# Syslog-ng configuration file for Gentoo Linux
# -*- coding: utf-8 -*-
# Thibaud "thican" CANALE
# 2013-04-30
# GPLv3

@version: 3.4
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo,v 1.2 2013/06/02 01:18:35 mr_bones_ Exp $

# https://bugs.gentoo.org/show_bug.cgi?id=426814
@include "scl.conf"


################################
# Documentation
################################
# http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/en/syslog-ng-ose-v3.3-guide-admin-en/html-single/index.html


################################
# Options and Sources
################################
options {
        threaded(yes);
        chain_hostnames(no);
        # all files are in /var/log, and they don't need to be in separate dirs,
        # therefore, we do not allow to create.
        create_dirs(no);

        # Permissions of dirs and files
        dir_owner(root);
        dir_group(wheel);
        dir_perm(2750);
        owner(root);
        group(wheel);
        perm(0640);

        # The default action of syslog-ng is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats_freq(43200);
        stats_level(0);

        # The default action of syslog-ng is to log a MARK line
        # to the file every 20 minutes.  That's seems high for most
        # people so turn it down to once an hour.  Set it to zero
        # if you don't want the functionality at all.
        mark_freq(3600);

        # timestamp in format YYYY-mm-ddTHH:MM:SS+Timezone (RFC 3339)
        ts_format(rfc3339);
};

source src {
        unix-stream("/dev/log" max-connections(256));
        system();
        internal();
        syslog();
};

source kernsrc {
        file("/proc/kmsg");
};


################################
# Definition of destinations for logging files
################################
destination kern { file("/var/log/kern.log"); };
destination user { file("/var/log/user.log"); };

destination mailerr { file("/var/log/mail.err"); }; # level(err..emerg)
destination mailwarn { file("/var/log/mail.warn"); }; # level(warn)
destination mail { file("/var/log/mail.log"); }; # level(info..notice)
destination maildebug { file("/var/log/mail.debug"); }; # level(debug)

destination daemon { file("/var/log/daemon.log"); };
destination authlog { file("/var/log/auth.log"); };
destination syslog-ng { file("/var/log/syslog.log"); };
destination lpr { file("/var/log/lpr.log"); };

destination newserr { file("/var/log/news.err"); }; # level(err..emerg)
destination newswarn { file("/var/log/news.warn"); }; # level(warn)
destination news { file("/var/log/news.log"); }; # level(info..notice)
destination newsdebug { file("/var/log/news.debug"); }; # level(debug)

destination uucp { file("/var/log/uucp.log"); };
destination cron { file("/var/log/cron.log"); };
destination ftp { file("/var/log/ftp.log"); };
destination ntp { file("/var/log/ntp.log"); };
destination security { file("/var/log/security.log"); };
destination console { file("/var/log/console.log"); };
destination solaris_cron { file("/var/log/solaris_cron.log"); };

# General log files
# for catching messages based on their severity level.
destination emergency { file("/var/log/emergency"); }; # level(emerg)
destination alert { file("/var/log/alert"); }; # level(alert)
destination critical { file("/var/log/critical"); }; # level(crit)
destination debug { file("/var/log/debug"); }; # level(debug) for 'd'ucking testing purpose

destination messages { file("/var/log/messages"); };
destination console_root { usertty("root"); };

destination auth_failed { file("/var/log/auth-failed.log"); };
destination auth_denied { file("/var/log/auth-denied.log"); };

# Consoles
# Useless on a server
destination console_kern { file("/dev/tty8"); };
destination console_user_daemon { file("/dev/tty9"); };
destination console_mail { file("/dev/tty10"); };
destination console_auth { file("/dev/tty11"); };
destination console_emergency { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };


################################
# Création des filtres.
################################
# Facility levels
# kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, security, console, solaris-cron, local0..local7
filter f_kern { facility(kern); };
filter f_user { facility(user); };
filter f_mail { facility(mail); };
filter f_daemon { facility(daemon); };
filter f_auth { facility(auth); };
filter f_syslog { facility(syslog); };
filter f_lpr { facility(lpr); }; # line printer subsystem
filter f_news { facility(news); };
filter f_uucp { facility(uucp); };
filter f_cron { facility(cron); };
filter f_authpriv { facility(authpriv); };
filter f_ftp { facility(ftp); };
filter f_ntp { facility(ntp); };
filter f_security { facility(security); };
filter f_console { facility(console); };
#filter f_solaris_cron { facility(solaris_cron); }; # available in version 3.3 and above.

# Severity levels
# in order: emerg, alert, crit, err, warning, notice, info, debug
filter f_emerg { level(emerg); };
filter f_alert { level(alert); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_warning { level(warning); };
filter f_notice { level(notice); };
filter f_info { level(info); };
filter f_debug { level(debug) };

# Some concatenate filters
filter f_authlog { facility(auth, authpriv); };
filter f_user_daemon { facility(user, daemon); };

# My 4 personnal levels
filter f_log_err { level(err..emerg); };
filter f_log_warning { level(warning); };
filter f_log_info { level(info..notice); };
filter f_log_debug { level(debug); };

# f_messages, the unfilter other messages.
# J'ai laissé lpr, uucp, ftp, ntp, console, pour les niveaux info à warning inclus.
filter f_messages { level(info..warning) and
        not facility(user, mail, daemon, auth, syslog, news, cron, authpriv, security); };

filter f_failed { message("failed"); };
filter f_denied { message("denied"); };

################################
# connect filter and destination
################################
#log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(kernsrc); destination(kern); };
log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_mail); filter(f_log_err); destination(mailerr); };
log { source(src); filter(f_mail); filter(f_log_warning); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_log_info); destination(mail); };
log { source(src); filter(f_mail); filter(f_log_debug); destination(maildebug); };

log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_authlog); destination(authlog); };
#log { source(src); filter(f_authlog); filter(f_failed); destination(auth_failed); };
#log { source(src); filter(f_authlog); filter(f_denied); destination(auth_denied); };
log { source(src); filter(f_syslog); destination(syslog-ng); };
log { source(src); filter(f_lpr); destination(lpr); };

log { source(src); filter(f_news); filter(f_log_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_log_warning); destination(newswarn); };
log { source(src); filter(f_news); filter(f_log_info); destination(news); };
log { source(src); filter(f_news); filter(f_log_debug); destination(newsdebug); };

log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_ftp); destination(ftp); };
log { source(src); filter(f_ntp); destination(ntp); };
log { source(src); filter(f_security); destination(security); };
log { source(src); filter(f_console); destination(console); };

log { source(src); filter(f_emerg); destination(emergency); destination(console_root); };
log { source(src); filter(f_alert); destination(alert); };
log { source(src); filter(f_crit); destination(critical); };
log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

# Logs for consoles. (useless on a server)
log { source(kernsrc); destination(console_kern); };
log { source(src); filter(f_user_daemon); destination(console_user_daemon); };
log { source(src); filter(f_mail); destination(console_mail); };
log { source(src); filter(f_authlog); destination(console_auth); };
log { source(src); filter(f_log_err); destination(console_emergency); };