1 files changed, 513 insertions, 0 deletions
diff --git a/app-admin/syslog-ng/files/syslog-ng.conf-3.0 b/app-admin/syslog-ng/files/syslog-ng.conf-3.0
new file mode 100644
index 0000000..106e59c
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.conf-3.0
@@ -0,0 +1,513 @@
+@version: 3.0
+#
+# $Header: $
+# vim:nowrap:
+# syslog-ng config created by
+# - Wolfram Schlich <wschlich@gentoo.org>
+# - Klaus Schleicher <ks@pegasus-edv.de>
+# Distributed under the terms of the GNU General Public License v2
+#
+# see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/index.html
+#
+
+##
+## global options
+##
+## see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s09.html
+##
+
+options {
+	
+	## general settings
+	time_reopen(10); # Reopen a dead connection after this many seconds
+	time_reap(120); # Close an idle destination file after this many seconds
+	time_sleep(5); # Wait these many milliseconds between poll iterations
+	ts_format(rfc3164); # Timestamp format: rfc3164|rfc3339|bsd|iso
+	log_fifo_size(1000); # Output queue size
+	log_msg_size(8192); # Max size of a single message
+	log_fetch_limit(1000); # The maximum number of messages fetched from a source during a single poll loop.
+	flush_lines(10); # Buffer this many lines of output (0 to send to disk immediately)
+	flush_timeout(1000); # Wait at most this many milliseconds before forcibly flushing the output buffer
+	mark_freq(300); # MARK line logging interval
+	stats_freq(0); # Stats logging interval (0 = disabled)
+	
+	## remote logging
+	normalize_hostnames(yes); # Do normalize hostnames (transform to lower case)
+	chain_hostnames(on); # Chain hostnames?
+	keep_hostname(yes); # Keep the hostname the client sent?
+	keep_timestamp(no); # Do not use the timestamp the client sent -- it might be wrong
+	use_dns(yes); # Use DNS? Good for log servers.
+	use_fqdn(no); # Use FQDNs? Good for log servers.
+	dns_cache(yes); # Cache DNS results?
+	dns_cache_size(1024); # Number of DNS lookup results to cache
+	dns_cache_expire(3600); # Expire cached successful DNS lookup results after this many seconds
+	dns_cache_expire_failed(60); # Expire cached failed DNS lookup results after this many seconds
+	
+	## log file handling
+	create_dirs(yes); # Create directories for log files if they don't exist
+	dir_owner("root"); # Owner of newly created directories
+	dir_group("adm"); # Group of newly created directories
+	dir_perm(0750); # Permissions of newly created directories
+	owner("root"); # Owner of newly created log files
+	group("adm"); # Group of newly created log files
+	perm(0640); # Permissions of newly created log files
+
+	## misc
+	# Some program send log messages through a private implementation.
+	# and sometimes that implementation is bad. If this happen syslog-ng
+	# may recognise the program name as hostname. Whit this option
+	# we tell the syslog-ng that if a hostname match this regexp than that
+	# is not a real hostname.
+	bad_hostname("^gconfd$");
+
+};
+
+##
+## filters
+##
+## see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s06.html
+##
+
+## standard syslog facilities
+filter f_kern     { facility(kern);     };
+filter f_auth     { facility(auth);     }; # -- note: 'security' is a deprecated alias
+filter f_authpriv { facility(authpriv); };
+filter f_syslog   { facility(syslog);   };
+filter f_daemon   { facility(daemon);   };
+filter f_cron     { facility(cron);     };
+filter f_ftp      { facility(ftp);      };
+filter f_lpr      { facility(lpr);      };
+filter f_mail     { facility(mail);     };
+filter f_news     { facility(news);     };
+filter f_uucp     { facility(uucp);     };
+filter f_user     { facility(user);     };
+filter f_local0   { facility(local0);   };
+filter f_local1   { facility(local1);   };
+filter f_local2   { facility(local2);   };
+filter f_local3   { facility(local3);   };
+filter f_local4   { facility(local4);   };
+filter f_local5   { facility(local5);   };
+filter f_local6   { facility(local6);   };
+filter f_local7   { facility(local7);   };
+
+## standard syslog priorities: "exactly"
+filter f_emerg    { priority(emerg);          }; # 0 -- note: 'panic' is a deprecated alias
+filter f_alert    { priority(alert);          }; # 1
+filter f_crit     { priority(crit);           }; # 2
+filter f_err      { priority(err);            }; # 3 -- note: 'error' is a deprecated alias
+filter f_warning  { priority(warning);        }; # 4 -- note: 'warn' is a deprecated alias
+filter f_notice   { priority(notice);         }; # 5
+filter f_info     { priority(info);           }; # 6
+filter f_debug    { priority(debug);          }; # 7
+
+## standard syslog priorities: "at least"
+filter f_alert+   { priority(alert..emerg);   }; # 1-0
+filter f_crit+    { priority(crit..emerg);    }; # 2-0
+filter f_err+     { priority(err..emerg);     }; # 3-0
+filter f_warning+ { priority(warning..emerg); }; # 4-0
+filter f_notice+  { priority(notice..emerg);  }; # 5-0
+filter f_info+    { priority(info..emerg);    }; # 6-0
+filter f_debug+   { priority(debug..emerg);   }; # 7-0
+
+##
+## templates for the log messages
+##
+## see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s07.html
+##
+## WARNING: syslog logfile analysis tools might stumble over non-standard
+## formats! tools like mailgraph and tenshi just come to mind.
+##
+## for tenshi, it's easy to circumvent problems by either using the standard
+## format for the tenshi fifo or by using the "logprefix" feature in tenshi.conf
+## to match the custom format, e.g. when using facility and priority as alerting
+## criteria.
+##
+## mailgraph probably needs to be patched for being able to deal with a
+## non-standard log message format.
+##
+
+# macro quick-reference:
+# - DATE: "Jun 13 15:58:00" (default syslog date)
+# - FULLDATE: "2006 Jun 13 15:56:57"
+# - ISODATE: "2006-06-13T15:56:51+02:00"
+# - PRI: see http://www.faqs.org/rfcs/rfc3164.html, 4.1.1
+# - TZOFFSET: "+02:00"
+
+## default message format (standard syslog message format)
+#template t_default  { template("${DATE} ${HOST} ${MSGHDR}${MSG}\n"); template_escape(no); };
+## default message format (standard syslog-ng-3.0 message format)
+template t_default  { template("${ISODATE} ${HOST} ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## log and admin console messagee formats
+template t_logtty   { template("${DATE}; ${FACILITY}.${PRIORITY}; ${MSGHDR}${MSG}\n"); template_escape(no); };
+template t_admintty { template("${DATE}; ${FACILITY}.${PRIORITY}; ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## custom local message format (used by default throughout this configuration, also see t_remote_r)
+template t_local    { template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${TZOFFSET}; ${HOST}; ${FACILITY}.${PRIORITY}; ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## tenshi message format (tenshi.conf needs to be adjusted for this format!)
+template t_tenshi   { template("${HOST}; ${FACILITY}.${PRIORITY}; ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## mailgraph message format
+template t_mgraph   { template("${DATE} ${HOST} ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## remote reception message format (replaces time information of received messages with local system time)
+template t_remote_r { template("${R_YEAR}-${R_MONTH}-${R_DAY} ${R_HOUR}:${R_MIN}:${R_SEC} ${R_TZOFFSET}; ${HOST}/${SOURCEIP}; ${FACILITY}.${PRIORITY}; ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+## remote delivery message format (standard syslog protocol format)
+template t_remote_d { template("<${PRI}>${DATE} ${HOST} ${MSGHDR}${MSG}\n"); template_escape(no); };
+
+##
+## local sources
+##
+## see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s03.html
+## and http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s01.html
+##
+
+## local syslog messages + syslog-ng internal messages
+source s_local {
+	unix-stream("/dev/log" max-connections(1000));
+	internal();
+};
+
+## kernel messages
+source s_kernel {
+	file("/proc/kmsg" flags(kernel) program_override("kernel"));
+};
+
+##
+## local destinations and log paths
+##
+## see http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s04.html
+## and http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch03s05.html
+## and http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s02.html
+## and http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s03.html
+##
+
+#
+# discard messages
+#
+
+## example for discarding certain messages using an empty destination and the final flag
+#destination d_null { };
+#filter f_null { message("I am a message that wants to be discarded"); };
+#log { source(s_local); filter(f_null); destination(d_null); flags(final); };
+
+#
+# system specials
+#
+
+## kernel messages
+destination d_kernel { file("/var/log/syslog-ng/kernel.log" template(t_local)); };
+log { source(s_kernel); destination(d_kernel); };
+
+## log console
+destination d_logtty { file("/dev/tty10" template(t_logtty)); };
+log { source(s_local); source(s_kernel); destination(d_logtty); };
+
+## admin console
+destination d_admintty { usertty("root"); };
+log { source(s_local); filter(f_emerg); destination(d_admintty); };
+
+## tenshi (log monitoring): log all messages to a fifo -- note: the fifo needs to be created with mkfifo first!
+#destination d_tenshi { fifo("/var/log/tenshi.fifo" owner("root") group("tenshi") perm(0640) template(t_tenshi)); };
+#log { source(s_local); source(s_kernel); destination(d_tenshi); };
+
+## mailgraph: log all messages for facility 'mail' to a fifo -- note: the fifo needs to be created with mkfifo first!
+#destination d_mgraph { fifo("/var/log/mgraph.fifo" owner("root") group("mgraph") perm(0640) template(t_mgraph)); };
+#log { source(s_local); filter(f_mail); destination(d_mgraph); };
+
+#
+# application specific
+#
+
+## firewall (iptables, using custom iptables log prefixes)
+destination d_firewall { file("/var/log/syslog-ng/firewall.log" template(t_local)); };
+filter f_firewall { message("^ipt_FW ") or message("^ip4t_FW ") or message("^ip6t_FW "); };
+log { source(s_kernel); filter(f_firewall); destination(d_firewall); };
+
+## sudo
+destination d_sudo { file("/var/log/syslog-ng/sudo.log" template(t_local)); };
+filter f_sudo { program("^sudo$"); };
+log { source(s_local); filter(f_sudo); destination(d_sudo); };
+
+## sshd
+destination d_sshd { file("/var/log/syslog-ng/sshd.log" template(t_local)); };
+filter f_sshd { program("^sshd$") or program("^sftp-server$"); };
+log { source(s_local); filter(f_sshd); destination(d_sshd); };
+
+## cron
+destination d_cron { file("/var/log/syslog-ng/cron.log" template(t_local)); };
+filter f_cron { facility(cron); };
+log { source(s_local); filter(f_cron); destination(d_cron); };
+
+## xinetd
+destination d_xinetd { file("/var/log/syslog-ng/xinetd.log" template(t_local)); };
+filter f_xinetd { program("^xinetd$"); };
+log { source(s_local); filter(f_xinetd); destination(d_xinetd); };
+
+## postfix
+destination d_postfix { file("/var/log/syslog-ng/postfix.log" template(t_local)); };
+filter f_postfix { program("^postfix/") or program("^postgrey"); };
+log { source(s_local); filter(f_postfix); destination(d_postfix); };
+
+## fetchmail
+destination d_fetchmail { file("/var/log/syslog-ng/fetchmail.log" template(t_local)); };
+filter f_fetchmail { program("^fetchmail$"); };
+log { source(s_local); filter(f_fetchmail); destination(d_fetchmail); };
+
+## dovecot
+destination d_dovecot { file("/var/log/syslog-ng/dovecot.log" template(t_local)); };
+filter f_dovecot { program("^dovecot$"); };
+log { source(s_local); filter(f_dovecot); destination(d_dovecot); };
+
+## courier smtp/imap/pop3
+destination d_courier { file("/var/log/syslog-ng/courier.log" template(t_local)); };
+filter f_courier { program("^courier") or program("^pop3d$") or program("^pop3d-ssl$") or program("^imapd$") or program("^imapd-ssl$"); };
+log { source(s_local); filter(f_courier); destination(d_courier); };
+
+## uw-imap
+#destination d_uwimap { file("/var/log/syslog-ng/uw-imap.log" template(t_local)); };
+#filter f_uwimap { program("^ipop3d$") or program("^imapd$"); };
+#log { source(s_local); filter(f_uwimap); destination(d_uwimap); };
+
+## antivir
+destination d_antivir { file("/var/log/syslog-ng/antivir.log" template(t_local)); };
+filter f_antivir { program("^antivir$"); };
+log { source(s_local); filter(f_antivir); destination(d_antivir); };
+
+## antivir mailgate
+destination d_avmailgate { file("/var/log/syslog-ng/avmailgate.log" template(t_local)); };
+filter f_avmailgate { program("^avmailgate.bin$") or program("^avgated$") or program("^avgatefwd$"); };
+log { source(s_local); filter(f_avmailgate); destination(d_avmailgate); };
+
+## clamav
+destination d_clamav { file("/var/log/syslog-ng/clamav.log" template(t_local)); };
+filter f_clamav { program("^clamd$") or program("^freshclam$"); };
+log { source(s_local); filter(f_clamav); destination(d_clamav); };
+
+## amavis
+## mark debug messages as final so they don't get into any other file
+destination d_amavis { file("/var/log/syslog-ng/amavis.log" template(t_local)); };
+filter f_amavis { program("^amavis$"); };
+log { source(s_local); filter(f_amavis); filter(f_debug); destination(d_amavis); flags(final); };
+log { source(s_local); filter(f_amavis); destination(d_amavis); };
+
+## spamassassin
+destination d_spamassassin { file("/var/log/syslog-ng/spamassassin.log" template(t_local)); };
+filter f_spamassassin { program("^spamd$") or program("^spamc"); };
+log { source(s_local); filter(f_spamassassin); destination(d_spamassassin); };
+
+## ntpd
+destination d_ntpd { file("/var/log/syslog-ng/ntpd.log" template(t_local)); };
+filter f_ntpd { program("^ntpd$"); };
+log { source(s_local); filter(f_ntpd); destination(d_ntpd); };
+
+## OpenVPN
+destination d_openvpn { file("/var/log/syslog-ng/openvpn.log" template(t_local)); };
+filter f_openvpn { program("^openvpn"); };
+log { source(s_local); filter(f_openvpn); destination(d_openvpn); };
+
+## pppd
+destination d_pppd { file("/var/log/syslog-ng/pppd.log" template(t_local)); };
+filter f_pppd { program("^pppd$"); };
+log { source(s_local); filter(f_pppd); destination(d_pppd); };
+
+## pmacctd
+destination d_pmacctd { file("/var/log/syslog-ng/pmacctd.log" template(t_local)); };
+filter f_pmacctd { program("^pmacctd$"); };
+log { source(s_local); filter(f_pmacctd); destination(d_pmacctd); };
+
+## nagios
+destination d_nagios { file("/var/log/syslog-ng/nagios.log" template(t_local)); };
+filter f_nagios { program("^nagios$"); };
+log { source(s_local); filter(f_nagios); destination(d_nagios); };
+
+## named
+destination d_named { file("/var/log/syslog-ng/named.log" template(t_local)); };
+filter f_named { program("^named$"); };
+log { source(s_local); filter(f_named); destination(d_named); };
+
+## OpenLDAP SLAPD
+## mark debug messages as final so they don't get into any other file
+destination d_slapd { file("/var/log/syslog-ng/slapd.log" template(t_local)); };
+filter f_slapd { program("^slapd$"); };
+log { source(s_local); filter(f_slapd); filter(f_debug); destination(d_slapd); flags(final); };
+log { source(s_local); filter(f_slapd); destination(d_slapd); };
+
+## samba
+destination d_samba { file("/var/log/syslog-ng/samba.log" template(t_local)); };
+filter f_samba { program("^[ns]mbd$"); };
+log { source(s_local); filter(f_samba); destination(d_samba); };
+
+## jabberd
+destination d_jabberd { file("/var/log/syslog-ng/jabberd.log" template(t_local)); };
+filter f_jabberd { program("^jabberd/"); };
+log { source(s_local); filter(f_jabberd); destination(d_jabberd); };
+
+## php-cli
+destination d_php { file("/var/log/syslog-ng/php.log" template(t_local)); };
+filter f_php { program("^php$"); };
+log { source(s_local); filter(f_php); destination(d_php); };
+
+## hardened php
+destination d_hphp { file("/var/log/syslog-ng/hphp.log" template(t_local)); };
+filter f_hphp { program("^hphp$"); };
+log { source(s_local); filter(f_hphp); destination(d_hphp); };
+
+## hddtemp
+destination d_hddtemp { file("/var/log/syslog-ng/hddtemp.log" template(t_local)); };
+filter f_hddtemp { program("^hddtemp$"); };
+log { source(s_local); filter(f_hddtemp); destination(d_hddtemp); };
+
+## smartd (smartmontools)
+destination d_smartd { file("/var/log/syslog-ng/smartd.log" template(t_local)); };
+filter f_smartd { program("^smartd$"); };
+log { source(s_local); filter(f_smartd); destination(d_smartd); };
+
+## arpwatch
+destination d_arpwatch { file("/var/log/syslog-ng/arpwatch.log" template(t_local)); };
+filter f_arpwatch { program("^arpwatch$"); };
+log { source(s_local); filter(f_arpwatch); destination(d_arpwatch); };
+
+## DRBD
+destination d_drbd { file("/var/log/syslog-ng/drbd.log" template(t_local)); };
+filter f_drbd { message("^drbd([[:digit:]]+)?:"); };
+log { source(s_kernel); filter(f_drbd); destination(d_drbd); };
+
+## Linux-HA: attrd
+destination d_ha_attrd { file("/var/log/syslog-ng/ha/attrd.log" template(t_local)); };
+filter f_ha_attrd { program("^attrd$"); };
+log { source(s_local); filter(f_ha_attrd); destination(d_ha_attrd); };
+
+## Linux-HA: ccm
+destination d_ha_ccm { file("/var/log/syslog-ng/ha/ccm.log" template(t_local)); };
+filter f_ha_ccm { program("^ccm$"); };
+log { source(s_local); filter(f_ha_ccm); destination(d_ha_ccm); };
+
+## Linux-HA: cib
+destination d_ha_cib { file("/var/log/syslog-ng/ha/cib.log" template(t_local)); };
+filter f_ha_cib { program("^cib$"); };
+log { source(s_local); filter(f_ha_cib); destination(d_ha_cib); };
+
+## Linux-HA: cibmon
+destination d_ha_cibmon { file("/var/log/syslog-ng/ha/cibmon.log" template(t_local)); };
+filter f_ha_cibmon { program("^cibmon$"); };
+log { source(s_local); filter(f_ha_cibmon); destination(d_ha_cibmon); };
+
+## Linux-HA: crmd
+destination d_ha_crmd { file("/var/log/syslog-ng/ha/crmd.log" template(t_local)); };
+filter f_ha_crmd { program("^crmd$"); };
+log { source(s_local); filter(f_ha_crmd); destination(d_ha_crmd); };
+
+## Linux-HA: heartbeat
+destination d_ha_heartbeat { file("/var/log/syslog-ng/ha/heartbeat.log" template(t_local)); };
+filter f_ha_heartbeat { program("^heartbeat$"); };
+log { source(s_local); filter(f_ha_heartbeat); destination(d_ha_heartbeat); };
+
+## Linux-HA: ipfail
+destination d_ha_ipfail { file("/var/log/syslog-ng/ha/ipfail.log" template(t_local)); };
+filter f_ha_ipfail { program("^ipfail$"); };
+log { source(s_local); filter(f_ha_ipfail); destination(d_ha_ipfail); };
+
+## Linux-HA: logd
+destination d_ha_logd { file("/var/log/syslog-ng/ha/logd.log" template(t_local)); };
+filter f_ha_logd { program("^logd$"); };
+log { source(s_local); filter(f_ha_logd); destination(d_ha_logd); };
+
+## Linux-HA: lrmd
+destination d_ha_lrmd { file("/var/log/syslog-ng/ha/lrmd.log" template(t_local)); };
+filter f_ha_lrmd { program("^lrmd$"); };
+log { source(s_local); filter(f_ha_lrmd); destination(d_ha_lrmd); };
+
+## Linux-HA: pengine
+destination d_ha_pengine { file("/var/log/syslog-ng/ha/pengine.log" template(t_local)); };
+filter f_ha_pengine { program("^pengine$"); };
+log { source(s_local); filter(f_ha_pengine); destination(d_ha_pengine); };
+
+## Linux-HA: pingd
+destination d_ha_pingd { file("/var/log/syslog-ng/ha/pingd.log" template(t_local)); };
+filter f_ha_pingd { program("^pingd$"); };
+log { source(s_local); filter(f_ha_pingd); destination(d_ha_pingd); };
+
+## Linux-HA: stonithd
+destination d_ha_stonithd { file("/var/log/syslog-ng/ha/stonithd.log" template(t_local)); };
+filter f_ha_stonithd { program("^stonithd$"); };
+log { source(s_local); filter(f_ha_stonithd); destination(d_ha_stonithd); };
+
+## Linux-HA: tengine
+destination d_ha_tengine { file("/var/log/syslog-ng/ha/tengine.log" template(t_local)); };
+filter f_ha_tengine { program("^tengine$"); };
+log { source(s_local); filter(f_ha_tengine); destination(d_ha_tengine); };
+
+## Linux-HA: special discarding of debug and XML messages for any default destinations
+#destination d_ha_discard { };
+#filter f_ha_debug { facility(local0) and priority(debug); };
+#log { source(s_local); filter(f_ha_debug); destination(d_ha_discard); flags(final); };
+#filter f_ha_xml { facility(local0) and (program("^log_data_element") or program("^log_cib_diff") or program("^retrieveCib") or program("^cibmon_diff")); };
+#log { source(s_local); filter(f_ha_xml); destination(d_ha_discard); flags(final); };
+
+## gentoo hardened stuff
+destination d_avc { file("/var/log/syslog-ng/avc.log" template(t_local)); };
+destination d_audit { file("/var/log/syslog-ng/audit.log" template(t_local)); };
+destination d_pax { file("/var/log/syslog-ng/pax.log" template(t_local)); };
+destination d_grsec { file("/var/log/syslog-ng/grsec.log" template(t_local)); };
+filter f_avc { message("avc:"); };
+filter f_audit { message("^audit") and not message("avc:"); };
+filter f_pax { message("^PAX:"); };
+filter f_grsec { message("^grsec:"); };
+log { source(s_kernel); filter(f_avc); destination(d_avc); };
+log { source(s_kernel); filter(f_audit); destination(d_audit); };
+log { source(s_kernel); filter(f_pax); destination(d_pax); };
+log { source(s_kernel); filter(f_grsec); destination(d_grsec); };
+
+#
+# default: all messages (local syslog + kernel)
+#
+# should be at the end so that application specific messages with
+# "final" flag are not logged
+#
+
+destination d_messages { file("/var/log/messages" template(t_local)); };
+log { source(s_local); source(s_kernel); destination(d_messages); };
+
+##
+## remote delivery
+##
+
+## remote destination: syslog server directly via UDP (standard syslog)
+#destination d_remote { udp("syslog.example.com" port(514) template(t_remote_d)); };
+#log { source(s_local); source(s_kernel); destination(d_remote); };
+
+## remote destination: syslog server via TCP and stunnel (for secured logging)
+#destination d_remote { tcp("localhost" port(514) template(t_remote_d)); };
+#log { source(s_local); source(s_kernel); destination(d_remote); };
+
+##
+## remote reception
+##
+
+## remote source
+#source s_remote {
+#	udp(localip("0.0.0.0") localport(514));
+#	udp(localip("127.0.0.1") localport(514));
+#	udp(localip("192.168.0.1") localport(514));
+#	tcp(localip("0.0.0.0") localport(514) max-connections(5));
+#	tcp(localip("127.0.0.1") localport(514) max-connections(50));
+#	tcp(localip("192.168.0.1") localport(514) max-connections(50));
+#};
+
+## tenshi (log monitoring)
+#log { source(s_remote); destination(d_tenshi); };
+
+## all hosts, all messages
+#destination d_remote_hosts { file("/var/log/syslog-ng.remote/${R_YEAR}/${R_MONTH}/${R_DAY}/${HOST}/messages" template(t_remote_r)); };
+#log { source(s_remote); destination(d_remote_hosts); };
+
+## all hosts, kernel messages
+#destination d_remote_hosts_kernel { file("/var/log/syslog-ng.remote/${R_YEAR}/${R_MONTH}/${R_DAY}/${HOST}/kernel.log" template(t_remote_r)); };
+#log { source(s_remote); filter(f_kern); destination(d_remote_hosts_kernel); };
+
+## all hosts, user messages
+#destination d_remote_hosts_user { file("/var/log/syslog-ng.remote/${R_YEAR}/${R_MONTH}/${R_DAY}/${HOST}/user.log" template(t_remote_r)); };
+#log { source(s_remote); filter(f_user); destination(d_remote_hosts_user); };