Typical workstation syslog-ng.conf

From Research
Revision as of 17:05, 21 February 2008 by Gordp (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett

options {
        chain_hostnames(off);
        sync(0);

        # The default action of syslog-ng 1.6.0 is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats(43200);
};

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

If you find that your workstation's /var/log/messages file is cluttered with every-10-minute cron entries like these:

Feb 21 07:00:01 oilslick cron[19045]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Feb 21 07:10:01 oilslick cron[19097]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Feb 21 07:20:01 oilslick cron[19149]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )

And, if you want to drop these (for the sake of clarity in your /var/log/messages, one way is to filter out all cron-related messages, by adding the bolded/red lines. Think twice, though, if this is really, really what you want to do :-O It may be better to continue to log, but just to a separate file which you can review when/as needed

destination messages { file("/var/log/messages"); };
# We will take out the annoying cron notifications                                                                                                                   
filter nocron { not facility(cron); };
# We will also remove the annoying spamd notifications                                                                
filter nospamd { not program(spamd); };


# By default messages are logged to tty12...                                                                                                                                       
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole                                                                                                                  
# you can comment out the destination line above that references /dev/tty12                                                                                                        
# and uncomment the line below.                                                                                                                                                    
#destination console_all { file("/dev/console"); };                                                                                                                                

log { source(src); filter(nocron); filter(nospamd); destination(messages); };
log { source(src); destination(console_all); };