pvl-verkko: comparison etc/syslog.conf.dist

equal deleted inserted replaced

-:d02b0b67c29c
+:cc559fb45cb2
+irk     = irc://syslog@irc-test/test
+# TODO: implements meta-attrs across rule tree to classify hosts?
+#[tag]
+#    [[puppetmaster]]
+#        host    = guru
+#
+#    [[auth-high]]
+#        host    = guru
+# auth on normal hosts
+[auth]
+facility    = auth*
+[[sudo]]
+program     = sudo
+pattern     = (?P<login>\S+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>.+?) ; USER=(?P<user>\S+) ; (?:ENV=(?P<env>.+?) ; )?COMMAND=(?P<command>.*)
+format      = {login}:{tty} - {user}@{host}:{pwd} - {command!r}
+# ignore puppet readshadow on puppetmasters
+[[[puppet_readshadow]]]
+login       = puppet
+user        = root
+command     = /usr/bin/getent shadow \w+
+format      = # ignore
+[[[env]]]
+env         = .+
+format      = {login}:{tty} - {user}@{host}:{pwd} - {env}{command!r}
+[[sudo-unknown]]
+program     = sudo
+format      = {host} {msg}
+# auth on high-sec hosts
+[auth-high]
+host        = .+
+facility    = auth*
+# TODO: pubkey, failures?
+[[ssh]]
+program     = sshd
+pattern     = Accepted (?P<auth>.+?) for (?P<user>\S+) from (?P<ip>\S+) port (?P<port>\S+) (?P<proto>\S+)
+format      = SSH {auth} login for {user}@{host} from {ip}
+[[cron]]
+program     = cron
+format      = # ignore
+[[su_nobody]]
+program     = su
+pattern     = Successful su for nobody by root|\+ \?\?\? root:nobody
+format      = # ignore
+[[all]]
+format      = {host} {msg}
+# user
+[user]
+facility    = user
+[[puppet]]
+program     = puppet
+format      = {host} {msg}