# Sample Metalog configuration file maxsize = 1048576 # size in bytes (1048576 = 1 megabyte) maxtime = 86400 # time in seconds (86400 = 1 day) maxfiles = 5 # num files per directory Everything important : facility = "*" minimum = 6 logdir = "/var/log/everything" #if break keyword does not appear, rules after here will be run. Everything very important : facility = "*" minimum = 1 logdir = "/var/log/critical" Password failures : regex = "(password|login|authentication)\s+(fail|invalid)" regex = "(failed|invalid)\s+(password|login|authentication|user)" regex = "ILLEGAL ROOT LOGIN" logdir = "/var/log/pwdfail" # command = "/usr/local/sbin/mail_pwd_failures.sh" Kernel messages : facility = "kern" logdir = "/var/log/kernel" break = 1 Crond : facility = "cron" logdir = "/var/log/cron" break = 1 # Dudes firewalled by IPTrap : # program = "iptrap" # logdir = "/var/log/iptrap" # break = 1 FTP Server : facility = "ftp" logdir = "/var/log/ftpd" break = 1 News Server : facility = "news" logdir = "/var/log/news" break = 1 SSH Server : program = "sshd" logdir = "/var/log/sshd" break = 1 #Telnet : #why the hell do you still run that thing !? # program = "login" # logdir = "/var/log/telnet" # break = 1 #Imap : # program = "/usr/sbin/imapd" # logdir = "/var/log/imap" # break = 1 POP Toaster : program = "/usr/libexec/teapop" logdir = "/var/log/pop" break = 1 # Add authenticated IP addresses for SMTP relaying : # program = "/usr/sbin/ipop3d" # regex = "Login.+nmsgs=" # command = "/usr/local/sbin/add_pop_address.sh" # break = 1 Mail : # facility = "mail" # neg_regex= "starting daemon" # logdir = "/var/log/mail" # break = 1 # exim stuff - log output from every program whose name begins with # "exim". # Exim : program_regex = "^exim" logdir = "/var/log/exim" break = 1 Ppp : program_regex = "^ppp" logdir = "/var/log/ppp" break = 1 Postgresql : program_regex = "^postmaster" program_regex = "^postgres" logdir = "/var/log/postgres" break = 1 Apache : program_regex = "^httpd" logdir = "/var/log/http" break = 1 HAL : program_regex = "^hal" logdir = "/var/log/hal" break = 1