Ich verwende syslog-ng als logger. Jetzt habe ich folgende syslog-ng.conf erstellt:
Code: Select all
#/etc/syslog-ng/syslog-ng.conf
options { long_hostnames(off); sync(0); };
#Quelle von der das Log gelesen werden soll
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };
#Ziele festlegen
destination authlog { file("/var/log/auth_$YEAR_$MONTH.log"); };
destination syslog { file("/var/log/syslog_$YEAR_$MONTH.log"); };
destination cron { file("/var/log/cron_$YEAR_$MONTH.log"); };
destination daemon { file("/var/log/daemon_$YEAR_$MONTH.log"); };
destination kern { file("/var/log/kern_$YEAR_$MONTH.log"); };
destination user { file("/var/log/user_$YEAR_$MONTH.log"); };
destination mail { file("/var/log/mail_$YEAR_$MONTH.log"); };
destination mailinfo { file("/var/log/mail_$YEAR_$MONTH.info"); };
destination mailwarn { file("/var/log/mail_$YEAR_$MONTH.warn"); };
destination mailerr { file("/var/log/mail_$YEAR_$MONTH.err"); };
destination newscrit { file("/var/log/news/news_$YEAR_$MONTH.crit"); };
destination newserr { file("/var/log/news/news_$YEAR_$MONTH.err"); };
destination newsnotice { file("/var/log/news/news_$YEAR_$MONTH.notice"); };
destination debug { file("/var/log/debug_$YEAR_$MONTH"); };
destination messages { file("/var/log/messages_$YEAR_$MONTH"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
#destination xconsole { pipe("/dev/xconsole"); };
#Filter erstellen
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };
#Filter und Ziele verbinden
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#Standard-Log
log { source(src); destination(console_all); };
Zur Rotation verwende ich einen cronjob, aber leider funktioniert das mit den Makros nicht richtig,
Code: Select all
#Ziele festlegen
destination authlog { file("/var/log/auth_$YEAR_$MONTH.log"); };
Oder haltet ihr hier den Einsatz von logrotate für sinnvoller?
Viele Grüße
Andreas