Has anyone here configured a central syslog server using syslog-ng ?
I have set one up and I'm trying to tune the syslog-ng.conf file, both for the server and the client. I have found lots of linux example files, but not much on Solaris which is slightly different.
So if you have a Solaris syslog-ng.conf or have any links to some I would love to see them.
This is what I have:
Server:
#
# syslog-ng server configuration:
#
options
{
sync (0);
stats (0);
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
long_hostnames(on);
perm(0644);
time_reopen (10);
use_dns(yes);
};
source s_local { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };
source s_remote { tcp(); };
#----------------------------------------------------------------------
# Standard Log file locations
#----------------------------------------------------------------------
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
#----------------------------------------------------------------------
# Remote logs sorting by host
#----------------------------------------------------------------------
destination d_clients { file("/var/log/HOSTS/$HOST/$R_YEAR/$R_MONTH/$R_DAY/$FACILITY"); };
#----------------------------------------------------------------------
# Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
#----------------------------------------------------------------------
# Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
destination(d_mlrt); };
#----------------------------------------------------------------------
# Remote logging
#----------------------------------------------------------------------
log { source(s_remote); destination(d_clients); };
##########################################
## NOT SURE IF I NEED THIS ##
##########################################
#----------------------------------------------------------------------
# Special catch all destination sorting by host
#----------------------------------------------------------------------
log { source(s_local); source(s_remote); destination(d_clients); };
Client:
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost.
#
options
{
sync (0);
stats (0);
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
long_hostnames(on);
perm(0644);
time_reopen (10);
use_dns(yes);
};
source s_local { sun-streams ("/dev/log" door("/var/run/syslog_door")); internal(); };
#----------------------------------------------------------------------
# Standard Log file locations
#----------------------------------------------------------------------
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/adm/messages"); };
destination d_mail { file("/var/log/syslog"); };
destination d_auth { file("/var/log/authlog"); };
destination d_mlop { usertty("operator"); };
destination d_mlrt { usertty("root"); };
destination d_mlal { usertty("*"); };
#----------------------------------------------------------------------
# Forward to a loghost server
#----------------------------------------------------------------------
destination d_loghostdr { tcp("loghostdr" port(514)); };
#----------------------------------------------------------------------
# Standard filters for the standard destinations.
#----------------------------------------------------------------------
filter f_filter1 { level(err) or
(level(notice) and facility (auth, kern)); };
filter f_filter2 { level(err) or
(facility(kern) and level(notice)) or
(facility(daemon) and level(notice)) or
(facility(mail) and level(crit)); };
filter f_filter3 { level(alert) or
(facility(kern) and level(err)) or
(facility(daemon) and level(err)); };
filter f_filter4 { level(alert); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(kern) and level(notice); };
filter f_filter7 { facility(mail) and level(debug); };
filter f_filter8 { facility(user) and level(err); };
filter f_filter9 { facility(user) and level(alert); };
#----------------------------------------------------------------------
# Standard logging
#----------------------------------------------------------------------
log { source(s_local); filter(f_filter1); destination(d_cons); };
log { source(s_local); filter(f_filter2); destination(d_mesg); };
log { source(s_local); filter(f_filter3); destination(d_mlop); };
log { source(s_local); filter(f_filter4); destination(d_mlrt); };
log { source(s_local); filter(f_filter5); destination(d_mlal); };
log { source(s_local); filter(f_filter6); destination(d_auth); };
log { source(s_local); filter(f_filter7); destination(d_mail); };
log { source(s_local); filter(f_filter8); destination(d_cons);
destination(d_mesg); };
log { source(s_local); filter(f_filter9); destination(d_mlop);
destination(d_mlrt); };
#----------------------------------------------------------------------
# Send to a remote loghost
#----------------------------------------------------------------------
log { source(s_local); destination(d_loghostdr); };