Syslog-ng einrichten: Unterschied zwischen den Versionen
Aus metasec wiki
Admin (Diskussion | Beiträge) |
Admin (Diskussion | Beiträge) |
||
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 6: | Zeile 6: | ||
Unteren Inhalt cut&n&pasten... | Unteren Inhalt cut&n&pasten... | ||
− | + | Version pre 3 | |
<pre> | <pre> | ||
# | # | ||
Zeile 142: | Zeile 142: | ||
# remote | # remote | ||
− | destination remote_dest { file("/var/log/remote/$HOST"); }; | + | destination remote_dest { file("/var/log/remote/$HOST.log"); }; |
Zeile 365: | Zeile 365: | ||
}; | }; | ||
+ | </pre> | ||
+ | |||
+ | Verstion 3+ | ||
+ | <pre> | ||
+ | @version: 3.1 | ||
+ | # | ||
+ | # Syslog-ng configuration file, compatible with default Debian syslogd | ||
+ | # installation. Originally written by anonymous (I can't find his name) | ||
+ | # Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>) | ||
+ | |||
+ | # First, set some global options. | ||
+ | options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); | ||
+ | owner("root"); group("adm"); perm(0640); stats_freq(0); | ||
+ | bad_hostname("^gconfd$"); | ||
+ | }; | ||
+ | |||
+ | ######################## | ||
+ | # Sources | ||
+ | ######################## | ||
+ | # This is the default behavior of sysklogd package | ||
+ | # Logs may come from unix stream, but not from another machine. | ||
+ | # | ||
+ | source s_src { unix-dgram("/dev/log"); internal(); | ||
+ | file("/proc/kmsg" program_override("kernel")); | ||
+ | }; | ||
+ | |||
+ | # If you wish to get logs from remote machine you should uncomment | ||
+ | # this and comment the above source line. | ||
+ | # | ||
+ | #source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); }; | ||
+ | |||
+ | source remote { | ||
+ | udp(); | ||
+ | }; | ||
+ | |||
+ | |||
+ | ######################## | ||
+ | # Destinations | ||
+ | ######################## | ||
+ | # First some standard logfile | ||
+ | # | ||
+ | destination d_auth { file("/var/log/auth.log"); }; | ||
+ | destination d_cron { file("/var/log/cron.log"); }; | ||
+ | destination d_daemon { file("/var/log/daemon.log"); }; | ||
+ | destination d_kern { file("/var/log/kern.log"); }; | ||
+ | destination d_lpr { file("/var/log/lpr.log"); }; | ||
+ | destination d_mail { file("/var/log/mail.log"); }; | ||
+ | destination d_syslog { file("/var/log/syslog"); }; | ||
+ | destination d_user { file("/var/log/user.log"); }; | ||
+ | destination d_uucp { file("/var/log/uucp.log"); }; | ||
+ | |||
+ | # This files are the log come from the mail subsystem. | ||
+ | # | ||
+ | destination d_mailinfo { file("/var/log/mail/mail.info"); }; | ||
+ | destination d_mailwarn { file("/var/log/mail/mail.warn"); }; | ||
+ | destination d_mailerr { file("/var/log/mail/mail.err"); }; | ||
+ | |||
+ | # Logging for INN news system | ||
+ | # | ||
+ | destination d_newscrit { file("/var/log/news/news.crit"); }; | ||
+ | destination d_newserr { file("/var/log/news/news.err"); }; | ||
+ | destination d_newsnotice { file("/var/log/news/news.notice"); }; | ||
+ | |||
+ | # Some `catch-all' logfiles. | ||
+ | # | ||
+ | destination d_debug { file("/var/log/debug"); }; | ||
+ | destination d_error { file("/var/log/error"); }; | ||
+ | destination d_messages { file("/var/log/messages"); }; | ||
+ | |||
+ | # The root's console. | ||
+ | # | ||
+ | destination d_console { usertty("root"); }; | ||
+ | |||
+ | # Virtual console. | ||
+ | # | ||
+ | destination d_console_all { file("/dev/tty10"); }; | ||
+ | |||
+ | # The named pipe /dev/xconsole is for the nsole' utility. To use it, | ||
+ | # you must invoke nsole' with the -file' option: | ||
+ | # | ||
+ | # $ xconsole -file /dev/xconsole [...] | ||
+ | # | ||
+ | destination d_xconsole { pipe("/dev/xconsole"); }; | ||
+ | |||
+ | # Send the messages to an other host | ||
+ | # | ||
+ | #destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); }; | ||
+ | |||
+ | # Debian only | ||
+ | destination d_ppp { file("/var/log/ppp.log"); }; | ||
+ | |||
+ | # remote | ||
+ | destination remote_dest { file("/var/log/remote/$HOST.log"); }; | ||
+ | |||
+ | ######################## | ||
+ | # Filters | ||
+ | ######################## | ||
+ | # Here's come the filter options. With this rules, we can set which | ||
+ | # message go where. | ||
+ | |||
+ | filter remote_filter { level(info..emerg); }; | ||
+ | |||
+ | filter f_dbg { level(debug); }; | ||
+ | filter f_info { level(info); }; | ||
+ | filter f_notice { level(notice); }; | ||
+ | filter f_warn { level(warn); }; | ||
+ | filter f_err { level(err); }; | ||
+ | filter f_crit { level(crit .. emerg); }; | ||
+ | |||
+ | filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; | ||
+ | filter f_error { level(err .. emerg) ; }; | ||
+ | filter f_messages { level(info,notice,warn) and | ||
+ | not facility(auth,authpriv,cron,daemon,mail,news); }; | ||
+ | |||
+ | filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; | ||
+ | filter f_cron { facility(cron) and not filter(f_debug); }; | ||
+ | filter f_daemon { facility(daemon) and not filter(f_debug); }; | ||
+ | filter f_kern { facility(kern) and not filter(f_debug); }; | ||
+ | filter f_lpr { facility(lpr) and not filter(f_debug); }; | ||
+ | filter f_local { facility(local0, local1, local3, local4, local5, | ||
+ | local6, local7) and not filter(f_debug); }; | ||
+ | filter f_mail { facility(mail) and not filter(f_debug); }; | ||
+ | filter f_news { facility(news) and not filter(f_debug); }; | ||
+ | filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; | ||
+ | filter f_user { facility(user) and not filter(f_debug); }; | ||
+ | filter f_uucp { facility(uucp) and not filter(f_debug); }; | ||
+ | |||
+ | filter f_cnews { level(notice, err, crit) and facility(news); }; | ||
+ | filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; | ||
+ | |||
+ | filter f_ppp { facility(local2) and not filter(f_debug); }; | ||
+ | filter f_console { level(warn .. emerg); }; | ||
+ | |||
+ | ######################## | ||
+ | # Log paths | ||
+ | ######################## | ||
+ | log { source(s_src); filter(f_auth); destination(d_auth); }; | ||
+ | log { source(s_src); filter(f_cron); destination(d_cron); }; | ||
+ | log { source(s_src); filter(f_daemon); destination(d_daemon); }; | ||
+ | log { source(s_src); filter(f_kern); destination(d_kern); }; | ||
+ | log { source(s_src); filter(f_lpr); destination(d_lpr); }; | ||
+ | log { source(s_src); filter(f_syslog3); destination(d_syslog); }; | ||
+ | log { source(s_src); filter(f_user); destination(d_user); }; | ||
+ | log { source(s_src); filter(f_uucp); destination(d_uucp); }; | ||
+ | |||
+ | log { source(s_src); filter(f_mail); destination(d_mail); }; | ||
+ | #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; | ||
+ | #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; | ||
+ | #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; | ||
+ | |||
+ | log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; | ||
+ | log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; | ||
+ | log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; | ||
+ | #log { source(s_src); filter(f_cnews); destination(d_console_all); }; | ||
+ | #log { source(s_src); filter(f_cother); destination(d_console_all); }; | ||
+ | |||
+ | #log { source(s_src); filter(f_ppp); destination(d_ppp); }; | ||
+ | |||
+ | log { source(s_src); filter(f_debug); destination(d_debug); }; | ||
+ | log { source(s_src); filter(f_error); destination(d_error); }; | ||
+ | log { source(s_src); filter(f_messages); destination(d_messages); }; | ||
+ | |||
+ | log { source(s_src); filter(f_console); destination(d_console_all); | ||
+ | destination(d_xconsole); }; | ||
+ | log { source(s_src); filter(f_crit); destination(d_console); }; | ||
+ | |||
+ | # All messages send to a remote site | ||
+ | # | ||
+ | #log { source(s_src); destination(d_net); }; | ||
+ | |||
+ | # remote | ||
+ | log { | ||
+ | source(remote); | ||
+ | filter(remote_filter); | ||
+ | destination(remote_dest); | ||
+ | }; | ||
</pre> | </pre> | ||
danach den Dienst neu starten | danach den Dienst neu starten | ||
/etc/init.d/syslog-ng restart | /etc/init.d/syslog-ng restart | ||
+ | |||
+ | |||
+ | /etc/logrotate.d/zphone_remote_syslog | ||
+ | <pre> | ||
+ | /var/log/remote/*.log { | ||
+ | rotate 7 | ||
+ | daily | ||
+ | compress | ||
+ | missingok | ||
+ | notifempty | ||
+ | postrotate | ||
+ | /etc/init.d/syslog-ng reload >/dev/null | ||
+ | endscript | ||
+ | } | ||
+ | </pre> |
Aktuelle Version vom 5. Juni 2014, 06:22 Uhr
Syslog NG installieren
apt-get install syslog-ng rm /etc/syslog-ng/syslog-ng.conf vi /etc/syslog-ng/syslog-ng.conf
Unteren Inhalt cut&n&pasten... Version pre 3
# # Configuration file for syslog-ng under Debian # # attempts at reproducing default syslog behavior # the standard syslog levels are (in descending order of priority): # emerg alert crit err warning notice info debug # the aliases "error", "panic", and "warn" are deprecated # the "none" priority found in the original syslogd configuration is # only used in internal messages created by syslogd ###### # options options { # disable the chained hostname format in logs # (default is enabled) chain_hostnames(0); # the time to wait before a died connection is re-established # (default is 60) time_reopen(10); # the time to wait before an idle destination file is closed # (default is 60) time_reap(360); # the number of lines buffered before written to file # you might want to increase this if your disk isn't catching with # all the log messages you get or if you want less disk activity # (say on a laptop) # (default is 0) #sync(0); # the number of lines fitting in the output queue log_fifo_size(2048); # enable or disable directory creation for destination files create_dirs(yes); # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) #owner(root); group(adm); perm(0640); # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) #dir_owner(root); #dir_group(root); dir_perm(0755); # enable or disable DNS usage # syslog-ng blocks on DNS queries, so enabling DNS may lead to # a Denial of Service attack # (default is yes) use_dns(no); # maximum length of message in bytes # this is only limited by the program listening on the /dev/log Unix # socket, glibc can handle arbitrary length log messages, but -- for # example -- syslogd accepts only 1024 bytes # (default is 2048) #log_msg_size(2048); #Disable statistic log messages. stats_freq(0); }; ###### # sources # all known message sources source s_all { # message generated by Syslog-NG internal(); # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel file("/proc/kmsg" log_prefix("kernel: ")); # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) # udp(); }; source remote { udp(); }; ###### # destinations # some standard log files destination df_auth { file("/var/log/auth.log"); }; destination df_syslog { file("/var/log/syslog"); }; destination df_cron { file("/var/log/cron.log"); }; destination df_daemon { file("/var/log/daemon.log"); }; destination df_kern { file("/var/log/kern.log"); }; destination df_lpr { file("/var/log/lpr.log"); }; destination df_mail { file("/var/log/mail.log"); }; destination df_user { file("/var/log/user.log"); }; destination df_uucp { file("/var/log/uucp.log"); }; # these files are meant for the mail system log files # and provide re-usable destinations for {mail,cron,...}.info, # {mail,cron,...}.notice, etc. destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; # these files are meant for the news system, and are kept separated # because they should be owned by "news" instead of "root" destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; # some more classical and useful files found in standard syslog configurations destination df_debug { file("/var/log/debug"); }; destination df_messages { file("/var/log/messages"); }; # pipes # a console to view log messages under X destination dp_xconsole { pipe("/dev/xconsole"); }; # consoles # this will send messages to everyone logged in destination du_all { usertty("*");}; # remote destination remote_dest { file("/var/log/remote/$HOST.log"); }; ###### # filters filter remote_filter { level(info..emerg); }; # all messages from the auth and authpriv facilities filter f_auth { facility(auth, authpriv); }; # all messages except from the auth and authpriv facilities filter f_syslog { not facility(auth, authpriv); }; # respectively: messages from the cron, daemon, kern, lpr, mail, news, user, # and uucp facilities filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; # some filters to select messages of priority greater or equal to info, warn, # and err # (equivalents of syslogd's *.info, *.warn, and *.err) filter f_at_least_info { level(info..emerg); }; filter f_at_least_notice { level(notice..emerg); }; filter f_at_least_warn { level(warn..emerg); }; filter f_at_least_err { level(err..emerg); }; filter f_at_least_crit { level(crit..emerg); }; # all messages of priority debug not coming from the auth, authpriv, news, and # mail facilities filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; # all messages of info, notice, or warn priority not coming form the auth, # authpriv, cron, daemon, mail, and news facilities filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); }; # messages with priority emerg filter f_emerg { level(emerg); }; # complex filter for messages usually sent to the xconsole filter f_xconsole { facility(daemon,mail) or level(debug,info,notice,warn) or (facility(news) and level(crit,err,notice)); }; ###### # logs # order matters if you use "flags(final);" to mark the end of processing in a # "log" statement # these rules provide the same behavior as the commented original syslogd rules # auth,authpriv.* /var/log/auth.log log { source(s_all); filter(f_auth); destination(df_auth); }; # *.*;auth,authpriv.none -/var/log/syslog log { source(s_all); filter(f_syslog); destination(df_syslog); }; # this is commented out in the default syslog.conf # cron.* /var/log/cron.log #log { # source(s_all); # filter(f_cron); # destination(df_cron); #}; # daemon.* -/var/log/daemon.log log { source(s_all); filter(f_daemon); destination(df_daemon); }; # kern.* -/var/log/kern.log log { source(s_all); filter(f_kern); destination(df_kern); }; # lpr.* -/var/log/lpr.log log { source(s_all); filter(f_lpr); destination(df_lpr); }; # mail.* -/var/log/mail.log log { source(s_all); filter(f_mail); destination(df_mail); }; # user.* -/var/log/user.log log { source(s_all); filter(f_user); destination(df_user); }; # uucp.* /var/log/uucp.log log { source(s_all); filter(f_uucp); destination(df_uucp); }; # mail.info -/var/log/mail.info log { source(s_all); filter(f_mail); filter(f_at_least_info); destination(df_facility_dot_info); }; # mail.warn -/var/log/mail.warn log { source(s_all); filter(f_mail); filter(f_at_least_warn); destination(df_facility_dot_warn); }; # mail.err /var/log/mail.err log { source(s_all); filter(f_mail); filter(f_at_least_err); destination(df_facility_dot_err); }; # news.crit /var/log/news/news.crit log { source(s_all); filter(f_news); filter(f_at_least_crit); destination(df_news_dot_crit); }; # news.err /var/log/news/news.err log { source(s_all); filter(f_news); filter(f_at_least_err); destination(df_news_dot_err); }; # news.notice /var/log/news/news.notice log { source(s_all); filter(f_news); filter(f_at_least_notice); destination(df_news_dot_notice); }; # *.=debug;\ # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug log { source(s_all); filter(f_debug); destination(df_debug); }; # *.=info;*.=notice;*.=warn;\ # auth,authpriv.none;\ # cron,daemon.none;\ # mail,news.none -/var/log/messages log { source(s_all); filter(f_messages); destination(df_messages); }; # *.emerg * log { source(s_all); filter(f_emerg); destination(du_all); }; # daemon.*;mail.*;\ # news.crit;news.err;news.notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn |/dev/xconsole log { source(s_all); filter(f_xconsole); destination(dp_xconsole); }; # remote log { source(remote); filter(remote_filter); destination(remote_dest); };
Verstion 3+
@version: 3.1 # # Syslog-ng configuration file, compatible with default Debian syslogd # installation. Originally written by anonymous (I can't find his name) # Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>) # First, set some global options. options { long_hostnames(off); flush_lines(0); use_dns(no); use_fqdn(no); owner("root"); group("adm"); perm(0640); stats_freq(0); bad_hostname("^gconfd$"); }; ######################## # Sources ######################## # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source s_src { unix-dgram("/dev/log"); internal(); file("/proc/kmsg" program_override("kernel")); }; # If you wish to get logs from remote machine you should uncomment # this and comment the above source line. # #source s_net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); }; source remote { udp(); }; ######################## # Destinations ######################## # First some standard logfile # destination d_auth { file("/var/log/auth.log"); }; destination d_cron { file("/var/log/cron.log"); }; destination d_daemon { file("/var/log/daemon.log"); }; destination d_kern { file("/var/log/kern.log"); }; destination d_lpr { file("/var/log/lpr.log"); }; destination d_mail { file("/var/log/mail.log"); }; destination d_syslog { file("/var/log/syslog"); }; destination d_user { file("/var/log/user.log"); }; destination d_uucp { file("/var/log/uucp.log"); }; # This files are the log come from the mail subsystem. # destination d_mailinfo { file("/var/log/mail/mail.info"); }; destination d_mailwarn { file("/var/log/mail/mail.warn"); }; destination d_mailerr { file("/var/log/mail/mail.err"); }; # Logging for INN news system # destination d_newscrit { file("/var/log/news/news.crit"); }; destination d_newserr { file("/var/log/news/news.err"); }; destination d_newsnotice { file("/var/log/news/news.notice"); }; # Some `catch-all' logfiles. # destination d_debug { file("/var/log/debug"); }; destination d_error { file("/var/log/error"); }; destination d_messages { file("/var/log/messages"); }; # The root's console. # destination d_console { usertty("root"); }; # Virtual console. # destination d_console_all { file("/dev/tty10"); }; # The named pipe /dev/xconsole is for the nsole' utility. To use it, # you must invoke nsole' with the -file' option: # # $ xconsole -file /dev/xconsole [...] # destination d_xconsole { pipe("/dev/xconsole"); }; # Send the messages to an other host # #destination d_net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); }; # Debian only destination d_ppp { file("/var/log/ppp.log"); }; # remote destination remote_dest { file("/var/log/remote/$HOST.log"); }; ######################## # Filters ######################## # Here's come the filter options. With this rules, we can set which # message go where. filter remote_filter { level(info..emerg); }; filter f_dbg { level(debug); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_crit { level(crit .. emerg); }; filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; filter f_error { level(err .. emerg) ; }; filter f_messages { level(info,notice,warn) and not facility(auth,authpriv,cron,daemon,mail,news); }; filter f_auth { facility(auth, authpriv) and not filter(f_debug); }; filter f_cron { facility(cron) and not filter(f_debug); }; filter f_daemon { facility(daemon) and not filter(f_debug); }; filter f_kern { facility(kern) and not filter(f_debug); }; filter f_lpr { facility(lpr) and not filter(f_debug); }; filter f_local { facility(local0, local1, local3, local4, local5, local6, local7) and not filter(f_debug); }; filter f_mail { facility(mail) and not filter(f_debug); }; filter f_news { facility(news) and not filter(f_debug); }; filter f_syslog3 { not facility(auth, authpriv, mail) and not filter(f_debug); }; filter f_user { facility(user) and not filter(f_debug); }; filter f_uucp { facility(uucp) and not filter(f_debug); }; filter f_cnews { level(notice, err, crit) and facility(news); }; filter f_cother { level(debug, info, notice, warn) or facility(daemon, mail); }; filter f_ppp { facility(local2) and not filter(f_debug); }; filter f_console { level(warn .. emerg); }; ######################## # Log paths ######################## log { source(s_src); filter(f_auth); destination(d_auth); }; log { source(s_src); filter(f_cron); destination(d_cron); }; log { source(s_src); filter(f_daemon); destination(d_daemon); }; log { source(s_src); filter(f_kern); destination(d_kern); }; log { source(s_src); filter(f_lpr); destination(d_lpr); }; log { source(s_src); filter(f_syslog3); destination(d_syslog); }; log { source(s_src); filter(f_user); destination(d_user); }; log { source(s_src); filter(f_uucp); destination(d_uucp); }; log { source(s_src); filter(f_mail); destination(d_mail); }; #log { source(s_src); filter(f_mail); filter(f_info); destination(d_mailinfo); }; #log { source(s_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); }; #log { source(s_src); filter(f_mail); filter(f_err); destination(d_mailerr); }; log { source(s_src); filter(f_news); filter(f_crit); destination(d_newscrit); }; log { source(s_src); filter(f_news); filter(f_err); destination(d_newserr); }; log { source(s_src); filter(f_news); filter(f_notice); destination(d_newsnotice); }; #log { source(s_src); filter(f_cnews); destination(d_console_all); }; #log { source(s_src); filter(f_cother); destination(d_console_all); }; #log { source(s_src); filter(f_ppp); destination(d_ppp); }; log { source(s_src); filter(f_debug); destination(d_debug); }; log { source(s_src); filter(f_error); destination(d_error); }; log { source(s_src); filter(f_messages); destination(d_messages); }; log { source(s_src); filter(f_console); destination(d_console_all); destination(d_xconsole); }; log { source(s_src); filter(f_crit); destination(d_console); }; # All messages send to a remote site # #log { source(s_src); destination(d_net); }; # remote log { source(remote); filter(remote_filter); destination(remote_dest); };
danach den Dienst neu starten
/etc/init.d/syslog-ng restart
/etc/logrotate.d/zphone_remote_syslog
/var/log/remote/*.log { rotate 7 daily compress missingok notifempty postrotate /etc/init.d/syslog-ng reload >/dev/null endscript }