On Mon, Apr 8, 2013 at 3:25 PM, <syslog-ng-request@lists.balabit.hu> wrote:

Send syslog-ng mailing list submissions to
syslog-ng@lists.balabit.hu

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
syslog-ng-request@lists.balabit.hu

You can reach the person managing the list at
syslog-ng-owner@lists.balabit.hu

When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."

Today's Topics:

1. Re: Syslog-ng 3.1.4 on OpenBSD 5.2 (Ramon F McDougall)

----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Apr 2013 15:25:25 -0400
From: Ramon F McDougall <cyberjet@live.com>
Subject: Re: [syslog-ng] Syslog-ng 3.1.4 on OpenBSD 5.2
To: "syslog-ng@lists.balabit.hu" <syslog-ng@lists.balabit.hu>
Message-ID: <BAY148-W654AE36D7E7FB13020FC85B7C50@phx.gbl>
Content-Type: text/plain; charset="windows-1252"

Greetings
to All,

I
need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and decided to
try syslog-ng to work under this environment. I?m not 100% sure(trying to learn about all these things) that it?s
working the way it?s supposed to. I followed an example detailed in this link: http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html

It?s my hope that someone with much more expertise than I share
some of their knowledge so that I can get this working. I have configured the
firewall to send to my syslog server v3.1.4. Does anyone have this working on
OpenBSD and can share their config files?

$ cd syslog-ng

syslog-ng.conf
syslog-ng.conf.original

$ more syslog-ng.conf

# syslog-ng configuration file for OpenBSD.

# This should provide the same behavior as OpenBSD's
syslog.conf(5).

# 2010-07-18 steven@openbsd.org

@version: 3.0

options {

use_dns(no);

create_dirs(no);

keep_hostname(yes);

};

source s_local {

unix-dgram
("/dev/log");

unix-dgram
("/var/empty/dev/log");

internal();

};

#source s_local_all {

# unix-dgram
("/dev/log");

# unix-dgram
("/var/empty/dev/log");

# unix-dgram
("/var/www/dev/log");

# internal();

#};

#source s_net {

#
udp(port(514));

#};

destination d_console
{ file("/dev/console");
};

destination d_messages
{ file("/var/log/messages" owner(root) group(wheel)
perm(0644)); };

destination d_authlog
{ file("/var/log/authlog" owner(root) group(wheel)
perm(0640)); };

destination d_secure
{ file("/var/log/secure" owner(root) group(wheel)
perm(0600)); };

destination d_cronlog
{ file("/var/cron/log" owner(root) group(wheel)
perm(0600)); };

destination d_daemon
{ file("/var/log/daemon" owner(root) group(wheel)
perm(0640)); };

destination d_xferlog
{ file("/var/log/xferlog" owner(root) group(wheel)
perm(0640)); };

destination d_lpderrs
{ file("/var/log/lpd-errs" owner(root) group(wheel)
perm(0640)); };

destination d_maillog
{ file("/var/log/maillog" owner(root) group(wheel)
perm(0600)); };

destination d_uucplog
{ file("/var/log/uucp" owner(uucp) group(dialer)
perm(0660)); };

destination d_sudolog
{ file("/var/log/sudo");
};

destination d_chatlog
{ file("/var/log/chat");
};

destination d_ttyall
{ usertty("*");
};

destination d_ttyroot
{ usertty("root");
};

destination d_loghost
{ udp("loghost" port(514));
};

destination d_network_hosts { file
("/var/log/bcm/$HOST.log"); };

filter f_notice {

level(notice
.. emerg)

and
not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));

};

filter f_kerndebug {

level(debug ..
emerg) and facility(kern);

};

filter f_msginfo {

level(info ..
emerg) and facility(syslog,user);

};

filter f_authinfo {

level(info ..
emerg) and facility(auth);

};

filter f_authprivdebug {

level(debug ..
emerg) and facility(authpriv);

};

filter f_croninfo {

level(info ..
emerg) and facility(cron);

};

filter f_daemoninfo {

level(info ..
emerg) and facility(daemon);

};

filter f_ftpinfo {

level(info ..
emerg) and facility(ftp);

};

filter f_lprdebug {

level(debug ..
emerg) and facility(lpr);

};

filter f_mailinfo {

level(info ..
emerg) and facility(mail);

};

filter f_uucpinfo {

level(info ..
emerg) and facility(uucp);

};

filter f_emerg {

level(emerg);

};

filter f_to_console {

not
(facility(authpriv)) and

((level(notice
.. emerg) and facility(auth))

or
(level(debug .. emerg) and facility(kern))

or (level(crit
.. emerg) and facility(mail))

or level(err
.. emerg));

};

filter f_to_root {

(level(debug
.. emerg) and facility(auth))

or (level(notice .. emerg));

};

filter f_to_loghost {

(level(notice
.. emerg) and

not
(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))

or (level(info
.. emerg) and facility(auth,daemon,syslog,user))

or
(level(debug .. emerg) and facility(authpriv,kern));

};

filter f_prog_sudo {

program("sudo");

};

filter f_prog_chat {

program("chat");

};

log { source(s_local); filter(f_notice); destination(d_messages);};

log { source(s_local); filter(f_kerndebug); destination(d_messages);};

log { source(s_local); filter(f_msginfo); destination(d_messages);};

log { source(s_local); filter(f_authinfo); destination(d_authlog); };

log { source(s_local); filter(f_authprivdebug);
destination(d_secure); };

log { source(s_local); filter(f_croninfo); destination(d_cronlog); };

log { source(s_local); filter(f_daemoninfo); destination(d_daemon); };

log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); };

log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); };

log { source(s_local); filter(f_mailinfo); destination(d_maillog); };

#log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); };

# Uncomment this line to send "important" messages
to the system

# console: be aware that this could create lots of output.

#log { source(s_local); filter(f_to_console); destination(d_console); };

# Uncomment this to have all messages of notice level and
higher

# as well as all authentication messages sent to root.

#log { source(s_local); filter(f_to_root); destination(d_ttyroot); };

# Everyone gets emergency messages.

log { source(s_local); filter(f_emerg); destination(d_ttyall); };

# Uncomment to log to a central host named
"loghost".

#log { source(s_local); filter(f_to_loghost); destination(d_loghost); };

# Uncomment to log messages from sudo(8) and chat(8) to
their own

# respective log files.
Matches are done based on the program name.

# Program-specific logs:

#log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); };

#log { source(s_local); filter(f_prog_chat); destination(d_chatlog); };

# Uncomment to log messages from the network.

# Note: it is recommended to specify a different destination
here.

#log { source(s_net); destination(d_messages); };

$ syslog-ng-ctl

Syntax: syslog-ng-ctl <command> [options]

Possible commands are:

stats Dump syslog-ng statistics

verbose Enable/query verbose messages

debug Enable/query debug messages

trace Enable/query trace messages

# syslog-ng-ctl stats

SourceName;SourceId;SourceInstance;State;Type;Number

center;;received;a;processed;0

destination;d_lpderrs;;a;processed;0

destination;d_messages;;a;processed;6

src.internal;s_local#2;;a;processed;5

src.internal;s_local#2;;a;stamp;1365446582

destination;d_daemon;;a;processed;0

destination;d_secure;;a;processed;0

center;;queued;a;processed;0

global;payload_reallocs;;a;processed;0

global;sdata_updates;;a;processed;0

destination;d_xferlog;;a;processed;0

destination;d_authlog;;a;processed;2

destination;d_cronlog;;a;processed;0

destination;d_maillog;;a;processed;0

global;msg_clones;;a;processed;0

source;s_local;;a;processed;7

destination;d_ttyall;;a;processed;0

# syslog-ng-ctl verbose --set=on

# syslog-ng-ctl stats

SourceName;SourceId;SourceInstance;State;Type;Number

center;;received;a;processed;0

destination;d_lpderrs;;a;processed;0

destination;d_messages;;a;processed;9

src.internal;s_local#2;;a;processed;8

src.internal;s_local#2;;a;stamp;1365446909

destination;d_daemon;;a;processed;0

destination;d_secure;;a;processed;0

center;;queued;a;processed;0

global;payload_reallocs;;a;processed;0

global;sdata_updates;;a;processed;0

destination;d_xferlog;;a;processed;0

destination;d_authlog;;a;processed;2

destination;d_cronlog;;a;processed;0

destination;d_maillog;;a;processed;0

global;msg_clones;;a;processed;0

source;s_local;;a;processed;10

destination;d_ttyall;;a;processed;0

#
Please let me know what more information you need to be able to help. Regards and Thank you,?Ramon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/2d5f9095/attachment.htm

------------------------------

_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng

End of syslog-ng Digest, Vol 96, Issue 6
****************************************

Yarick Tsagoyko

+1 443 255 2388

Advisory Notice: Email is covered by the Electronic Communications Privacy Act and is legally privileged, but inherently insecure. Content may be subject to alteration: email addresses may incorrectly identify the sender. This email transmission, and any documents, files, or previous email messages attached to it may be privileged and confidential, and are intended only for the use of the recipient(s) named in the address field. If the reader of this message is not an intended recipient, or the employee or agent responsible to deliver it to the recipient, you are hereby notified that any dissemination, distribution, or copying of this message or its contents is strictly prohibited. If you have received this message in error, please notify me by telephone or return email and delete it and any attachments from your computer.