69 lines
1.4 KiB
Plaintext
69 lines
1.4 KiB
Plaintext
# Sample Metalog configuration file
|
|
|
|
maxsize = 1048576 # size in bytes (1048576 = 1 megabyte)
|
|
maxtime = 86400 # time in seconds (86400 = 1 day)
|
|
maxfiles = 10 # num files per directory
|
|
|
|
# This will capture all of the internal log messages that metalog itself
|
|
# generates. If you use any "command" options below, you will want this
|
|
# as metalog generates a lot of status messages whenever it executes a
|
|
# command and children processes exit.
|
|
|
|
Metalog :
|
|
|
|
program = "metalog"
|
|
logdir = "/var/log/metalog"
|
|
break = 1
|
|
|
|
Authentication :
|
|
|
|
facility = "auth"
|
|
facility = "authpriv"
|
|
logdir = "/var/log/auth"
|
|
break = 1
|
|
|
|
Critical :
|
|
|
|
facility = "*"
|
|
minimum = 1
|
|
logdir = "/var/log/critical"
|
|
break = 1
|
|
|
|
Password failures :
|
|
|
|
regex = "(password|login|authentication)\s+(fail|invalid)"
|
|
regex = "(failed|invalid)\s+(password|login|authentication|user)"
|
|
regex = "ILLEGAL ROOT LOGIN"
|
|
logdir = "/var/log/pwdfail"
|
|
break = 1
|
|
|
|
Kernel messages :
|
|
|
|
facility = "kern"
|
|
logdir = "/var/log/kernel"
|
|
break = 1
|
|
|
|
Daemons :
|
|
facility = "daemon"
|
|
logdir = "/var/log/daemon"
|
|
break = 1
|
|
|
|
crond :
|
|
|
|
facility = "cron"
|
|
logdir = "/var/log/cron"
|
|
break = 1
|
|
|
|
SSH Server :
|
|
|
|
program = "sshd"
|
|
logdir = "/var/log/sshd"
|
|
break = 1
|
|
|
|
Mail :
|
|
|
|
facility = "mail"
|
|
neg_regex= "starting daemon"
|
|
logdir = "/var/log/mail"
|
|
break = 1
|