initial

2026-02-19 11:59:04 +01:00
commit 148efd96a5
2 changed files with 250 additions and 0 deletions
--- a/syslog-ng.conf
+++ b/syslog-ng.conf
@@ -0,0 +1,232 @@
+@version: current
+@include "scl.conf"
+
+source s_local {
+  system(); internal();
+};
+
+source s_network {
+  syslog(
+    transport("udp")
+    flags(no-parse)
+  );
+};
+
+
+# -----------------------------------------------------------------
+destination d_local {
+  file(
+    "/var/log/remote/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log"
+    create-dirs(yes)
+    perm(0640)
+    template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
+  );
+};
+
+log {
+  source(s_local);
+  source(s_network);
+  junction {
+    channel {
+      flags(final);
+    };
+    channel {
+      parser {
+        syslog-parser();
+      };
+      flags(final);
+    };
+  };
+  destination(d_local);
+};
+
+# -----------------------------------------------------------------
+filter f_meterbus_gateway {
+  host("172.16.2.25");
+};
+
+destination d_meterbus_gateway {
+  file(
+    "/var/log/remote/meterbus-gateway/${YEAR}${MONTH}${DAY}.log"
+    create-dirs(yes)
+    perm(0640)
+    template("${ISODATE}: ${MSG}\n")
+  );
+};
+
+log {
+  source(s_network);
+  filter(f_meterbus_gateway);
+  parser { syslog-parser(); };
+  destination(d_meterbus_gateway);
+};
+
+# -----------------------------------------------------------------
+filter f_mqtt_archiver {
+    match("mqtt-archiver\\[[0-9]+\\]:" value("MESSAGE"));
+};
+
+destination d_mqtt_archiver {
+  file(
+    "/var/log/remote/mqtt-archiver/${YEAR}${MONTH}${DAY}.log"
+    create-dirs(yes)
+    perm(0640)
+    template("${ISODATE}: ${MSG}\n")
+  );
+};
+
+log {
+  source(s_network);
+  filter(f_mqtt_archiver);
+  parser { syslog-parser(); };
+  destination(d_mqtt_archiver);
+};
+
+
+# -----------------------------------------------------------------
+filter f_switch {
+  host("172.20.0.9");
+};
+
+destination d_switch {
+  file(
+    "/var/log/remote/switches/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log"
+    create-dirs(yes)
+    perm(0640)
+    template("${ISODATE}: ${MSG}\n")
+  );
+};
+
+log {
+  source(s_network);
+  filter(f_switch);
+  parser { syslog-parser(); };
+  destination(d_switch);
+};
+
+# -----------------------------------------------------------------
+filter f_firewall {
+  host("172.20.0.1")
+};
+
+destination d_firewall {
+  file(
+    "/var/log/remote/firewall/all/${YEAR}${MONTH}${DAY}.log"
+    create-dirs(yes)
+    perm(0640)
+    template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
+  );
+};
+
+log {
+  source(s_network);
+  filter(f_firewall);
+  parser { syslog-parser(); };
+  destination(d_firewall);
+};
+
+
+# -----------------------------------------------------------------
+filter f_firewall_fw {
+    match("\\|firewall", value("MESSAGE"));
+};
+
+filter f_firewall_dns {
+    match("\\|dns", value("MESSAGE"));
+};
+
+filter f_firewall_dhcp {
+    match("\\|dhcp", value("MESSAGE"));
+};
+
+filter f_firewall_ntp {
+    match("\\|ntp", value("MESSAGE"));
+};
+
+filter f_firewall_ppp {
+    match("\\|ppp", value("MESSAGE"));
+};
+
+rewrite r_set_aspect_fw {
+    set("fw", value("ASPECT"));
+};
+
+rewrite r_set_aspect_dns {
+    set("dns", value("ASPECT"));
+};
+
+rewrite r_set_aspect_dhcp {
+    set("dhcp", value("ASPECT"));
+};
+
+rewrite r_set_aspect_ntp {
+    set("ntp", value("ASPECT"));
+};
+
+rewrite r_set_aspect_ppp {
+    set("ppp", value("ASPECT"));
+};
+
+rewrite r_set_aspect_misc {
+    set("misc", value("ASPECT"));
+};
+
+destination d_firewall_dynamic {
+    file(
+        "/var/log/remote/firewall/aspects/${ASPECT}-${YEAR}${MONTH}${DAY}.log"
+        create-dirs(yes)
+        perm(0640)
+        template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
+    );
+};
+
+log {
+    source(s_network);
+    filter(f_firewall);
+    parser { syslog-parser(); };
+
+    junction {
+        channel {
+            filter(f_firewall_fw);
+            rewrite(r_set_aspect_fw);
+            destination(d_firewall_dynamic);
+            flags(final);
+        };
+
+        channel {
+            filter(f_firewall_dns);
+            rewrite(r_set_aspect_dns);
+            destination(d_firewall_dynamic);
+            flags(final);
+        };
+
+        channel {
+            filter(f_firewall_dhcp);
+            rewrite(r_set_aspect_dhcp);
+            destination(d_firewall_dynamic);
+            flags(final);
+        };
+
+        channel {
+            filter(f_firewall_ntp);
+            rewrite(r_set_aspect_ntp);
+            destination(d_firewall_dynamic);
+            flags(final);
+        };
+
+        channel {
+            filter(f_firewall_ppp);
+            rewrite(r_set_aspect_ppp);
+            destination(d_firewall_dynamic);
+            flags(final);
+        };
+
+        channel {
+            rewrite(r_set_aspect_misc);
+            destination(d_firewall_dynamic);
+        };
+    };
+};
+
+
+# -----------------------------------------------------------------