yslog configurationsdf_debug {file (/var/log/$ HOST/debug ); }; df_messages {file (/var/log/$ HOST/messages ); };
# pipes
# a console to view log messages under Xdp_xconsole {pipe (/dev/xconsole ); };
# consoles
# this will send messages to everyone logged indu_all {usertty ( * ); };
######
# filters
# all messages from the auth and authpriv facilitiesf_auth {facility (auth, authpriv); };
# all messages except from the auth and authpriv facilitiesf_syslog {not facility (auth, authpriv, mail, local7, local1); };
# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
# and uucp facilitiesf_cron {facility (cron); }; f_daemon {facility (daemon); }; f_kern {facility (kern); }; f_lpr {facility (lpr); }; f_mail {facility (mail); }; f_news {facility (news); }; f_user {facility (user); }; f_uucp {facility (uucp); };
# some filters to select messages of priority greater or equal to info, warn,
# and err
# (equivalents of syslogd's * .info, * .warn, and * .err) f_at_least_info {level (info..emerg); }; f_at_least_notice {level (notice..emerg); }; f_at_least_warn {level (warn..emerg); }; f_at_least_err {level (err..emerg); }; f_at_least_crit {level (crit..emerg); };
# all messages of priority debug not coming from the auth, authpriv, news, and
# mail facilitiesf_debug {level (debug) and not facility (auth, authpriv, news, mail); };
# all messages of info, notice, or warn priority not coming form the auth,
# authpriv, cron, daemon, mail, and news facilitiesf_messages {(info, notice, warn) not facility (auth, authpriv, cron, daemon, mail, news) and facility (local7);
};
# messages with priority emergf_emerg {level (emerg); };
# complex filter for messages usually sent to the xconsolef_xconsole {(daemon, mail) level (debug, info, notice, warn) (facility (news) level (crit, err, notice));
};
# filter for radiusf_radius {(local1);
};
######
# logs
# order matters if you use flags (final); to mark the end of processing in a
# log statement
# these rules provide the same behavior as the commented original syslogd rules
# auth, authpriv. * /var/log/auth.log{(s_all); (f_auth); (df_auth);
};
# *. *; auth, authpriv.none -/var/log/syslog {(s_all); (f_syslog); (df_syslog);
};
# cron. * /var/log/cron.log{(s_all); (f_cron); (df_cron);
};
# daemon. * -/var/log/daemon.log {(s_all); (f_daemon); (df_daemon);
};
# kern. * -/var/log/kern.log {(s_all); (f_kern); (df_kern);
};
# lpr. * -/var/log/lpr.log {(s_all); (f_lpr); (df_lpr);
};
# mail. * -/var/log/mail.log {(s_all); (f_mail); (df_mail);
};
# user. * -/var/log/user.log {(s_all); (f_user); (df_user);
};
# uucp. * /var/log/uucp.log{(s_all); (f_uucp); (df_uucp);
};
# mail.info -/var/log/mail.info
# log {
# source (s_all);
# filter (f_mail);
# filter (f_at_least_info);
# destination (df_facility_dot_info);
#};
# mail.warn -/var/log/mail.warn
# log {
# source (s_all);
# filter (f_mail);
# filter (f_at_least_warn);
# destination (df_facility_dot_warn);
#};
# mail.err /var/log/mail.err{(s_all); (f_mail); (f_at_least_err); (df_facility_dot_err);
};
# news.crit /var/log/news/news.crit{(s_all); (f_news); (f_at_least_crit); (df_news_dot_crit);
