# /etc/syslog-ng/syslog-ng.conf

options {
        long_hostnames(off);
        sync(0);
        stats(43200);
};

#Source where to read log
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

# Destinations
destination authlog     { file("/var/log/auth.log"); };
destination cron        { file("/var/log/cron.log"); };
destination mail        { file("/var/log/mail.log"); };
destination shorewall	{ file("/var/log/shorewall.log"); };

destination messages    { file("/var/log/messages"); };
destination console     { usertty("root"); };
destination console_all { file("/dev/tty12"); };

# Filters
filter f_auth           { facility(auth); };
filter f_authpriv       { facility(auth, authpriv); };
filter f_cron           { facility(cron); };
filter f_mail           { facility(mail); };
filter f_messages       { level(info..warn) and not facility(auth, authpriv, cron, mail) and not match("Shorewall"); };
filter f_shorewall	{ match("Shorewall"); };
filter f_not_shorewall	{ not match("Shorewall"); };

filter f_emergency      { level(emerg); };
filter f_info           { level(info); };
filter f_notice         { level(notice); };
filter f_warn           { level(warn); };
filter f_crit           { level(crit); };
filter f_err            { level(err); };
filter f_failed         { match("failed"); };
filter f_denied         { match("denied"); };

# Connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter(f_shorewall); destination(shorewall); };

# Default log
log { source(src); filter(f_not_shorewall); destination(console_all); };