PipesDownUK n00b
Joined: 22 Jun 2004 Posts: 37
|
Posted: Sun Feb 13, 2005 11:31 am Post subject: Some information about configuring metalog on Gentoo |
|
|
I decided to run metalog as my system logger, the Gentoo handbook recommends it! However I was unable to find much information about configuring it. The metalog README indictes the configuration file is /etc/metalog/metalog.conf while with Gentoo the emerge provides /etc/conf.d/metalog . A newbie like me might think that only one of these was required, indeed the /etc/conf.d/metalog left after the emerge also indicated (to me at least since it included the maxsize, maxtime and maxfiles commands) that only one was required, but this is wrong. Both are required and should look something like the following:
Code: | /etc/conf.d/metalog
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-admin/metalog/files/metalog.confd,v 1.5 2004/07/14 21:14:39 agriffis Exp $
# Config file for /etc/init.d/metalog
# If you are using metalog 0.6, buffering is on by default.
# Add '-s' if you dont want buffering. (See things realtime)
# If you are using metalog 0.7+, buffering is now off by default.
# Add '-a' if you want buffering.
# METALOG_OPTS="-B"
METALOG_OPTS="--configfile=/etc/metalog/metalog.conf" |
/etc/conf.d/metalog is not the configuration file for metalog, but is used to provide the configuration file to /etc/init.d/metalog which starts metalog by defining the METALOG_OPTS variable. See man metalog for options to add to METALOG_OPTS. The actual configuration file for metalog is then in /etc/metalog/metalog.conf and I have something like this as my first cut:
Code: | /etc/metalog/metalog.conf
# Config file for /etc/init.d/metalog
maxsize = 1000000
maxtime = 86400
maxfiles = 7
Kernel messages :
facility = "kern"
logdir = "/var/log/kernel"
Crond :
facility = "cron"
logdir = "/var/log/crond"
Password failures :
regex = "(password|login|authentication)\s+(fail|invalid)"
regex = "(failed|invalid)\s+(password|login|authentication)"
regex = "ILLEGAL ROOT LOGIN"
logdir = "/var/log/pwdfail"
# command = "/usr/local/sbin/mail_pwd_failures.sh"
FTP Server :
program = "pure-ftpd"
logdir = "/var/log/ftpd"
SSH Server :
program = "sshd"
logdir = "/var/log/sshd"
Telnet :
program = "login"
logdir = "/var/log/telnet"
Imap :
program = "/usr/sbin/imapd"
logdir = "/var/log/imap"
POP Toaster :
program = "/usr/sbin/ipop3d"
logdir = "/var/log/pop"
Mail :
facility = "mail"
logdir = "/var/log/mail"
Everything important :
facility = "*"
minimum = 6
logdir = "/var/log/everything"
Everything very important :
facility = "*"
minimum = 1
logdir = "/var/log/critical" |
I hope this stops others making the same mistakes I did. |
|