@version: current @include "scl.conf" source s_local { system(); internal(); }; source s_network { syslog( transport("udp") flags(no-parse) ); }; # ----------------------------------------------------------------- destination d_local { file( "/var/log/remote/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n") ); }; log { source(s_local); source(s_network); junction { channel { flags(final); }; channel { parser { syslog-parser(); }; flags(final); }; }; destination(d_local); }; # ----------------------------------------------------------------- filter f_meterbus_gateway { host("172.16.2.25"); }; destination d_meterbus_gateway { file( "/var/log/remote/meterbus-gateway/${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE}: ${MSG}\n") ); }; log { source(s_network); filter(f_meterbus_gateway); parser { syslog-parser(); }; destination(d_meterbus_gateway); }; # ----------------------------------------------------------------- filter f_mqtt_archiver { match("mqtt-archiver\\[[0-9]+\\]:" value("MESSAGE")); }; destination d_mqtt_archiver { file( "/var/log/remote/mqtt-archiver/${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE}: ${MSG}\n") ); }; log { source(s_network); filter(f_mqtt_archiver); parser { syslog-parser(); }; destination(d_mqtt_archiver); }; # ----------------------------------------------------------------- filter f_switch { host("172.20.0.9"); }; destination d_switch { file( "/var/log/remote/switches/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE}: ${MSG}\n") ); }; log { source(s_network); filter(f_switch); parser { syslog-parser(); }; destination(d_switch); }; # ----------------------------------------------------------------- filter f_firewall { host("172.23.1.1") }; destination d_firewall { file( "/var/log/remote/firewall/all/${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n") ); }; log { source(s_network); filter(f_firewall); parser { syslog-parser(); }; destination(d_firewall); }; # ----------------------------------------------------------------- filter f_firewall_fw { match("\\|firewall", value("MESSAGE")); }; filter f_firewall_dns { match("\\|dns", value("MESSAGE")); }; filter f_firewall_dhcp { match("\\|dhcp", value("MESSAGE")); }; filter f_firewall_ntp { match("\\|ntp", value("MESSAGE")); }; filter f_firewall_ppp { match("\\|ppp", value("MESSAGE")); }; rewrite r_set_aspect_fw { set("fw", value("ASPECT")); }; rewrite r_set_aspect_dns { set("dns", value("ASPECT")); }; rewrite r_set_aspect_dhcp { set("dhcp", value("ASPECT")); }; rewrite r_set_aspect_ntp { set("ntp", value("ASPECT")); }; rewrite r_set_aspect_ppp { set("ppp", value("ASPECT")); }; rewrite r_set_aspect_misc { set("misc", value("ASPECT")); }; destination d_firewall_dynamic { file( "/var/log/remote/firewall/aspects/${ASPECT}-${YEAR}${MONTH}${DAY}.log" create-dirs(yes) perm(0640) template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n") ); }; log { source(s_network); filter(f_firewall); parser { syslog-parser(); }; junction { channel { filter(f_firewall_fw); rewrite(r_set_aspect_fw); destination(d_firewall_dynamic); flags(final); }; channel { filter(f_firewall_dns); rewrite(r_set_aspect_dns); destination(d_firewall_dynamic); flags(final); }; channel { filter(f_firewall_dhcp); rewrite(r_set_aspect_dhcp); destination(d_firewall_dynamic); flags(final); }; channel { filter(f_firewall_ntp); rewrite(r_set_aspect_ntp); destination(d_firewall_dynamic); flags(final); }; channel { filter(f_firewall_ppp); rewrite(r_set_aspect_ppp); destination(d_firewall_dynamic); flags(final); }; channel { rewrite(r_set_aspect_misc); destination(d_firewall_dynamic); }; }; }; # -----------------------------------------------------------------