5.7.2. Sample configuration files for the syslog-ng Agent

The syslog-ng 3.0 Administrator Guide Document version: Thirteenth Release date: September 23, 2010 Latest version available at the BalaBit Documentation Page
Previous \| Up \| Home \| Contents \| Index \| Glossary \| Next

5.7.2. Sample configuration files for the syslog-ng Agent

The following is a sample configuration file with minimal settings for the syslog-ng Agent for Windows application.

<?xml version="1.0" encoding="utf-8"?>
<syslog-ng-agent-configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="c:\Program Files\syslog-ng Agent\syslog-ng-agent-conf.xsd">
  <SOFTWARE>
    <BalaBit>
      <syslog-ng_Agent WriteMinidump="1" SendOldMessages="1">
        <Local_Settings Enabled="1">
          <Destinations>
            <Network>
              <IPv4 Enabled="1" PrimaryServer="1">
                <Server Index="1" Enabled="1" ServerName="yourserver" ServerPort="514" Throttle="10000" Protocol="2" ProtocolTemplate="<${PRI}>${BSDDATE} ${HOST} ${APP_NAME}[${PROCESS_ID}]: ${MSG}"></Server>
              </IPv4>
            </Network>
          </Destinations>
          <EventSources Enabled="1" MessageTemplate="${EVENT_USERNAME}: ${EVENT_NAME} ${EVENT_SOURCE}: [${EVENT_TYPE}] ${EVENT_MSG} (EventID ${EVENT_ID})">
            <Sources Enabled="1">
              <Event Index="0" Enabled="1" Name="Application" />
              <Event Index="1" Enabled="1" Name="Security" />
              <Event Index="2" Enabled="1" Name="System" />
            </Sources>
          </EventSources>
        </Local_Settings>
      </syslog-ng_Agent>
    </BalaBit>
  </SOFTWARE>
</syslog-ng-agent-configuration>

The following is a more detailed configuration file for the syslog-ng Agent for Windows application.

<?xml version="1.0" encoding="utf-8"?>
<syslog-ng-agent-configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="c:\Program Files\syslog-ng Agent\syslog-ng-agent-conf.xsd">
  <SOFTWARE>
    <BalaBit>
      <syslog-ng_Agent WriteMinidump="1" SendOldMessages="1">
        <Local_Settings Enabled="1" RegExpIgnoreCase="0" FilterIgnoreCase="0" LogFacility="13">
          <Destinations>
            <Network>
              <IPv4 Enabled="1" PrimaryServer="0">
                <Server Index="0" Enabled="1" ServerName="server1" ServerPort="514" Throttle="100000" Protocol="2" ProtocolTemplate="<${PRI}>${BSDDATE} ${HOST} ${APP_NAME}[${PROCESS_ID}]: ${MSG}" UseSSL="0" ClientCertSubject="">
                  <FailoverServers FailoverServer0="failoverserver01" FailoverServer1="failoverserver02"></FailoverServers>
                </Server>
                <Server Index="1" Enabled="1" ServerName="server1" ServerPort="514" Throttle="100000" Protocol="1" ProtocolTemplate="<${PRI}>${BSDDATE} ${HOST} ${MSG}" UseSSL="0" ClientCertSubject="">
                  <FailoverServers FailoverServer0="failoverserver11" FailoverServer1="failoverserver12"></FailoverServers>
                </Server>
              </IPv4>
            </Network>
          </Destinations>
          <EventSources Enabled="1" MessageTemplate="${EVENT_USERNAME}: ${EVENT_NAME} ${EVENT_SOURCE}: [${EVENT_TYPE}] ${EVENT_MSG} (EventID ${EVENT_ID})">
            <Sources Enabled="1">
              <Event Index="0" Enabled="1" Name="Application" />
              <Event Index="1" Enabled="1" Name="Security" />
              <Event Index="3" Enabled="1" Name="System" />
            </Sources>
            <Filter Enabled="1">
              <Formatted_Message Enabled="1">
                <Rule Index="0" Regexp="testregexp" Enabled="1" />
                <Rule Index="1" Regexp="testregexp2" Enabled="1" />
              </Formatted_Message>
              <Computer Enabled="1">
                <Rule Index="0" Computer="mycomputername1" Enabled="1" />
                <Rule Index="1" Computer="mycomputername2" Enabled="1" />
              </Computer>
              <Type Enabled="1">
                <Rule Index="0" Type="4" Enabled="1"></Rule>
                <Rule Index="1" Type="4" Enabled="1"></Rule>
              </Type>
              <User Enabled="1">
                <Rule Index="0" Username="TESTDOMAIN\Administrator" Enabled="1" />
                <Rule Index="1" Username="NT AUTHORITY\SYSTEM" Enabled="1" />
              </User>
              <Source_EventId Enabled="1">
                <Rule Index="0" Source="EventCreate" EventId="636" Enabled="1" />
                <Rule Index="1" Source="EventCreate" EventId="637" Enabled="1" />
              </Source_EventId>
              <Source_Category Enabled="1">
                <Rule Index="0" Source="Security" Category="Object Access" Enabled="1" />
                <Rule Index="1" Source=" EventCreate" Category="" Enabled="1" />
              </Source_Category>
            </Filter>
          </EventSources>
          <FileSources MessageTemplate="$FILE_NAME: $FILE_MESSAGE" Enabled="1" LogFacility="0" LogPriority="6">
            <Sources Enabled="1">
              <File Index="0" Enabled="1" BaseDirectory="c:\windows" FileNameFilter="*.log" Recursive="0" LastModifiedFileOnly="0" id="a455e5ba-d4e9-4b85-8711-e8bf10141028" PeriodicFileCheck="0" LogFacility="5" LogPriority="5" />
              <File Index="1" Enabled="1" BaseDirectory="c:\" FileNameFilter="*.txt" Recursive="1" LastModifiedFileOnly="1" id="b455e5ba-d4e9-4b85-8711-e8bf10141038" PeriodicFileCheck="0" />
            </Sources>
            <Filter Enabled="1">
              <Formatted_Message>
                <Rule Index="0" Regexp="Verbose" Enabled="1" />
                <Rule Index="1" Regexp="Info" Enabled="1" />
              </Formatted_Message>
            </Filter>
          </FileSources>
        </Local_Settings>
      </syslog-ng_Agent>
    </BalaBit>
  </SOFTWARE>
</syslog-ng-agent-configuration>

Prev	Up	Next
5.7. Using an XML-based configuration file	Home \| Contents	5.8. Controlling the syslog-ng agent services

© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com