| 1 |
Has anyone any ideas? The syslog-ng is the usually the first line |
| 2 |
reported by top: |
| 3 |
|
| 4 |
4097 root 20 0 3120 1060 708 R 48.3 0.1 677:46.38 syslog-ng |
| 5 |
|
| 6 |
The files in /var/log seem to be growing at an expected slow pace and |
| 7 |
aren't reporting anything unexpected. I followed a 'howto' and have |
| 8 |
sshguard running. This (comments stripped) is what I have in |
| 9 |
/etc/syslog-ng/syslog-ng.conf |
| 10 |
> options { |
| 11 |
> chain_hostnames(off); |
| 12 |
> sync(0); |
| 13 |
> stats(43200); |
| 14 |
> }; |
| 15 |
> |
| 16 |
> source src { |
| 17 |
> unix-stream("/dev/log" max-connections(256)); |
| 18 |
> internal(); |
| 19 |
> file("/proc/kmsg"); |
| 20 |
> }; |
| 21 |
> |
| 22 |
> destination messages { file("/var/log/messages"); }; |
| 23 |
> destination console_all { file("/dev/tty12"); }; |
| 24 |
> log { source(src); destination(messages); }; |
| 25 |
> log { source(src); destination(console_all); }; |
| 26 |
> destination authlog { file("/var/log/auth.log"); }; |
| 27 |
> destination authlog { file("/var/log/auth.log"); }; |
| 28 |
> filter f_authpriv { facility(auth, authpriv); }; |
| 29 |
> log { source(src); filter(f_authpriv); destination(authlog); }; |
| 30 |
> filter sshlogs { facility(auth, authpriv) and match("sshd"); }; |
| 31 |
> destination sshguardproc { |
| 32 |
> program("/usr/local/sbin/sshguard" |
| 33 |
> template("$DATE $FULLHOST $MESSAGE\n")); |
| 34 |
> }; |
| 35 |
> log { source(src); filter(sshlogs); destination(sshguardproc); }; |
Archives