[syslog-ng] syslog-ng Digest, Vol 96, Issue 6
Yarick Tsagoyko
yarick at yarick.com
Tue Apr 9 01:43:55 CEST 2013
Dear Ramon, the config looks ok, What is the issue you are having ?
--Yarick.
On Mon, Apr 8, 2013 at 3:25 PM, <syslog-ng-request at lists.balabit.hu> wrote:
> Send syslog-ng mailing list submissions to
> syslog-ng at lists.balabit.hu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> or, via email, send a message with subject or body 'help' to
> syslog-ng-request at lists.balabit.hu
>
> You can reach the person managing the list at
> syslog-ng-owner at lists.balabit.hu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of syslog-ng digest..."
>
>
> Today's Topics:
>
> 1. Re: Syslog-ng 3.1.4 on OpenBSD 5.2 (Ramon F McDougall)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 8 Apr 2013 15:25:25 -0400
> From: Ramon F McDougall <cyberjet at live.com>
> Subject: Re: [syslog-ng] Syslog-ng 3.1.4 on OpenBSD 5.2
> To: "syslog-ng at lists.balabit.hu" <syslog-ng at lists.balabit.hu>
> Message-ID: <BAY148-W654AE36D7E7FB13020FC85B7C50 at phx.gbl>
> Content-Type: text/plain; charset="windows-1252"
>
> Greetings
> to All,
>
>
>
> I
> need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and
> decided to
> try syslog-ng to work under this environment. I?m not 100% sure(trying to
> learn about all these things) that it?s
> working the way it?s supposed to. I followed an example detailed in this
> link:
> http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html
>
> It?s my hope that someone with much more expertise than I share
> some of their knowledge so that I can get this working. I have configured
> the
> firewall to send to my syslog server v3.1.4. Does anyone have this working
> on
> OpenBSD and can share their config files?
>
>
>
> $ cd syslog-ng
>
> syslog-ng.conf
> syslog-ng.conf.original
>
> $ more syslog-ng.conf
>
> # syslog-ng configuration file for OpenBSD.
>
> # This should provide the same behavior as OpenBSD's
> syslog.conf(5).
>
> # 2010-07-18 steven at openbsd.org
>
>
>
> @version: 3.0
>
>
>
> options {
>
> use_dns(no);
>
>
> create_dirs(no);
>
>
> keep_hostname(yes);
>
> };
>
>
>
> source s_local {
>
> unix-dgram
> ("/dev/log");
>
> unix-dgram
> ("/var/empty/dev/log");
>
> internal();
>
> };
>
> #source s_local_all {
>
> # unix-dgram
> ("/dev/log");
>
> # unix-dgram
> ("/var/empty/dev/log");
>
> # unix-dgram
> ("/var/www/dev/log");
>
> # internal();
>
> #};
>
> #source s_net {
>
> #
> udp(port(514));
>
> #};
>
>
>
> destination d_console
> { file("/dev/console");
> };
>
> destination d_messages
> { file("/var/log/messages" owner(root) group(wheel)
> perm(0644)); };
>
> destination d_authlog
> { file("/var/log/authlog" owner(root) group(wheel)
> perm(0640)); };
>
> destination d_secure
> { file("/var/log/secure" owner(root) group(wheel)
> perm(0600)); };
>
> destination d_cronlog
> { file("/var/cron/log" owner(root) group(wheel)
> perm(0600)); };
>
> destination d_daemon
> { file("/var/log/daemon" owner(root) group(wheel)
> perm(0640)); };
>
> destination d_xferlog
> { file("/var/log/xferlog" owner(root) group(wheel)
> perm(0640)); };
>
> destination d_lpderrs
> { file("/var/log/lpd-errs" owner(root) group(wheel)
> perm(0640)); };
>
> destination d_maillog
> { file("/var/log/maillog" owner(root) group(wheel)
> perm(0600)); };
>
> destination d_uucplog
> { file("/var/log/uucp" owner(uucp) group(dialer)
> perm(0660)); };
>
> destination d_sudolog
> { file("/var/log/sudo");
> };
>
> destination d_chatlog
> { file("/var/log/chat");
> };
>
> destination d_ttyall
> { usertty("*");
> };
>
> destination d_ttyroot
> { usertty("root");
> };
>
> destination d_loghost
> { udp("loghost" port(514));
> };
>
>
>
> destination d_network_hosts { file
> ("/var/log/bcm/$HOST.log"); };
>
>
>
> filter f_notice {
>
> level(notice
> .. emerg)
>
> and
> not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));
>
> };
>
> filter f_kerndebug {
>
> level(debug ..
> emerg) and facility(kern);
>
> };
>
> filter f_msginfo {
>
> level(info ..
> emerg) and facility(syslog,user);
>
> };
>
> filter f_authinfo {
>
> level(info ..
> emerg) and facility(auth);
>
> };
>
> filter f_authprivdebug {
>
> level(debug ..
> emerg) and facility(authpriv);
>
> };
>
> filter f_croninfo {
>
> level(info ..
> emerg) and facility(cron);
>
> };
>
> filter f_daemoninfo {
>
> level(info ..
> emerg) and facility(daemon);
>
> };
>
> filter f_ftpinfo {
>
> level(info ..
> emerg) and facility(ftp);
>
> };
>
> filter f_lprdebug {
>
> level(debug ..
> emerg) and facility(lpr);
>
> };
>
> filter f_mailinfo {
>
> level(info ..
> emerg) and facility(mail);
>
> };
>
> filter f_uucpinfo {
>
> level(info ..
> emerg) and facility(uucp);
>
> };
>
> filter f_emerg {
>
> level(emerg);
>
> };
>
> filter f_to_console {
>
> not
> (facility(authpriv)) and
>
> ((level(notice
> .. emerg) and facility(auth))
>
> or
> (level(debug .. emerg) and facility(kern))
>
> or (level(crit
> .. emerg) and facility(mail))
>
> or level(err
> .. emerg));
>
> };
>
> filter f_to_root {
>
> (level(debug
> .. emerg) and facility(auth))
>
> or (level(notice .. emerg));
>
> };
>
> filter f_to_loghost {
>
> (level(notice
> .. emerg) and
>
> not
> (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))
>
> or (level(info
> .. emerg) and facility(auth,daemon,syslog,user))
>
> or
> (level(debug .. emerg) and facility(authpriv,kern));
>
> };
>
> filter f_prog_sudo {
>
>
> program("sudo");
>
> };
>
> filter f_prog_chat {
>
>
> program("chat");
>
> };
>
>
>
> log { source(s_local); filter(f_notice); destination(d_messages);};
>
> log { source(s_local); filter(f_kerndebug); destination(d_messages);};
>
> log { source(s_local); filter(f_msginfo); destination(d_messages);};
>
> log { source(s_local); filter(f_authinfo); destination(d_authlog); };
>
> log { source(s_local); filter(f_authprivdebug);
> destination(d_secure); };
>
> log { source(s_local); filter(f_croninfo); destination(d_cronlog); };
>
> log { source(s_local); filter(f_daemoninfo); destination(d_daemon); };
>
> log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); };
>
> log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); };
>
> log { source(s_local); filter(f_mailinfo); destination(d_maillog); };
>
> #log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); };
>
>
>
> # Uncomment this line to send "important" messages
> to the system
>
> # console: be aware that this could create lots of output.
>
> #log { source(s_local); filter(f_to_console); destination(d_console); };
>
>
>
> # Uncomment this to have all messages of notice level and
> higher
>
> # as well as all authentication messages sent to root.
>
> #log { source(s_local); filter(f_to_root); destination(d_ttyroot); };
>
>
>
> # Everyone gets emergency messages.
>
> log { source(s_local); filter(f_emerg); destination(d_ttyall); };
>
>
>
> # Uncomment to log to a central host named
> "loghost".
>
> #log { source(s_local); filter(f_to_loghost); destination(d_loghost); };
>
>
>
> # Uncomment to log messages from sudo(8) and chat(8) to
> their own
>
> # respective log files.
> Matches are done based on the program name.
>
> # Program-specific logs:
>
> #log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); };
>
> #log { source(s_local); filter(f_prog_chat); destination(d_chatlog); };
>
>
>
> # Uncomment to log messages from the network.
>
> # Note: it is recommended to specify a different destination
> here.
>
> #log { source(s_net); destination(d_messages); };
>
> $ syslog-ng-ctl
>
> Syntax: syslog-ng-ctl <command> [options]
>
> Possible commands are:
>
> stats Dump syslog-ng statistics
>
> verbose Enable/query verbose messages
>
> debug Enable/query debug messages
>
> trace Enable/query trace messages
>
>
>
> # syslog-ng-ctl stats
>
> SourceName;SourceId;SourceInstance;State;Type;Number
>
> center;;received;a;processed;0
>
> destination;d_lpderrs;;a;processed;0
>
> destination;d_messages;;a;processed;6
>
> src.internal;s_local#2;;a;processed;5
>
> src.internal;s_local#2;;a;stamp;1365446582
>
> destination;d_daemon;;a;processed;0
>
> destination;d_secure;;a;processed;0
>
> center;;queued;a;processed;0
>
> global;payload_reallocs;;a;processed;0
>
> global;sdata_updates;;a;processed;0
>
> destination;d_xferlog;;a;processed;0
>
> destination;d_authlog;;a;processed;2
>
> destination;d_cronlog;;a;processed;0
>
> destination;d_maillog;;a;processed;0
>
> global;msg_clones;;a;processed;0
>
> source;s_local;;a;processed;7
>
> destination;d_ttyall;;a;processed;0
>
> # syslog-ng-ctl verbose --set=on
>
> # syslog-ng-ctl stats
>
> SourceName;SourceId;SourceInstance;State;Type;Number
>
> center;;received;a;processed;0
>
> destination;d_lpderrs;;a;processed;0
>
> destination;d_messages;;a;processed;9
>
> src.internal;s_local#2;;a;processed;8
>
> src.internal;s_local#2;;a;stamp;1365446909
>
> destination;d_daemon;;a;processed;0
>
> destination;d_secure;;a;processed;0
>
> center;;queued;a;processed;0
>
> global;payload_reallocs;;a;processed;0
>
> global;sdata_updates;;a;processed;0
>
> destination;d_xferlog;;a;processed;0
>
> destination;d_authlog;;a;processed;2
>
> destination;d_cronlog;;a;processed;0
>
> destination;d_maillog;;a;processed;0
>
> global;msg_clones;;a;processed;0
>
> source;s_local;;a;processed;10
>
> destination;d_ttyall;;a;processed;0
>
> #
> Please let me know what more information you need to be able to help.
> Regards and Thank you,?Ramon
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/2d5f9095/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>
>
> End of syslog-ng Digest, Vol 96, Issue 6
> ****************************************
>
--
Yarick Tsagoyko
yarick at yarick.com
+1 443 255 2388
Advisory Notice: Email is covered by the Electronic Communications Privacy
Act and is legally privileged, but inherently insecure. Content may be
subject to alteration: email addresses may incorrectly identify the sender.
This email transmission, and any documents, files, or previous email
messages attached to it may be privileged and confidential, and are
intended only for the use of the recipient(s) named in the address field.
If the reader of this message is not an intended recipient, or the employee
or agent responsible to deliver it to the recipient, you are hereby
notified that any dissemination, distribution, or copying of this message
or its contents is strictly prohibited. If you have received this message
in error, please notify me by telephone or return email and delete it and
any attachments from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/6181f501/attachment.htm
More information about the syslog-ng
mailing list