# Sample Metalog configuration file 

maxsize  = 100000
maxtime  = 86400
maxfiles = 5

Kernel messages :

  facility = "kern"
  logdir   = "/var/log/kernel"

Crond :

  program  = "crond"
  logdir   = "/var/log/crond"
  
Dudes firewalled by IPTrap :

  program  = "iptrap"
  logdir   = "/var/log/iptrap"

Password failures :

  regex    = "(password|login|authentication)\s+(fail|invalid)"
  regex    = "(failed|invalid)\s+(password|login|authentication)"
  regex    = "ILLEGAL ROOT LOGIN"
  logdir   = "/var/log/pwdfail"
#  command  = "/usr/local/sbin/mail_pwd_failures.sh"  

FTP Server :

  program  = "pure-ftpd"
  logdir   = "/var/log/ftpd"
  
SSH Server :

  program  = "sshd"
  logdir   = "/var/log/sshd"

Telnet :

  program  = "login"
  logdir   = "/var/log/telnet"

Imap :

  program  = "/usr/sbin/imapd"
  logdir   = "/var/log/imap"

POP Toaster :

  program  = "/usr/sbin/ipop3d"
  logdir   = "/var/log/pop"

#Add authenticated IP addresses for SMTP relaying :

#  program  = "/usr/sbin/ipop3d"
#  regex    = "Login.+nmsgs="
#  command  = "/usr/local/sbin/add_pop_address.sh"

Mail :

  facility = "mail"
  logdir   = "/var/log/mail"

Everything important :

  facility = "*"
  minimum  = 6
  logdir   = "/var/log/everything"

Everything very important :

  facility = "*"
  minimum  = 1
  logdir   = "/var/log/critical"

#
#Uncomment and adjust the following lines to 
#your needs to enable console logging
#
# Hint: you can change the device to which
#       should be logged in /usr/sbin/consolelog.sh
#

#console logging :
#
#  facility = "*"
#  command = "/usr/sbin/consolelog.sh"