[syslog-ng] ipfw logging
Ilya
maillist@krel.org
Wed, 31 May 2000 01:36:19 -0400
I am running on Freebsd 4.0 stable.
i just kept it the way documentation and examples have it and had no problem
except with ipfw
----- Original Message -----
From: "Hamilton, Andrew Mr." <HamiltonA@hq.5sigcmd.army.mil>
To: <syslog-ng@venus.terrasoft.hu>
Sent: Wednesday, May 31, 2000 1:07 AM
Subject: RE: [syslog-ng] ipfw logging
> What are you running on? Your source in src looks a little strange. Most
> sources are something like /dev/log. What is coming in to /var/run/log?
Do
> you have something putting log messages into a file?
>
> Drew
>
> > -----Original Message-----
> > From: maillist [SMTP:maillist@krel.org]
> > Sent: Tuesday, May 30, 2000 11:21 PM
> > To: syslog-ng@venus.terrasoft.hu
> > Subject: [syslog-ng] ipfw logging
> >
> > hi, ive been trying for two days to log ipfw messages to separate file
and
> > with no success. as soon as i turn on old syslogd with
> > !ipfw
> > *.* /var/log/ipfw
> > it works
> > but syslog-ng with:
> > source src { unix-dgram("/var/run/log"); udp(); internal(); }
> > destination ipfw { file("/var/log/ipfw.log"); };
> > filter f_ipfw { program("ipfw"); };
> > log { source(src); filter("f_ipfw"); destination("ipfw"); };
> > just doesnt catch anything, all the messages from ipfw appear on
console,
> > but not in any file, even not in all.log!
> >
> > here is my full config:
> > # options
> > options { long_hostnames(off); sync(0); };
> >
> > # sources
> > source src { unix-dgram("/var/run/log"); udp(); internal(); };
> > source src2 { unix-dgram("/var/run/log2"); udp(ip(xxx.xxx.xxx.xxx)
> > port(514)); };
> >
> > # destinations
> > destination messages { file("/var/log/messages"); };
> > destination security { file("/var/log/security"); };
> > destination maillog { file("/var/log/maillog"); };
> > destination lpd-errs { file("/var/log/lpd-errs"); };
> > destination cron { file("/var/log/cron"); };
> > destination all { file("/var/log/all.log"); };
> > destination newscrit { file("/var/log/news/news.crit"); };
> > destination newserr { file("/var/log/news/news.err"); };
> > destination newsnotice { file("/var/log/news/news.notice"); };
> > destination slip { file("/var/log/slip.log"); };
> > destination ppp { file("/var/log/ppp.log"); };
> > destination console { file("/dev/console"); };
> > destination root { usertty("root"); };
> > destination allusers { usertty("*"); };
> > destination rogue { file("/var/log/rogue"); };
> > destination cobalt { file("/var/log/cobalt"); };
> > destination cisco { file("/var/log/cisco"); };
> > destination voyager { file("/var/log/voyager"); };
> > destination lists { file("/var/log/lists"); };
> > destination lists_m { file("/var/log/lists.sendmail"); };
> > destination apollo { file("/var/log/apollo"); };
> > destination samson { file("/var/log/samson"); };
> > destination samson_d { file("/var/log/samson.bind"); };
> > destination bugsy { file("/var/log/bugsy"); };
> > #destination loghost { udp("loghost" port(514)); };
> > destination goblin { file("/var/log/goblin"); };
> > destination allsec { file("/var/log/allsec"); };
> > destination samson.named { file("/var/log/named"); };
> > destination ipfw { file("/var/log/ipfw.log"); };
> >
> > # log facility filters
> > filter f_auth { facility(auth); };
> > filter f_authpriv { facility(authpriv); };
> > filter f_cron { facility(cron); };
> > filter f_daemon { facility(daemon); };
> > filter f_ftp { facility(ftp); };
> > filter f_kern { facility(kern); };
> > filter f_lpr { facility(lpr); };
> > filter f_mail { facility(mail); };
> > filter f_news { facility(news); };
> > filter f_security { facility(security); };
> > filter f_user { facility(user); };
> > filter f_uucp { facility(uucp); };
> > filter f_local0 { facility(local0); };
> > filter f_local1 { facility(local1); };
> > filter f_local2 { facility(local2); };
> > filter f_local3 { facility(local3); };
> > filter f_local4 { facility(local4); };
> > filter f_local5 { facility(local5); };
> > filter f_local6 { facility(local6); };
> > filter f_local7 { facility(local7); };
> >
> > # log host filters
> > filter h_rogue { host("rogue"); };
> > filter h_cobalt { host("www"); };
> > filter h_cisco { host("cisco"); };
> > filter h_voyager { host("voyager"); };
> > filter h_lists { host("lists"); };
> > filter h_apollo { host("apollo"); };
> > filter h_samson { host("samson"); };
> > filter h_bugsy { host("bugsy"); };
> > filter h_goblin { host("goblin"); };
> >
> > # log level filters
> > filter f_emerg { level(emerg); };
> > filter f_alert { level(alert..emerg); };
> > filter f_crit { level(crit..emerg); };
> > filter f_err { level(err..emerg); };
> > filter f_warning { level(warning..emerg); };
> > filter f_notice { level(notice..emerg); };
> > filter f_info { level(info..emerg); };
> > filter f_debug { level(debug..emerg); };
> >
> > # program filters
> > filter f_ppp { program("ppp"); };
> > filter f_slip { program("startslip"); };
> > filter f_send { program("sendmail"); };
> > filter nf_send { not program("sendmail"); };
> > filter f_bind { program("named"); };
> > filter nf_bind { not program("named"); };
> > filter f_ipfw { program("ipfw"); };
> > #filter nf_ipfw { not program("ipfw"); };
> >
> >
> >
> > log { source(src2); filter("f_ipfw"); destination("ipfw"); };
> >
> > # *.err;kern.debug;auth.notice;mail.crit /dev/console
> > log { source(src); filter(f_err); destination(console); };
> > log { source(src); filter(f_kern); filter(f_debug);
destination(console);
> > };
> > log { source(src); filter(f_auth); filter(f_notice);
destination(console);
> > };
> > log { source(src); filter(f_mail); filter(f_crit); destination(console);
> > };
> >
> > # *.notice;kern.debug;lpr.info;mail.crit;news.err
/var/log/messages
> > log { source(src); filter(f_notice); destination(messages); };
> > log { source(src); filter(f_kern); filter(f_debug);
destination(messages);
> > };
> > log { source(src); filter(f_lpr); filter(f_info); destination(messages);
> > };
> > log { source(src); filter(f_mail); filter(f_crit);
destination(messages);
> > };
> > log { source(src); filter(f_news); filter(f_err); destination(messages);
> > };
> >
> > # security.*
/var/log/security
> > log { source(src); filter(f_security); destination(security); };
> >
> > # mail.info /var/log/maillog
> > log { source(src); filter(f_mail); filter(f_info); destination(maillog);
> > };
> >
> > # lpr.info
/var/log/lpd-errs
> > log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs);
> > };
> >
> > # cron.* /var/log/cron
> > log { source(src); filter(f_cron); destination(cron); };
> >
> > # *.err root
> > log { source(src); filter(f_err); destination(root); };
> >
> > # *.notice;news.err root
> > log { source(src); filter(f_notice); destination(root); };
> > log { source(src); filter(f_news); filter(f_err); destination(root); };
> >
> > # *.alert root
> > log { source(src); filter(f_alert); destination(root); };
> >
> > # *.emerg *
> > log { source(src); filter(f_emerg); destination(allusers); };
> >
> > # uncomment this to enable logging of all log messages to
/var/log/all.log
> > # *.* /var/log/all.log
> > log { source(src); destination(all); };
> >
> > # uncomment this to enable logging to a remote loghost named loghost
> > # *.* @loghost
> > #log { source(src); destination(loghost); };
> >
> > # news.err
> > /var/log/news/news.err
> > # news.notice
> > /var/log/news/news.notice
> > #
> > #log { source(src); filter(f_news); filter(f_crit);
destination(newscrit);
> > };
> > #log { source(src); filter(f_news); filter(f_err); destination(newserr);
> > };
> > #log { source(src); filter(f_news); filter(f_notice);
> > destination(newsnotice); };
> >
> >
> > log { source("src2"); filter("h_rogue"); destination("rogue"); };
> > log { source("src2"); filter("h_cobalt"); destination("cobalt"); };
> > log { source("src2"); filter("h_cisco"); destination("cisco"); };
> > log { source("src2"); filter("h_voyager"); destination("voyager"); };
> > log { source("src2"); filter("h_lists"); filter("f_send");
> > destination("lists_m"); };
> > log { source("src2"); filter("h_lists"); filter("nf_send");
> > destination("lists"); };
> > log { source("src2"); filter("h_apollo"); destination("apollo"); };
> > log { source("src2"); filter("h_samson"); filter("f_bind");
> > destination("samson_d"); };
> > log { source("src2"); filter("h_samson"); filter("nf_bind");
> > destination("samson"); };
> > log { source("src2"); filter("h_bugsy"); destination("bugsy"); };
> > log { source("src2"); filter("h_goblin"); destination("goblin"); };
> > log { source("src2"); filter("f_security"); destination("allsec"); };
> >
> >
> > _______________________________________________
> > syslog-ng maillist - syslog-ng@lists.balabit.hu
> > http://lists.balabit.hu/mailman/listinfo/syslog-ng
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> http://lists.balabit.hu/mailman/listinfo/syslog-ng
>