named/dev/log); а
еще drweb к sendmail прикручен.
Недавно поставил ядро 2.4.18, с ipchains на iptables пока не
переделал, времени нет...
Да, syslog-ng-1.4.14
spirit ★★★★★
(06.12.02 17:14:57 UTC)
Ссылка
Похожие темы
