# /etc/syslog-ng/syslog-ng.conf

@version: 3.17
@module system-source

options {
  # IP addresses are more reliable descriptors and doesn't require a network
  # connection for consistent logging
  use_dns(no);
  dns_cache(no);

  # Output log stats every 12 hours, and include details about individual
  # connections and log files.
  stats_freq(43200);
  stats_level(1);

  # Use a more standard timestamp, but keep the precision requested for
  # RFC5424 TIME-SECFRAC
  ts_format(iso);
  frac_digits(6);
};

source local {
  system();
  internal();
};

destination auditFile { file(/var/log/audit.log); };
destination cronFile { file(/var/log/cron); };
destination kernFile { file(/var/log/kern); };
destination mailFile { file(/var/log/maillog); };
destination messageFile { file(/var/log/messages); };
destination secureFile { file(/var/log/secure); };

filter authpriv { facility(authpriv); };
filter audit { level(info) and facility(local6); };
filter cron { facility(cron); };
filter kern { facility(kern); };
filter mail { facility(mail); };
filter messages { level(info) and not (facility(mail, authpriv, cron, local6)); };

log { source(local); filter(audit); destination(auditFile); };
log { source(local); filter(authpriv); destination(secureFile); };
log { source(local); filter(cron); destination(cronFile); };
log { source(local); filter(kern); destination(kernFile); };
log { source(local); filter(mail); destination(mailFile); };
log { source(local); filter(messages); destination(messageFile); };