Sample syslog-ng.conf for Solaris
Beware, this wiki software turns the dot-dot-dot into a single character unicode thing ( … ) that syslog-ng doesn't understand.
# syslog-ng.conf
#
# 1002.10 David Mackintosh
## Generic Format: log ($SOURCE, [$FILTER, [$FILTER, [...]] $DESTINATION# Note that you have to define your sources, filters, and destinations
# before you can use them.# Program Options:options {
# use_fqdn(yes);
# use_dns(yes);
# dns_cache(yes);
keep_hostname(yes);
long_hostnames(off);
sync(0);
log_fifo_size(1024);
};# Sources:source all_src {
internal(); # messages from syslog-ng
udp(); # messages from remote systems
sun-streams("/dev/log" door("/etc/.syslog_door")); # local messages from the hosting sun
};# Filters:
# Severities: I like filters set up this way as they simulate the effects of
# traditional syslog.conf format.
#
filter f_notice { level(notice ... emerg);};
filter f_info { level(info ... emerg);};
filter f_debug { level(debug ... emerg);};# If mail is going to a specific place, I like to keep it out of other places.filter f_not_mail { not facility(mail); };
filter f_mail { facility(mail); };# Destinations:
# The leading "\n" character in the template is to work-around
# a bug with netscreen syslogging.destination messages { file("/var/adm/messages" template("\n$ISODATE $HOST $MSG"));};
destination syslog { file("/var/log/syslog");};
destination maillog { file("/var/log/maillog");};# Magic per-host destinations:
# Magic per-host destination (good for central syslog hosts).
# Note that $HOST is the name of the system sending the update, NOT the
# originating system (ie in a scenario where one log concentrator sends
# logs on to another concentrator: if Host A sends to Host B, and host B
# sends on to host C, which has this type of destination, then $HOST is
# going to be B, even though the message originated on A.)destination debug-per-host { file("/var/log/HOSTS/$HOST/debug.$YEAR-$MONTH-$DAY" owner(root) group(root) perm(0600) dir_perm(0700) template("\n$ISODATE $HOST $MSG") create_dirs(yes)); };# Glue it all together:log { source(all_src); filter(f_not_mail); filter(f_info); destination(messages); };
log { source(all_src); filter(f_mail); filter(f_info); destination(maillog); };
log { source(all_src); filter(f_debug); destination(debug-per-host); };