Article Listing 1 Listing 2 dec2004.tar

Listing 2 Configuration file

#----------------------------------------------------------------------
# General options
#----------------------------------------------------------------------
options
  {
    chain_hostnames(no);
    create_dirs (no);
    dir_perm(0755);
    keep_hostname(yes);
    log_fifo_size(1024);
    long_hostnames(on);
    perm(0644);
    sync(0);
    time_reopen (10);
    use_dns(no);
    use_fqdn(no);
  };

#----------------------------------------------------------------------
# Log sources
#----------------------------------------------------------------------
source network { udp(); };
# uncomment the next line and all lines that mention "loghost" if you are 
# logging local events as well you should turn off the default syslog setup 
# if you enable this source local { unix-stream("/dev/log"); internal(); };

  
#----------------------------------------------------------------------
# Log Destinations
#----------------------------------------------------------------------
destination unix-server1    { file("/var/syslog-ng/hosts/unix-server1.log"); };
destination win-server1     { file("/var/syslog-ng/hosts/win-server1.log"); };
destination firewall1       { file("/var/syslog-ng/hosts/firewall1.log"); };
destination router1         { file("/var/syslog-ng/hosts/router1.log"); };
#destination loghost        { file("/var/syslog-ng/hosts/loghost.log"); };

#----------------------------------------------------------------------
# host-based filters
#----------------------------------------------------------------------
filter                  f_unix-server1   { host(10.1.1.4$); };
filter                  f_win-server1    { host(10.1.1.44$); };
filter                  f_firewall1      { host(10.1.1.2$); };
filter                  f_router1        { host(10.1.1.1$); };

#----------------------------------------------------------------------
#  put it all together
#----------------------------------------------------------------------
log { source(network);   filter(f_unix-server1);  destination(unix-server1); };
log { source(network);   filter(f_win-server1);   destination(win-server1); };
log { source(network);   filter(f_firewall1);     destination(firewall1); };
log { source(network);   filter(f_router1);       destination(router1); };
#log { source(local);      desintation(loghost); };