options { use_fqdn(yes); use_dns(no); chain_hostnames(yes); use_time_recvd(no); #sync(10); perm(0640); owner("syslogng"); group("syslogng"); create_dirs(yes); dir_perm(0750); dir_owner("syslogng"); dir_group("syslogng"); }; source syslog { unix-stream("/dev/log"); }; source kernel { file("/proc/kmsg"); }; source syslog-ng { internal(); }; destination firewall { file("/spool/$HOST/$YEAR/$MONTH/$DAY/firewall"); }; destination kernel { file("/spool/$HOST/$YEAR/$MONTH/$DAY/kernel"); }; destination invalid { file("/spool/unknown/$YEAR/$MONTH/$DAY/invalid"); }; destination postfix { file("/spool/$HOST/$YEAR/$MONTH/$DAY/postfix"); }; destination cron { file("/spool/$HOST/$YEAR/$MONTH/$DAY/cron"); }; destination generic { file("/spool/$HOST/$YEAR/$MONTH/$DAY/$PROGRAM"); }; destination syslog-ng { file("/spool/$HOST/$YEAR/$MONTH/$DAY/syslog-ng"); }; destination misc { file("/spool/$HOST/$YEAR/$MONTH/$DAY/misc"); }; ## kernel filter firewall { match("^firewall:") or match("^NAT:"); }; filter notfirewall { not match("^firewall:") and not match("^NAT:"); }; log { source(kernel); filter(firewall); destination(firewall); }; log { source(kernel); filter(notfirewall); destination(kernel); }; ## internal log { source(syslog-ng); destination(syslog-ng); }; ## syslog filter invalid { not host("^syslog@[a-z][a-z0-9-]*$"); }; filter postfix { host("^syslog@[a-z][a-z0-9-]*$") and program("^postfix/"); }; filter cron { host("^syslog@[a-z][a-z0-9-]*$") and program("^(/USR/SBIN/CRON|/usr/sbin/cron|CRON|cron)$"); }; filter generic { host("^syslog@[a-z][a-z0-9-]*$") and program("^([a-z][a-z0-9._-]*)$"); }; log { source(syslog); filter(invalid); destination(invalid); }; log { source(syslog); filter(postfix); destination(postfix); }; log { source(syslog); filter(cron); destination(cron); }; log { source(syslog); filter(generic); destination(generic); }; log { source(syslog); destination(misc); flags(fallback); };