app-admin/metalog/files/metalog.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

# $Header: /var/cvsroot/gentoo-x86/app-admin/metalog/files/metalog.conf,v 1.2 2002/10/12 06:09:16 woodchip Exp $
#
# Sample Metalog configuration file 

maxsize  = 100000
maxtime  = 86400
maxfiles = 5

Kernel messages :

  facility = "kern"
  logdir   = "/var/log/kernel"

Crond :

  program  = "crond"
  logdir   = "/var/log/crond"
  
Dudes firewalled by IPTrap :

  program  = "iptrap"
  logdir   = "/var/log/iptrap"

Password failures :

  regex    = "(password|login|authentication)\s+(fail|invalid)"
  regex    = "(failed|invalid)\s+(password|login|authentication)"
  regex    = "ILLEGAL ROOT LOGIN"
  logdir   = "/var/log/pwdfail"
#  command  = "/usr/local/sbin/mail_pwd_failures.sh"  

FTP Server :

  program  = "pure-ftpd"
  logdir   = "/var/log/ftpd"
  
SSH Server :

  program  = "sshd"
  logdir   = "/var/log/sshd"

Telnet :

  program  = "login"
  logdir   = "/var/log/telnet"

Imap :

  program  = "/usr/sbin/imapd"
  logdir   = "/var/log/imap"

POP Toaster :

  program  = "/usr/sbin/ipop3d"
  logdir   = "/var/log/pop"

#Add authenticated IP addresses for SMTP relaying :

#  program  = "/usr/sbin/ipop3d"
#  regex    = "Login.+nmsgs="
#  command  = "/usr/local/sbin/add_pop_address.sh"

Mail :

  facility = "mail"
  logdir   = "/var/log/mail"

Everything important :

  facility = "*"
  minimum  = 6
  logdir   = "/var/log/everything"

Everything very important :

  facility = "*"
  minimum  = 1
  logdir   = "/var/log/critical"

#
#Uncomment and adjust the following lines to 
#your needs to enable console logging
#
# Hint: you can change the device to which
#       should be logged in /usr/sbin/consolelog.sh
#

#console logging :
#
#  facility = "*"
#  command = "/usr/sbin/consolelog.sh"