<div dir="ltr"><div><div>Dear Ramon, the config looks ok, What is the issue you are having ?<br></div> <br></div>--Yarick.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 8, 2013 at 3:25 PM, <span dir="ltr"><<a href="mailto:syslog-ng-request@lists.balabit.hu" target="_blank">syslog-ng-request@lists.balabit.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send syslog-ng mailing list submissions to<br>
<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:syslog-ng-request@lists.balabit.hu">syslog-ng-request@lists.balabit.hu</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:syslog-ng-owner@lists.balabit.hu">syslog-ng-owner@lists.balabit.hu</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of syslog-ng digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Syslog-ng 3.1.4 on OpenBSD 5.2 (Ramon F McDougall)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Mon, 8 Apr 2013 15:25:25 -0400<br>
From: Ramon F McDougall <<a href="mailto:cyberjet@live.com">cyberjet@live.com</a>><br>
Subject: Re: [syslog-ng] Syslog-ng 3.1.4 on OpenBSD 5.2<br>
To: "<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>" <<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a>><br>
Message-ID: <BAY148-W654AE36D7E7FB13020FC85B7C50@phx.gbl><br>
Content-Type: text/plain; charset="windows-1252"<br>
<br>
Greetings<br>
to All,<br>
<br>
<br>
<br>
I<br>
need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and decided to<br>
try syslog-ng to work under this environment. I?m not 100% sure(trying to learn about all these things) that it?s<br>
working the way it?s supposed to. I followed an example detailed in this link: <a href="http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html" target="_blank">http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html</a><br>
<br>
It?s my hope that someone with much more expertise than I share<br>
some of their knowledge so that I can get this working. I have configured the<br>
firewall to send to my syslog server v3.1.4. Does anyone have this working on<br>
OpenBSD and can share their config files?<br>
<br>
<br>
<br>
$ cd syslog-ng<br>
<br>
syslog-ng.conf<br>
syslog-ng.conf.original<br>
<br>
$ more syslog-ng.conf<br>
<br>
# syslog-ng configuration file for OpenBSD.<br>
<br>
# This should provide the same behavior as OpenBSD's<br>
syslog.conf(5).<br>
<br>
# 2010-07-18 <a href="mailto:steven@openbsd.org">steven@openbsd.org</a><br>
<br>
<br>
<br>
@version: 3.0<br>
<br>
<br>
<br>
options {<br>
<br>
use_dns(no);<br>
<br>
<br>
create_dirs(no);<br>
<br>
<br>
keep_hostname(yes);<br>
<br>
};<br>
<br>
<br>
<br>
source s_local {<br>
<br>
unix-dgram<br>
("/dev/log");<br>
<br>
unix-dgram<br>
("/var/empty/dev/log");<br>
<br>
internal();<br>
<br>
};<br>
<br>
#source s_local_all {<br>
<br>
# unix-dgram<br>
("/dev/log");<br>
<br>
# unix-dgram<br>
("/var/empty/dev/log");<br>
<br>
# unix-dgram<br>
("/var/www/dev/log");<br>
<br>
# internal();<br>
<br>
#};<br>
<br>
#source s_net {<br>
<br>
#<br>
udp(port(514));<br>
<br>
#};<br>
<br>
<br>
<br>
destination d_console<br>
{ file("/dev/console");<br>
};<br>
<br>
destination d_messages<br>
{ file("/var/log/messages" owner(root) group(wheel)<br>
perm(0644)); };<br>
<br>
destination d_authlog<br>
{ file("/var/log/authlog" owner(root) group(wheel)<br>
perm(0640)); };<br>
<br>
destination d_secure<br>
{ file("/var/log/secure" owner(root) group(wheel)<br>
perm(0600)); };<br>
<br>
destination d_cronlog<br>
{ file("/var/cron/log" owner(root) group(wheel)<br>
perm(0600)); };<br>
<br>
destination d_daemon<br>
{ file("/var/log/daemon" owner(root) group(wheel)<br>
perm(0640)); };<br>
<br>
destination d_xferlog<br>
{ file("/var/log/xferlog" owner(root) group(wheel)<br>
perm(0640)); };<br>
<br>
destination d_lpderrs<br>
{ file("/var/log/lpd-errs" owner(root) group(wheel)<br>
perm(0640)); };<br>
<br>
destination d_maillog<br>
{ file("/var/log/maillog" owner(root) group(wheel)<br>
perm(0600)); };<br>
<br>
destination d_uucplog<br>
{ file("/var/log/uucp" owner(uucp) group(dialer)<br>
perm(0660)); };<br>
<br>
destination d_sudolog<br>
{ file("/var/log/sudo");<br>
};<br>
<br>
destination d_chatlog<br>
{ file("/var/log/chat");<br>
};<br>
<br>
destination d_ttyall<br>
{ usertty("*");<br>
};<br>
<br>
destination d_ttyroot<br>
{ usertty("root");<br>
};<br>
<br>
destination d_loghost<br>
{ udp("loghost" port(514));<br>
};<br>
<br>
<br>
<br>
destination d_network_hosts { file<br>
("/var/log/bcm/$HOST.log"); };<br>
<br>
<br>
<br>
filter f_notice {<br>
<br>
level(notice<br>
.. emerg)<br>
<br>
and<br>
not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));<br>
<br>
};<br>
<br>
filter f_kerndebug {<br>
<br>
level(debug ..<br>
emerg) and facility(kern);<br>
<br>
};<br>
<br>
filter f_msginfo {<br>
<br>
level(info ..<br>
emerg) and facility(syslog,user);<br>
<br>
};<br>
<br>
filter f_authinfo {<br>
<br>
level(info ..<br>
emerg) and facility(auth);<br>
<br>
};<br>
<br>
filter f_authprivdebug {<br>
<br>
level(debug ..<br>
emerg) and facility(authpriv);<br>
<br>
};<br>
<br>
filter f_croninfo {<br>
<br>
level(info ..<br>
emerg) and facility(cron);<br>
<br>
};<br>
<br>
filter f_daemoninfo {<br>
<br>
level(info ..<br>
emerg) and facility(daemon);<br>
<br>
};<br>
<br>
filter f_ftpinfo {<br>
<br>
level(info ..<br>
emerg) and facility(ftp);<br>
<br>
};<br>
<br>
filter f_lprdebug {<br>
<br>
level(debug ..<br>
emerg) and facility(lpr);<br>
<br>
};<br>
<br>
filter f_mailinfo {<br>
<br>
level(info ..<br>
emerg) and facility(mail);<br>
<br>
};<br>
<br>
filter f_uucpinfo {<br>
<br>
level(info ..<br>
emerg) and facility(uucp);<br>
<br>
};<br>
<br>
filter f_emerg {<br>
<br>
level(emerg);<br>
<br>
};<br>
<br>
filter f_to_console {<br>
<br>
not<br>
(facility(authpriv)) and<br>
<br>
((level(notice<br>
.. emerg) and facility(auth))<br>
<br>
or<br>
(level(debug .. emerg) and facility(kern))<br>
<br>
or (level(crit<br>
.. emerg) and facility(mail))<br>
<br>
or level(err<br>
.. emerg));<br>
<br>
};<br>
<br>
filter f_to_root {<br>
<br>
(level(debug<br>
.. emerg) and facility(auth))<br>
<br>
or (level(notice .. emerg));<br>
<br>
};<br>
<br>
filter f_to_loghost {<br>
<br>
(level(notice<br>
.. emerg) and<br>
<br>
not<br>
(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))<br>
<br>
or (level(info<br>
.. emerg) and facility(auth,daemon,syslog,user))<br>
<br>
or<br>
(level(debug .. emerg) and facility(authpriv,kern));<br>
<br>
};<br>
<br>
filter f_prog_sudo {<br>
<br>
<br>
program("sudo");<br>
<br>
};<br>
<br>
filter f_prog_chat {<br>
<br>
<br>
program("chat");<br>
<br>
};<br>
<br>
<br>
<br>
log { source(s_local); filter(f_notice); destination(d_messages);};<br>
<br>
log { source(s_local); filter(f_kerndebug); destination(d_messages);};<br>
<br>
log { source(s_local); filter(f_msginfo); destination(d_messages);};<br>
<br>
log { source(s_local); filter(f_authinfo); destination(d_authlog); };<br>
<br>
log { source(s_local); filter(f_authprivdebug);<br>
destination(d_secure); };<br>
<br>
log { source(s_local); filter(f_croninfo); destination(d_cronlog); };<br>
<br>
log { source(s_local); filter(f_daemoninfo); destination(d_daemon); };<br>
<br>
log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); };<br>
<br>
log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); };<br>
<br>
log { source(s_local); filter(f_mailinfo); destination(d_maillog); };<br>
<br>
#log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); };<br>
<br>
<br>
<br>
# Uncomment this line to send "important" messages<br>
to the system<br>
<br>
# console: be aware that this could create lots of output.<br>
<br>
#log { source(s_local); filter(f_to_console); destination(d_console); };<br>
<br>
<br>
<br>
# Uncomment this to have all messages of notice level and<br>
higher<br>
<br>
# as well as all authentication messages sent to root.<br>
<br>
#log { source(s_local); filter(f_to_root); destination(d_ttyroot); };<br>
<br>
<br>
<br>
# Everyone gets emergency messages.<br>
<br>
log { source(s_local); filter(f_emerg); destination(d_ttyall); };<br>
<br>
<br>
<br>
# Uncomment to log to a central host named<br>
"loghost".<br>
<br>
#log { source(s_local); filter(f_to_loghost); destination(d_loghost); };<br>
<br>
<br>
<br>
# Uncomment to log messages from sudo(8) and chat(8) to<br>
their own<br>
<br>
# respective log files.<br>
Matches are done based on the program name.<br>
<br>
# Program-specific logs:<br>
<br>
#log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); };<br>
<br>
#log { source(s_local); filter(f_prog_chat); destination(d_chatlog); };<br>
<br>
<br>
<br>
# Uncomment to log messages from the network.<br>
<br>
# Note: it is recommended to specify a different destination<br>
here.<br>
<br>
#log { source(s_net); destination(d_messages); };<br>
<br>
$ syslog-ng-ctl<br>
<br>
Syntax: syslog-ng-ctl <command> [options]<br>
<br>
Possible commands are:<br>
<br>
stats Dump syslog-ng statistics<br>
<br>
verbose Enable/query verbose messages<br>
<br>
debug Enable/query debug messages<br>
<br>
trace Enable/query trace messages<br>
<br>
<br>
<br>
# syslog-ng-ctl stats<br>
<br>
SourceName;SourceId;SourceInstance;State;Type;Number<br>
<br>
center;;received;a;processed;0<br>
<br>
destination;d_lpderrs;;a;processed;0<br>
<br>
destination;d_messages;;a;processed;6<br>
<br>
src.internal;s_local#2;;a;processed;5<br>
<br>
src.internal;s_local#2;;a;stamp;1365446582<br>
<br>
destination;d_daemon;;a;processed;0<br>
<br>
destination;d_secure;;a;processed;0<br>
<br>
center;;queued;a;processed;0<br>
<br>
global;payload_reallocs;;a;processed;0<br>
<br>
global;sdata_updates;;a;processed;0<br>
<br>
destination;d_xferlog;;a;processed;0<br>
<br>
destination;d_authlog;;a;processed;2<br>
<br>
destination;d_cronlog;;a;processed;0<br>
<br>
destination;d_maillog;;a;processed;0<br>
<br>
global;msg_clones;;a;processed;0<br>
<br>
source;s_local;;a;processed;7<br>
<br>
destination;d_ttyall;;a;processed;0<br>
<br>
# syslog-ng-ctl verbose --set=on<br>
<br>
# syslog-ng-ctl stats<br>
<br>
SourceName;SourceId;SourceInstance;State;Type;Number<br>
<br>
center;;received;a;processed;0<br>
<br>
destination;d_lpderrs;;a;processed;0<br>
<br>
destination;d_messages;;a;processed;9<br>
<br>
src.internal;s_local#2;;a;processed;8<br>
<br>
src.internal;s_local#2;;a;stamp;1365446909<br>
<br>
destination;d_daemon;;a;processed;0<br>
<br>
destination;d_secure;;a;processed;0<br>
<br>
center;;queued;a;processed;0<br>
<br>
global;payload_reallocs;;a;processed;0<br>
<br>
global;sdata_updates;;a;processed;0<br>
<br>
destination;d_xferlog;;a;processed;0<br>
<br>
destination;d_authlog;;a;processed;2<br>
<br>
destination;d_cronlog;;a;processed;0<br>
<br>
destination;d_maillog;;a;processed;0<br>
<br>
global;msg_clones;;a;processed;0<br>
<br>
source;s_local;;a;processed;10<br>
<br>
destination;d_ttyall;;a;processed;0<br>
<br>
#<br>
Please let me know what more information you need to be able to help. Regards and Thank you,?Ramon<br>
<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/2d5f9095/attachment.htm" target="_blank">http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/2d5f9095/attachment.htm</a><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
syslog-ng maillist - <a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
<br>
<br>
End of syslog-ng Digest, Vol 96, Issue 6<br>
****************************************<br>
</blockquote></div><br><br clear="all"><br>-- <br><div>Yarick Tsagoyko</div><div><a href="mailto:yarick@yarick.com" target="_blank">yarick@yarick.com</a></div><div>+1 443 255 2388</div><div><br></div>Advisory Notice: Email is covered by the Electronic Communications Privacy Act and is legally privileged, but inherently insecure. Content may be subject to alteration: email addresses may incorrectly identify the sender. This email transmission, and any documents, files, or previous email messages attached to it may be privileged and confidential, and are intended only for the use of the recipient(s) named in the address field. If the reader of this message is not an intended recipient, or the employee or agent responsible to deliver it to the recipient, you are hereby notified that any dissemination, distribution, or copying of this message or its contents is strictly prohibited. If you have received this message in error, please notify me by telephone or return email and delete it and any attachments from your computer. <br>
</div>