# metalog.conf.

maxsize  = 100000
maxtime  = 86400
maxfiles = 5

##########################################################################

Kernel messages :
  facility = "kern"
  logdir   = "/var/log/kernel"

# 0 is critical, 7 is debug.

Everything important :
  facility = "*"
  minimum  = 6
  logdir   = "/var/log/everything"

Everything very important :
  facility = "*"
  minimum  = 1
  logdir   = "/var/log/critical"

##########################################################################
# now let's get all the facilities.

auth & authpriv:
  facility = "auth"
  facility = "authpriv"
  logdir   = "/var/log/auth"

cron :
  facility = "cron"
  logdir   = "/var/log/cron"

daemon :
  facility = "daemon"
  logdir = "/var/log/daemon"

ftp:
  facility = "ftp"
  logdir = "/var/log/ftp"

# Already done above.
#Kernel messages :
#  facility = "kern"
#  logdir   = "/var/log/kernel"

lpr:
  facility = "lpr"
  logdir = "/var/log/lpr"

mail:
  facility = "mail"
  logdir = "/var/log/mail"

news:
  facility = "news"
  logdir = "/var/log/news"

security:
  facility = "security"
  logdir = "/var/log/security"

syslog:
  facility = "syslog"
  logdir = "/var/log/syslog"

user:
  facility = "user"
  logdir = "/var/log/user"

uucp:
  facility = "uucp"
  logdir = "/var/log/uucp"

local0:
  facility = "local0"
  logdir = "/var/log/local0"

local1:
  facility = "local1"
  logdir = "/var/log/local1"

local2:
  facility = "local2"
  logdir = "/var/log/local2"

local3:
  facility = "local3"
  logdir = "/var/log/local3"

local4:
  facility = "local4"
  logdir = "/var/log/local4"

local5:
  facility = "local5"
  logdir = "/var/log/local5"

local6:
  facility = "local6"
  logdir = "/var/log/local6"

local7:
  facility = "local7"
  logdir = "/var/log/local7"


##########################################################################
# All the servers.


#apache
#atd
#authdaemond
#autofs
#courier-imapd
#courier-imapd-ssl
#courier-pop3d
#courier-pop3d-ssl
#crypto-loop
#cupsd
cups:
  facility = "*"
  program  = "cupsd"
  logdir   = "/var/log/cupsd"

#dhcp
dhcp:
  facility = "*"
  program  = "dhcpd"
  logdir   = "/var/log/dhcpd"

#distccd
distcc :
  facility = "*"
  program  = "distccd"
  logdir   = "/var/log/distccd"

#exim
exim :
  facility = "*"
  program  = "exim"
  logdir   = "/var/log/exim"

#fam
#fetchmail
#gpm
#hotplug
#inetd
#iptables
#lisa
#mysql
#named
named (bind) :
  facility = "*"
  program  = "named"
  logdir   = "/var/log/named"

#nfs
#nscd
#ntpd
ntpd :
  facility = "*"
  program  = "ntpd"
  logdir   = "/var/log/ntpd"

#pmud
#pbbuttonsd
#portmap
#pppd
pppd :
  facility = "*"
  program  = "pppd"
  logdir   = "/var/log/pppd"

#rsyncd
rsyncd :
  facility = "*"
  program  = "rsyncd"
  logdir   = "/var/log/rsyncd"

#samba
#spamd
#squid
#sshd
SSH Server :
  facility = "*"
  program  = "sshd"
  logdir   = "/var/log/sshd"

#vcron
#windind
#xdm
#xfs
#xinetd
#ypbind
#yppasswdd
#ypserv
yp server:
  facility = "*"
  program  = "ypserv"
  logdir   = "/var/log/ypserv"

yp bind:
  facility = "*"
  program  = "ypbind"
  logdir   = "/var/log/ypbind"

yp passwd:
  facility = "*"
  program  = "yppasswdd"
  logdir   = "/var/log/yppasswdd"

##########################################################################
# Miscellaneous stuff & examples.
  
Password failures :

  regex    = "(password|login|authentication)\s+(fail|invalid)"
  regex    = "(failed|invalid)\s+(password|login|authentication)"
  regex    = "ILLEGAL ROOT LOGIN"
  logdir   = "/var/log/pwdfail"
#  command  = "/usr/local/sbin/mail_pwd_failures.sh"  

#Add authenticated IP addresses for SMTP relaying :

#  program  = "/usr/sbin/ipop3d"
#  regex    = "Login.+nmsgs="
#  command  = "/usr/local/sbin/add_pop_address.sh"

#
#Uncomment and adjust the following lines to 
#your needs to enable console logging
#
# Hint: you can change the device to which
#       should be logged in /usr/sbin/consolelog.sh
#

#console logging :
#
#  facility = "*"
#  command = "/usr/sbin/consolelog.sh"