Send syslog-ng mailing list submissions to
syslog-ng@lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request@lists.balabit.hu

You can reach the person managing the list at
syslog-ng-owner@lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."


Today's Topics:

1. Re: Is this possible in syslog-ng.conf . (v2.0.2)
(Balazs Scheidler)
2. Re: Setting permissions on log files (Balazs Scheidler)
3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel)
4. compilation errors with --enable-spoof-source
(Ravi Papisetti -X (rpapiset - HCL at Cisco))
5. Re: Is this possible in syslog-ng.conf . (v2.0.2)
(Balazs Scheidler)
6. Re: compilation errors with --enable-spoof-source
(Balazs Scheidler)
7. RE: compilation errors with --enable-spoof-source
(Ravi Papisetti -X (rpapiset - HCL at Cisco))
8. RE: compilation errors with --enable-spoof-source
(Balazs Scheidler)


----------------------------------------------------------------------

Message: 1
Date: Mon, 19 Feb 2007 17:14:12 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: Syslog-ng users' and developers' mailing list

Message-ID: <1171901652.11781.7.camel@bzorp.balabit>
Content-Type: text/plain

On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:

> Ok . IMO counter intuitive , Tho reasonable with your explanation .
> One is very used to the 'source' in FW/router/...'s as being the source
> device(s) IP from where a packet came from .

syslog-ng is not a firewall :) this is sometimes strange to me as well,
being involved in firewall products as well. But putting the joke aside,
syslog-ng is a "syslog message pipe" processor: sources generate
messages, destinations serve as message sinks. Some filtering here and
there, that's about syslog-ng's internal structure.

So, naming source as a source is consistent with syslog-ng itself.

> An aside , Can one do the 'Formatting' like my example above , again
> no examples show up like that , but I am hopeful .
>
>
> > To do that you need the netmask() filter.
>
> Next time I'll go looking at the Blog at Gmane first before shooting my
> mouth off . netmask was just the hint I needed .
> Tho it sure would be nice for netmask() to support the /xx bits netmask
> format .

It does support this format.

--
Bazsi



------------------------------

Message: 2
Date: Mon, 19 Feb 2007 17:15:57 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Setting permissions on log files
To: Syslog-ng users' and developers' mailing list

Message-ID: <1171901757.11781.10.camel@bzorp.balabit>
Content-Type: text/plain

On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
> With the 'file' destination, Syslog-ng modifies the ownership and
> permissions of the file when it opens it. There are configuration
> file options to choose what it sets them to, but AFAICT, no way to
> have Syslog-ng just leave the files as it finds them.
>
> I prefer to maintain permissions and ownership separately; I set them
> when I create the file and expect them to stick. Could there be a
> configuration file option for that?
>

IIRC, you can use -1 for various options, which means "do not touch".
But I would need to test it. The code in the C part is there, the only
question that remains whether the parser accepts "-1" in the place of
owner/group/permissions.

--
Bazsi



------------------------------

Message: 3
Date: Mon, 19 Feb 2007 09:02:15 -0800
From: Evan Rempel
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: "Syslog-ng users' and developers' mailing list"

Message-ID: <45D9D817.7050309@uvic.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Balazs Scheidler wrote:
> On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
>
>> Ok . IMO counter intuitive , Tho reasonable with your explanation .
>> One is very used to the 'source' in FW/router/...'s as being the source
>> device(s) IP from where a packet came from .
>
> syslog-ng is not a firewall :) this is sometimes strange to me as well,
> being involved in firewall products as well. But putting the joke aside,
> syslog-ng is a "syslog message pipe" processor: sources generate
> messages, destinations serve as message sinks. Some filtering here and
> there, that's about syslog-ng's internal structure.
>
> So, naming source as a source is consistent with syslog-ng itself.

I think that the author of the original comment was refereing to the IP address binding
in the source definition

source network { tcp( ip(xxxx) ); };

where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
Perhaps the syntax should be

source network { tcp( bind(xxxx) ); };

since the bind address MUST be ip since the definition is already defined to be tcp.

I think it is a little counter intuitive even within the scope of syslog-ng.

Evan.


>
>> An aside , Can one do the 'Formatting' like my example above , again
>> no examples show up like that , but I am hopeful .
>>
>>
>>> To do that you need the netmask() filter.
>> Next time I'll go looking at the Blog at Gmane first before shooting my
>> mouth off . netmask was just the hint I needed .
>> Tho it sure would be nice for netmask() to support the /xx bits netmask
>> format .
>
> It does support this format.
>


--
Evan Rempel erempel@uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria


------------------------------

Message: 4
Date: Mon, 19 Feb 2007 13:09:41 -0600
From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"

Subject: [syslog-ng] compilation errors with --enable-spoof-source
To: "syslog-ng@lists.balabit.hu"
Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

I am using syslog-ng 1.6.11 and trying to compile this package with
./configure --enable-spoof-source, it throws errors as below

checking whether to enable Sun STREAMS support... yes
checking whether to enable Sun door support... yes
checking whether to enable TCP wrapper support... no
checking whether to enable spoof_source support... ./configure: test: too many arguments
configure: error: libnet-config not found

It compiles fine without --enable-spoof-source this option. Could you do the needful.

Thanks,
Ravi Kumar P.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/dc8ca38e/attachment-0001.html

------------------------------

Message: 5
Date: Mon, 19 Feb 2007 20:23:01 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2)
To: Syslog-ng users' and developers' mailing list

Message-ID: <1171912981.11781.12.camel@bzorp.balabit>
Content-Type: text/plain

On Mon, 2007-02-19 at 09:02 -0800, Evan Rempel wrote:
> Balazs Scheidler wrote:
> > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> >
> >> Ok . IMO counter intuitive , Tho reasonable with your explanation .
> >> One is very used to the 'source' in FW/router/...'s as being the source
> >> device(s) IP from where a packet came from .
> >
> > syslog-ng is not a firewall :) this is sometimes strange to me as well,
> > being involved in firewall products as well. But putting the joke aside,
> > syslog-ng is a "syslog message pipe" processor: sources generate
> > messages, destinations serve as message sinks. Some filtering here and
> > there, that's about syslog-ng's internal structure.
> >
> > So, naming source as a source is consistent with syslog-ng itself.
>
> I think that the author of the original comment was refereing to the IP address binding
> in the source definition
>
> source network { tcp( ip(xxxx) ); };
>
> where the IP address is NOT the source at all, it is a local IP address to bind the listener to.
> Perhaps the syntax should be
>
> source network { tcp( bind(xxxx) ); };
>
> since the bind address MUST be ip since the definition is already defined to be tcp.
>
> I think it is a little counter intuitive even within the scope of syslog-ng.
>

ip is an alias for localip(), but it's true that all examples use ip().

--
Bazsi



------------------------------

Message: 6
Date: Mon, 19 Feb 2007 20:23:34 +0100
From: Balazs Scheidler
Subject: Re: [syslog-ng] compilation errors with --enable-spoof-source
To: Syslog-ng users' and developers' mailing list

Message-ID: <1171913014.11781.14.camel@bzorp.balabit>
Content-Type: text/plain

On Mon, 2007-02-19 at 13:09 -0600, Ravi Papisetti -X (rpapiset - HCL at
Cisco) wrote:
> Hi,
>
> I am using syslog-ng 1.6.11 and trying to compile this package with
> ./configure --enable-spoof-source, it throws errors as below
>
> checking whether to enable Sun STREAMS support... yes
> checking whether to enable Sun door support... yes
> checking whether to enable TCP wrapper support... no
> checking whether to enable spoof_source support... ./configure: test:
> too many arguments
> configure: error: libnet-config not found
>
> It compiles fine without --enable-spoof-source this option. Could you
> do the needful.
>

You need libnet in order to compile syslog-ng with spoof source support.

--
Bazsi



------------------------------

Message: 7
Date: Mon, 19 Feb 2007 16:36:42 -0600
From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"

Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
To: "Syslog-ng users' and developers' mailing list"

Message-ID: <6F4AD076-DD4B-45CE-9B37-8C326CB89BA9@mimectl>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070219/5f74b573/attachment-0001.htm

------------------------------

Message: 8
Date: Tue, 20 Feb 2007 08:59:33 +0000
From: Balazs Scheidler
Subject: RE: [syslog-ng] compilation errors with --enable-spoof-source
To: Syslog-ng users' and developers' mailing list

Message-ID: <1171961973.9887.0.camel@bzorp.balabit>
Content-Type: text/plain

On Mon, 2007-02-19 at 16:36 -0600, Ravi Papisetti -X (rpapiset - HCL at
Cisco) wrote:
> Already that is installed in my m/c. Compilations went successful
> without this option. I understand that libnet is to compile this
> package.
>
> Let us know how to check if Libnet package installation is fine in my
> system or not.

if libnet is installed, you should have a script called libnet-config
somewhere in your path. that's what the configure script does not find.

--
Bazsi



------------------------------

_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng


End of syslog-ng Digest, Vol 22, Issue 21
*****************************************