# Sample Metalog configuration file

maxsize  = 1048576  # size in bytes (1048576 = 1 megabyte)
maxtime  = 86400    # time in seconds (86400 = 1 day)
maxfiles = 10       # num files per directory

# This will capture all of the internal log messages that metalog itself
# generates.  If you use any "command" options below, you will want this
# as metalog generates a lot of status messages whenever it executes a
# command and children processes exit.

Metalog :

   program   = "metalog"
   logdir    = "/var/log/metalog"
   break     = 1

Authentication :

    facility = "auth"
    facility = "authpriv"
    logdir   = "/var/log/auth"
    break    = 1

Critical :

    facility = "*"
    minimum  = 1
    logdir   = "/var/log/critical"
    break    = 1

Password failures :

    regex    = "(password|login|authentication)\s+(fail|invalid)"
    regex    = "(failed|invalid)\s+(password|login|authentication|user)"
    regex    = "ILLEGAL ROOT LOGIN"
    logdir   = "/var/log/pwdfail"
    break    = 1

Kernel messages :

    facility = "kern"
    logdir   = "/var/log/kernel"
    break    = 1

Daemons :
    facility = "daemon"
    logdir   = "/var/log/daemon"
    break    = 1

crond :

    facility = "cron"
    logdir   = "/var/log/cron"
    break    = 1

SSH Server :

    program  = "sshd"
    logdir   = "/var/log/sshd"
    break    = 1

Mail :

    facility = "mail"
    neg_regex= "starting daemon"
    logdir   = "/var/log/mail"
    break    = 1