Greetings to All,

 

I need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and decided to try syslog-ng to work under this environment. I’m not 100% sure(trying to learn about all these things) that it’s working the way it’s supposed to. I followed an example detailed in this link: http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html

It’s my hope that someone with much more expertise than I share some of their knowledge so that I can get this working. I have configured the firewall to send to my syslog server v3.1.4. Does anyone have this working on OpenBSD and can share their config files?

 

$ cd syslog-ng

syslog-ng.conf             syslog-ng.conf.original

$ more syslog-ng.conf

# syslog-ng configuration file for OpenBSD.

# This should provide the same behavior as OpenBSD's syslog.conf(5).

# 2010-07-18 steven@openbsd.org

 

@version: 3.0

 

options {

        use_dns(no);

        create_dirs(no);

        keep_hostname(yes);

};

 

source s_local {

        unix-dgram ("/dev/log");

        unix-dgram ("/var/empty/dev/log");

        internal();

};

#source s_local_all {

#       unix-dgram ("/dev/log");

#       unix-dgram ("/var/empty/dev/log");

#       unix-dgram ("/var/www/dev/log");

#       internal();

#};

#source s_net {

#       udp(port(514));

#};

 

destination d_console   { file("/dev/console");         };

destination d_messages  { file("/var/log/messages" owner(root) group(wheel) perm(0644));        };

destination d_authlog   { file("/var/log/authlog" owner(root) group(wheel) perm(0640)); };

destination d_secure    { file("/var/log/secure" owner(root) group(wheel) perm(0600));  };

destination d_cronlog   { file("/var/cron/log" owner(root) group(wheel) perm(0600));    };

destination d_daemon    { file("/var/log/daemon" owner(root) group(wheel) perm(0640));  };

destination d_xferlog   { file("/var/log/xferlog" owner(root) group(wheel) perm(0640)); };

destination d_lpderrs   { file("/var/log/lpd-errs" owner(root) group(wheel) perm(0640));        };

destination d_maillog   { file("/var/log/maillog" owner(root) group(wheel) perm(0600)); };

destination d_uucplog   { file("/var/log/uucp" owner(uucp) group(dialer) perm(0660));   };

destination d_sudolog   { file("/var/log/sudo");        };

destination d_chatlog   { file("/var/log/chat");        };

destination d_ttyall    { usertty("*");                 };

destination d_ttyroot   { usertty("root");              };

destination d_loghost   { udp("loghost" port(514));     };

 

destination d_network_hosts { file ("/var/log/bcm/$HOST.log"); };

 

filter f_notice {

        level(notice .. emerg)

        and not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));

};

filter f_kerndebug {

        level(debug .. emerg) and facility(kern);

};

filter f_msginfo {

        level(info .. emerg) and facility(syslog,user);

};

filter f_authinfo {

        level(info .. emerg) and facility(auth);

};

filter f_authprivdebug {

        level(debug .. emerg) and facility(authpriv);

};

filter f_croninfo {

        level(info .. emerg) and facility(cron);

};

filter f_daemoninfo {

        level(info .. emerg) and facility(daemon);

};

filter f_ftpinfo {

        level(info .. emerg) and facility(ftp);

};

filter f_lprdebug {

        level(debug .. emerg) and facility(lpr);

};

filter f_mailinfo {

        level(info .. emerg) and facility(mail);

};

filter f_uucpinfo {

        level(info .. emerg) and facility(uucp);

};

filter f_emerg {

        level(emerg);

};

filter f_to_console {

        not (facility(authpriv)) and

        ((level(notice .. emerg) and facility(auth))

        or (level(debug .. emerg) and facility(kern))

        or (level(crit .. emerg) and facility(mail))

        or level(err .. emerg));

};

filter f_to_root {

        (level(debug .. emerg) and facility(auth))

        or (level(notice .. emerg));

};

filter f_to_loghost {

        (level(notice .. emerg) and

          not (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))

        or (level(info .. emerg) and facility(auth,daemon,syslog,user))

        or (level(debug .. emerg) and facility(authpriv,kern));

};

filter f_prog_sudo {

        program("sudo");

};

filter f_prog_chat {

        program("chat");

};

 

log { source(s_local); filter(f_notice);        destination(d_messages);};

log { source(s_local); filter(f_kerndebug);     destination(d_messages);};

log { source(s_local); filter(f_msginfo);       destination(d_messages);};

log { source(s_local); filter(f_authinfo);      destination(d_authlog); };

log { source(s_local); filter(f_authprivdebug); destination(d_secure);  };

log { source(s_local); filter(f_croninfo);      destination(d_cronlog); };

log { source(s_local); filter(f_daemoninfo);    destination(d_daemon);  };

log { source(s_local); filter(f_ftpinfo);       destination(d_xferlog); };

log { source(s_local); filter(f_lprdebug);      destination(d_lpderrs); };

log { source(s_local); filter(f_mailinfo);      destination(d_maillog); };

#log { source(s_local); filter(f_uucpinfo);     destination(d_uucplog); };

 

# Uncomment this line to send "important" messages to the system

# console: be aware that this could create lots of output.

#log { source(s_local); filter(f_to_console);   destination(d_console); };

 

# Uncomment this to have all messages of notice level and higher

# as well as all authentication messages sent to root.

#log { source(s_local); filter(f_to_root);      destination(d_ttyroot); };

 

# Everyone gets emergency messages.

log { source(s_local); filter(f_emerg);         destination(d_ttyall);  };

 

# Uncomment to log to a central host named "loghost".

#log { source(s_local); filter(f_to_loghost);   destination(d_loghost); };

 

# Uncomment to log messages from sudo(8) and chat(8) to their own

# respective log files.  Matches are done based on the program name.

# Program-specific logs:

#log { source(s_local); filter(f_prog_sudo);    destination(d_sudolog); };

#log { source(s_local); filter(f_prog_chat);    destination(d_chatlog); };

 

# Uncomment to log messages from the network.

# Note: it is recommended to specify a different destination here.

#log { source(s_net); destination(d_messages); };

$ syslog-ng-ctl

Syntax: syslog-ng-ctl <command> [options]

Possible commands are:

    stats        Dump syslog-ng statistics

    verbose      Enable/query verbose messages

    debug        Enable/query debug messages

    trace        Enable/query trace messages

 

# syslog-ng-ctl stats

SourceName;SourceId;SourceInstance;State;Type;Number

center;;received;a;processed;0

destination;d_lpderrs;;a;processed;0

destination;d_messages;;a;processed;6

src.internal;s_local#2;;a;processed;5

src.internal;s_local#2;;a;stamp;1365446582

destination;d_daemon;;a;processed;0

destination;d_secure;;a;processed;0

center;;queued;a;processed;0

global;payload_reallocs;;a;processed;0

global;sdata_updates;;a;processed;0

destination;d_xferlog;;a;processed;0

destination;d_authlog;;a;processed;2

destination;d_cronlog;;a;processed;0

destination;d_maillog;;a;processed;0

global;msg_clones;;a;processed;0

source;s_local;;a;processed;7

destination;d_ttyall;;a;processed;0

# syslog-ng-ctl verbose --set=on

# syslog-ng-ctl stats

SourceName;SourceId;SourceInstance;State;Type;Number

center;;received;a;processed;0

destination;d_lpderrs;;a;processed;0

destination;d_messages;;a;processed;9

src.internal;s_local#2;;a;processed;8

src.internal;s_local#2;;a;stamp;1365446909

destination;d_daemon;;a;processed;0

destination;d_secure;;a;processed;0

center;;queued;a;processed;0

global;payload_reallocs;;a;processed;0

global;sdata_updates;;a;processed;0

destination;d_xferlog;;a;processed;0

destination;d_authlog;;a;processed;2

destination;d_cronlog;;a;processed;0

destination;d_maillog;;a;processed;0

global;msg_clones;;a;processed;0

source;s_local;;a;processed;10

destination;d_ttyall;;a;processed;0

#

Please let me know what more information you need to be able to help.

 

Regards and Thank you,…Ramon