233 lines
4.5 KiB
Plaintext
233 lines
4.5 KiB
Plaintext
@version: current
|
|
@include "scl.conf"
|
|
|
|
source s_local {
|
|
system(); internal();
|
|
};
|
|
|
|
source s_network {
|
|
syslog(
|
|
transport("udp")
|
|
flags(no-parse)
|
|
);
|
|
};
|
|
|
|
|
|
# -----------------------------------------------------------------
|
|
destination d_local {
|
|
file(
|
|
"/var/log/remote/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_local);
|
|
source(s_network);
|
|
junction {
|
|
channel {
|
|
flags(final);
|
|
};
|
|
channel {
|
|
parser {
|
|
syslog-parser();
|
|
};
|
|
flags(final);
|
|
};
|
|
};
|
|
destination(d_local);
|
|
};
|
|
|
|
# -----------------------------------------------------------------
|
|
filter f_meterbus_gateway {
|
|
host("172.16.2.25");
|
|
};
|
|
|
|
destination d_meterbus_gateway {
|
|
file(
|
|
"/var/log/remote/meterbus-gateway/${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE}: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_network);
|
|
filter(f_meterbus_gateway);
|
|
parser { syslog-parser(); };
|
|
destination(d_meterbus_gateway);
|
|
};
|
|
|
|
# -----------------------------------------------------------------
|
|
filter f_mqtt_archiver {
|
|
match("mqtt-archiver\\[[0-9]+\\]:" value("MESSAGE"));
|
|
};
|
|
|
|
destination d_mqtt_archiver {
|
|
file(
|
|
"/var/log/remote/mqtt-archiver/${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE}: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_network);
|
|
filter(f_mqtt_archiver);
|
|
parser { syslog-parser(); };
|
|
destination(d_mqtt_archiver);
|
|
};
|
|
|
|
|
|
# -----------------------------------------------------------------
|
|
filter f_switch {
|
|
host("172.20.0.9");
|
|
};
|
|
|
|
destination d_switch {
|
|
file(
|
|
"/var/log/remote/switches/${SOURCEIP}-${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE}: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_network);
|
|
filter(f_switch);
|
|
parser { syslog-parser(); };
|
|
destination(d_switch);
|
|
};
|
|
|
|
# -----------------------------------------------------------------
|
|
filter f_firewall {
|
|
host("172.20.0.1")
|
|
};
|
|
|
|
destination d_firewall {
|
|
file(
|
|
"/var/log/remote/firewall/all/${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_network);
|
|
filter(f_firewall);
|
|
parser { syslog-parser(); };
|
|
destination(d_firewall);
|
|
};
|
|
|
|
|
|
# -----------------------------------------------------------------
|
|
filter f_firewall_fw {
|
|
match("\\|firewall", value("MESSAGE"));
|
|
};
|
|
|
|
filter f_firewall_dns {
|
|
match("\\|dns", value("MESSAGE"));
|
|
};
|
|
|
|
filter f_firewall_dhcp {
|
|
match("\\|dhcp", value("MESSAGE"));
|
|
};
|
|
|
|
filter f_firewall_ntp {
|
|
match("\\|ntp", value("MESSAGE"));
|
|
};
|
|
|
|
filter f_firewall_ppp {
|
|
match("\\|ppp", value("MESSAGE"));
|
|
};
|
|
|
|
rewrite r_set_aspect_fw {
|
|
set("fw", value("ASPECT"));
|
|
};
|
|
|
|
rewrite r_set_aspect_dns {
|
|
set("dns", value("ASPECT"));
|
|
};
|
|
|
|
rewrite r_set_aspect_dhcp {
|
|
set("dhcp", value("ASPECT"));
|
|
};
|
|
|
|
rewrite r_set_aspect_ntp {
|
|
set("ntp", value("ASPECT"));
|
|
};
|
|
|
|
rewrite r_set_aspect_ppp {
|
|
set("ppp", value("ASPECT"));
|
|
};
|
|
|
|
rewrite r_set_aspect_misc {
|
|
set("misc", value("ASPECT"));
|
|
};
|
|
|
|
destination d_firewall_dynamic {
|
|
file(
|
|
"/var/log/remote/firewall/aspects/${ASPECT}-${YEAR}${MONTH}${DAY}.log"
|
|
create-dirs(yes)
|
|
perm(0640)
|
|
template("${ISODATE} ${SOURCEIP} ${HOST} ${PROGRAM}[${PID}]: ${MSG}\n")
|
|
);
|
|
};
|
|
|
|
log {
|
|
source(s_network);
|
|
filter(f_firewall);
|
|
parser { syslog-parser(); };
|
|
|
|
junction {
|
|
channel {
|
|
filter(f_firewall_fw);
|
|
rewrite(r_set_aspect_fw);
|
|
destination(d_firewall_dynamic);
|
|
flags(final);
|
|
};
|
|
|
|
channel {
|
|
filter(f_firewall_dns);
|
|
rewrite(r_set_aspect_dns);
|
|
destination(d_firewall_dynamic);
|
|
flags(final);
|
|
};
|
|
|
|
channel {
|
|
filter(f_firewall_dhcp);
|
|
rewrite(r_set_aspect_dhcp);
|
|
destination(d_firewall_dynamic);
|
|
flags(final);
|
|
};
|
|
|
|
channel {
|
|
filter(f_firewall_ntp);
|
|
rewrite(r_set_aspect_ntp);
|
|
destination(d_firewall_dynamic);
|
|
flags(final);
|
|
};
|
|
|
|
channel {
|
|
filter(f_firewall_ppp);
|
|
rewrite(r_set_aspect_ppp);
|
|
destination(d_firewall_dynamic);
|
|
flags(final);
|
|
};
|
|
|
|
channel {
|
|
rewrite(r_set_aspect_misc);
|
|
destination(d_firewall_dynamic);
|
|
};
|
|
};
|
|
};
|
|
|
|
|
|
# -----------------------------------------------------------------
|