# $Id$
#
# syslog-ng client configuration: some local logs, in addition to TCP
# logging to central loghost. Listens only on localhost interface;
# requires "logs" user and group on system.
#
# Local logs are stored under /var/log/archive in a syslog-ng specific
# format that includes facility, priority, and a timestamp that includes
# the year.

options {
  log_fifo_size(4096);

  group(logs);
  dir_group(logs);

  create_dirs(yes);
  dir_perm(0750);
  perm(0640);
  use_time_recvd(no);

  use_fqdn(yes);
  chain_hostnames(no);
  keep_hostname(yes);

  stats(3600);
};

source local {
  unix-stream("/dev/log" max_connections(150));
  udp(ip(127.0.0.1) port(514));
  internal();
};

# all logs to loghost via TCP
filter notdebug { level(info...emerg); };
destination loghost { tcp("loghost.gs.washington.edu" port(5149)); };
log { source(local); filter(notdebug); destination(loghost); };

# emergency to more locations by default
filter emergency { level(emerg); };
destination allusers { usertty("*"); };
log { source(local); filter(emergency); destination(allusers); };

destination d_cons { file("/dev/console"); };
log { source(local); filter(emergency); destination(d_cons); };

# alternate locations for other logs to avoid need to logrotate and HUP
destination d_mesg {
  file( "/var/log/archive/messages/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};
destination d_mail {
  file( "/var/log/archive/mail/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
    template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
    template_escape(no)
  );
};

#filter f_e {
#not(facility(cron) and priority(info));
#};

filter f_filter1 { level(info...emerg) and not facility(mail); };
filter f_filter2 { facility(mail); };

log { source(local); filter(f_filter1); destination(d_mesg); };
log { source(local); filter(f_filter2); destination(d_mail); };