# Syslog-ng configuration file for central logging server.
# It depends on SSH tunnel on port 5014.
# Author: Krzysztof Kozlowski
#   http://www.kozik.net.pl

options { 
	chain_hostnames(off); 
	check_hostname(yes);
	keep_hostname(yes);
	flush_lines(0);
	stats(14400); 
};

# ##########################################################
# Common filters:
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon) and not program(smartd) and not program(dnsmasq); };
filter f_kernel { facility(kern) and not match("^FIREWALL:"); };
filter f_mail { facility(mail); };
filter f_messages { level(info..emerg) and not facility(cron, mail, daemon) and not match("^FIREWALL:") and not program("dhcpcd"); };
filter f_hardware { program(hddtemp) or program(smartd); };
filter f_firewall { match("^FIREWALL:"); };
filter f_sudo { program("sudo"); };
filter f_console_all { not program("smbd_audit"); };
filter f_dnsmasq { program("dnsmasq"); };
filter f_smbd_audit { program("smbd_audit"); };

filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

# ##########################################################
# Central:
source central_src {
	tcp(ip("localhost")
		port(5014)
		max_connections(100)
	);
};
destination central_logpile {
	file("/var/log/$HOST/$YEAR/$MONTH/$FACILITY.$YEAR$MONTH$DAY.log"
		owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700));
};
destination central_auth { file("/var/log/$HOST/auth.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_cron { file("/var/log/$HOST/cron.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_daemon { file("/var/log/$HOST/daemon.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_kernel { file("/var/log/$HOST/kernel.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_mail { file("/var/log/$HOST/mail.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_hardware { file("/var/log/$HOST/hardware.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_firewall { file("/var/log/$HOST/firewall.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_dnsmasq { file("/var/log/$HOST/dnsmasq.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_sudo { file("/var/log/$HOST/sudo.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_messages { file("/var/log/$HOST/messages" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination central_smbd_audit { file("/var/log/$HOST/samba.log.audit" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
log { source(central_src); destination(central_logpile); };
log { source(central_src); filter(f_authpriv); destination(central_auth); };
log { source(central_src); filter(f_cron); destination(central_cron); };
log { source(central_src); filter(f_daemon); destination(central_daemon); };
log { source(central_src); filter(f_kernel); destination(central_kernel); };
log { source(central_src); filter(f_mail); destination(central_mail); };
log { source(central_src); filter(f_hardware); destination(central_hardware); };
log { source(central_src); filter(f_firewall); destination(central_firewall); };
log { source(central_src); filter(f_dnsmasq); destination(central_dnsmasq); };
log { source(central_src); filter(f_sudo); destination(central_sudo); };
log { source(central_src); filter(f_messages); destination(central_messages); };
log { source(central_src); filter(f_smbd_audit); destination(central_smbd_audit); };


# ##########################################################
# Local:
source local_src {
	unix-stream("/dev/log" max-connections(256));
	internal();
	pipe("/proc/kmsg");
};
# Console:
destination console { usertty("root"); };
log { source(local_src); filter(f_emergency); destination(console); };
destination console_all { file("/dev/tty12"); };
log { source(local_src); filter(f_console_all); destination(console_all); };
# Local logging:
destination local_auth { file("/var/log/auth.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_cron { file("/var/log/cron.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_daemon { file("/var/log/daemon.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_kernel { file("/var/log/kernel.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_mail { file("/var/log/mail.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_hardware { file("/var/log/hardware.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_firewall { file("/var/log/firewall.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_dnsmasq { file("/var/log/dnsmasq.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_sudo { file("/var/log/sudo.log" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_messages { file("/var/log/messages" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
destination local_smbd_audit { file("/var/log/samba/log.audit" owner(root) group(root) perm(0600) create_dirs(yes) dir_perm(0700)); };
log { source(local_src); filter(f_authpriv); destination(local_auth); };
log { source(local_src); filter(f_cron); destination(local_cron); };
log { source(local_src); filter(f_daemon); destination(local_daemon); };
log { source(local_src); filter(f_kernel); destination(local_kernel); };
log { source(local_src); filter(f_mail); destination(local_mail); };
log { source(local_src); filter(f_hardware); destination(local_hardware); };
log { source(local_src); filter(f_firewall); destination(local_firewall); };
log { source(local_src); filter(f_dnsmasq); destination(local_dnsmasq); };
log { source(local_src); filter(f_sudo); destination(local_sudo); };
log { source(local_src); filter(f_messages); destination(local_messages); };
log { source(local_src); filter(f_smbd_audit); destination(local_smbd_audit); };