Hi,
use syslog-ng3, its has all options inside
http://redhat-club.org/2011/%D0%BD%D0%B … 0%B8%D0%B9
here syslog-ng.conf -
options { long_hostnames(off); keep_hostname(yes); use_dns(no); };
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
# Local sources
source s_local { unix-dgram("/dev/log");};
# Local destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_ppp { facility(local2); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
log { source(s_local); filter(f_authpriv); destination(authlog); };
log { source(s_local); filter(f_syslog); destination(syslog); };
log { source(s_local); filter(f_cron); destination(cron); };
log { source(s_local); filter(f_daemon); destination(daemon); };
log { source(s_local); filter(f_kern); destination(kern); };
log { source(s_local); filter(f_lpr); destination(lpr); };
log { source(s_local); filter(f_mail); destination(mail); };
log { source(s_local); filter(f_user); destination(user); };
log { source(s_local); filter(f_uucp); destination(uucp); };
log { source(s_local); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(s_local); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(s_local); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(s_local); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(s_local); filter(f_news); filter(f_err); destination(newserr); };
log { source(s_local); filter(f_news); filter(f_notice); destination(newsnotice); };
log { source(s_local); filter(f_debug); destination(debug); };
log { source(s_local); filter(f_messages); destination(messages); };
log { source(s_local); filter(f_emergency); destination(console); };
log { source(s_local); filter(f_ppp); destination(ppp); };
log { source(s_local); destination(console_all); };
# Remote logging
source s_remote {
udp(ip(10.0.0.1) port(514));
};
# Remote destinations
destination r_authlog {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/authlog.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_syslog {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/syslog"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_cron {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/cron.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_daemon {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_kern {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/kern.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_lpr {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_user {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/user.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_uucp {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_ppp {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/ppp.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_mail {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.log"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_mailinfo {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.info"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_mailwarn {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.warn"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_mailerr {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/mail.err"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_newscrit {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.crit"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_newserr {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.err"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_newsnotice {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/news.notice"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_debug {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/debug"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
destination r_messages {
file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/messages"
owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
};
log { source(s_remote); filter(f_authpriv); destination(r_authlog); };
log { source(s_remote); filter(f_syslog); destination(r_syslog); };
log { source(s_remote); filter(f_cron); destination(r_cron); };
log { source(s_remote); filter(f_daemon); destination(r_daemon); };
log { source(s_remote); filter(f_kern); destination(r_kern); };
log { source(s_remote); filter(f_lpr); destination(r_lpr); };
log { source(s_remote); filter(f_mail); destination(r_mail); };
log { source(s_remote); filter(f_user); destination(r_user); };
log { source(s_remote); filter(f_uucp); destination(r_uucp); };
log { source(s_remote); filter(f_mail); filter(f_info); destination(r_mailinfo); };
log { source(s_remote); filter(f_mail); filter(f_warn); destination(r_mailwarn); };
log { source(s_remote); filter(f_mail); filter(f_err); destination(r_mailerr); };
log { source(s_remote); filter(f_news); filter(f_crit); destination(r_newscrit); };
log { source(s_remote); filter(f_news); filter(f_err); destination(r_newserr); };
log { source(s_remote); filter(f_news); filter(f_notice); destination(r_newsnotice); };
log { source(s_remote); filter(f_debug); destination(r_debug); };
log { source(s_remote); filter(f_messages); destination(r_messages); };
log { source(s_remote); filter(f_ppp); destination(r_ppp); };
(Last edited by sivanov on 19 Jul 2014, 19:39)