From f5de870978d0ebd6b170f736e0ebb3495383068a Mon Sep 17 00:00:00 2001
From: Marc Schoechlin <marc.schoechlin@dmc.de>
Date: Wed, 25 Sep 2013 15:43:27 +0200
Subject: [PATCH] SyslogNG Konfig

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 9ab5cd7..402ede1 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,12 @@ The logged information can also be forwarded to secured logging servers using st
  * If you like:
     * Disable string escaping on system which are using rsyslogd (i.e. Ubuntu systems with rsyslogd)
     * Redirect the auditshell logs to another logfile using syslog configuration 
+       * Syslog-NG
+      ```bash
+      filter f_auditshell { match('^auditshell'); };
+      destination auditshell { file("/var/log/auditshell"); };
+      log { source(src); filter(f_auditshell); destination(auditshell); };
+      ```
  * Change shell of user
  
    ```bash