1 |
Has anyone any ideas? The syslog-ng is the usually the first line |
2 |
reported by top: |
3 |
|
4 |
4097 root 20 0 3120 1060 708 R 48.3 0.1 677:46.38 syslog-ng |
5 |
|
6 |
The files in /var/log seem to be growing at an expected slow pace and |
7 |
aren't reporting anything unexpected. I followed a 'howto' and have |
8 |
sshguard running. This (comments stripped) is what I have in |
9 |
/etc/syslog-ng/syslog-ng.conf |
10 |
> options { |
11 |
> chain_hostnames(off); |
12 |
> sync(0); |
13 |
> stats(43200); |
14 |
> }; |
15 |
> |
16 |
> source src { |
17 |
> unix-stream("/dev/log" max-connections(256)); |
18 |
> internal(); |
19 |
> file("/proc/kmsg"); |
20 |
> }; |
21 |
> |
22 |
> destination messages { file("/var/log/messages"); }; |
23 |
> destination console_all { file("/dev/tty12"); }; |
24 |
> log { source(src); destination(messages); }; |
25 |
> log { source(src); destination(console_all); }; |
26 |
> destination authlog { file("/var/log/auth.log"); }; |
27 |
> destination authlog { file("/var/log/auth.log"); }; |
28 |
> filter f_authpriv { facility(auth, authpriv); }; |
29 |
> log { source(src); filter(f_authpriv); destination(authlog); }; |
30 |
> filter sshlogs { facility(auth, authpriv) and match("sshd"); }; |
31 |
> destination sshguardproc { |
32 |
> program("/usr/local/sbin/sshguard" |
33 |
> template("$DATE $FULLHOST $MESSAGE\n")); |
34 |
> }; |
35 |
> log { source(src); filter(sshlogs); destination(sshguardproc); }; |