2.0.7 contrib/rhel-packaging/syslog-ng.conf typos
Hi, The example syslog-ng.conf in contrib/rhel-packaging of 2.0.7 has some syntax errors and this patch fixes them. I also noticed that this syslog-ng.conf configures syslog-ng to take over logging of messages from remote machines, but not logging of local messages. I think this mix is odd; it should either take over from syslogd altogether or not at all. This patch resolves that mix by commenting out the remote config. The idea is that installing syslog-ng will not interfere with syslogd up front, but will give you hints on how to do it later if you want. Please consider part or all of this patch for upstream. Joe. _________________________________________________________________ Windows Vista + Windows Live. Open up your digital life. Get Windows Live free. http://get.live.com
Here's the patch in line. Seems to have caused problems as an attachment. --- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.init 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.init 2008-01-15 15:45:44.000000000 +0000 @@ -13,7 +13,7 @@ # Source function library. . /etc/init.d/functions -binary="/sbin/syslog-ng" +binary="/usr/sbin/syslog-ng" [ -x $binary ] || exit 0 --- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.conf 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.conf 2008-01-15 15:59:28.000000000 +0000 @@ -1,5 +1,5 @@ # -# configuration file for syslog-ng, customized for remote logging +# configuration file for syslog-ng # source s_internal { internal(); }; @@ -7,21 +7,24 @@ log { source(s_internal); destination(d_syslognglog); }; -# Local sources, filters and destinations are commented out -# If you want to replace sysklogd simply uncomment the following -# parts and disable sysklogd +# Local sources, filters and destinations are commented out. +# +# If you want to replace syslogd and klogd simply uncomment +# the following parts. You will also need to modify +# /etc/logrotate.d/syslog and /etc/logrotate.d/syslog-ng +# appropriately. # # Local sources # #source s_local { # unix-dgram("/dev/log"); -# file("/proc/kmsg" log_prefix "kernel:"); +# file("/proc/kmsg" log_prefix("kernel:")); #}; # # Local filters # #filter f_messages { level(info..emerg); }; #filter f_secure { facility(authpriv); }; -#filter f_mail { facility(mail); }; +#filter f_maillog { facility(mail); }; #filter f_cron { facility(cron); }; #filter f_emerg { level(emerg); }; #filter f_spooler { level(crit..emerg) and facility(uucp, news); }; @@ -47,15 +50,16 @@ #log { source(s_local); filter(f_local7); destination(d_bootlog); }; #log { source(s_local); filter(f_messages); destination(d_messages); }; - -# Remote logging -source s_remote { - tcp(ip(0.0.0.0) port(514)); - udp(ip(0.0.0.0) port(514)); -}; - -destination d_separatedbyhosts { - file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); -}; - -log { source(s_remote); destination(d_separatedbyhosts); }; +# Remote logging. Uncomment these lines if you want this node to +# log messages that are being sent to it from other nodes. +# +#source s_remote { +# tcp(ip(0.0.0.0) port(514)); +# udp(ip(0.0.0.0) port(514)); +#}; +# +#destination d_separatedbyhosts { +# file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); +#}; +# +#log { source(s_remote); destination(d_separatedbyhosts); }; ________________________________ From: joe_fegan@hotmail.com To: syslog-ng@lists.balabit.hu Date: Wed, 16 Jan 2008 16:32:49 +0000 Subject: [syslog-ng] 2.0.7 contrib/rhel-packaging/syslog-ng.conf typos Hi, The example syslog-ng.conf in contrib/rhel-packaging of 2.0.7 has some syntax errors and this patch fixes them. I also noticed that this syslog-ng.conf configures syslog-ng to take over logging of messages from remote machines, but not logging of local messages. I think this mix is odd; it should either take over from syslogd altogether or not at all. This patch resolves that mix by commenting out the remote config. The idea is that installing syslog-ng will not interfere with syslogd up front, but will give you hints on how to do it later if you want. Please consider part or all of this patch for upstream. Joe. ________________________________ Join the all-new Windows Live Messenger family Click here! _________________________________________________________________ Get 30 Free Emoticons for your Windows Live Messenger http://www.livemessenger-emoticons.com/en-ie
Hello: I have an appliance that I've configured to send logs to syslog, but it is sending to a file named 2008.log instead of $FULLHOST.log None of the other logs that I am getting contain the year, but for some reason, this one is. Below is a sample of the log itself. Jan 16 15:31:06 2008 [192.168.100.1] Is it possible to ignore the YEAR and make output go to $FULLHOST.log ? Thank you, .vp
Hi, IIRC I made the initial packaging, so I have the credit for the bugs :) This packaging data wasn't made to be a replacement for syslogd. In its current form it could be used in conjunction with syslogd. Up to RHEL4 there is a direct dependency on sysklogd in the RPM database (vixie-cron, initscripts). AFAIK this has been changed in RHEL5 so the syslog-ng RPM could be used as a syslogd replacement. Other comments inlined.
Here's the patch in line. Seems to have caused problems as an attachment.
--- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.init 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.init 2008-01-15 15:45:44.000000000 +0000 @@ -13,7 +13,7 @@ # Source function library. . /etc/init.d/functions
-binary="/sbin/syslog-ng" +binary="/usr/sbin/syslog-ng"
I disagree. The spec uses prefix=/, and these have to be in sync.
[ -x $binary ] || exit 0
--- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.conf 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.conf 2008-01-15 15:59:28.000000000 +0000 @@ -1,5 +1,5 @@ # -# configuration file for syslog-ng, customized for remote logging +# configuration file for syslog-ng #
source s_internal { internal(); }; @@ -7,21 +7,24 @@ log { source(s_internal); destination(d_syslognglog); };
-# Local sources, filters and destinations are commented out -# If you want to replace sysklogd simply uncomment the following -# parts and disable sysklogd +# Local sources, filters and destinations are commented out. +# +# If you want to replace syslogd and klogd simply uncomment +# the following parts. You will also need to modify +# /etc/logrotate.d/syslog and /etc/logrotate.d/syslog-ng +# appropriately. # # Local sources # #source s_local { # unix-dgram("/dev/log"); -# file("/proc/kmsg" log_prefix "kernel:"); +# file("/proc/kmsg" log_prefix("kernel:"));
OK, good catch.
#}; # # Local filters # #filter f_messages { level(info..emerg); }; #filter f_secure { facility(authpriv); }; -#filter f_mail { facility(mail); }; +#filter f_maillog { facility(mail); };
This should remain f_mail, the problem should be fixed later when it is referenced as f_maillog instead of f_mail. The remaining part of the patch is about commenting out network sources. As I've stated above the packaging/ configuration was created for its purpose. It is up to the current packager whether he will accept this part of your patch or not. Regards, Sandor Geller -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Hi Sandor,
Up to RHEL4 there is a direct dependency on sysklogd in the RPM database (vixie-cron, initscripts). AFAIK this has been changed in RHEL5 so the syslog-ng RPM could be used as a syslogd replacement.
On RHEL4 if I have the standard sysklogd RPM installed, but have done "chkconfig syslog off" to prevent it from running, is that sufficient to meet this requirement? I don't really want to run both syslogd and syslog-ng at the same time - I'd rather have syslog-ng handle all logging - but I could live with standard syslogd being installed but inactive.
The remaining part of the patch is about commenting out network sources. As I've stated above the packaging/ configuration was created for its purpose.
I think you're saying that your aim in creating this conf file was that installing syslog-ng would not interfere with the operation of the standard syslogd by default. I definitely agree with that aim and in fact that's why I was proposing to comment out the remote configuration; it seemed to me that if you configure syslog-ng to process remote messages by default there is a potential for conflict with the standard syslogd, if it happens to be running with the "-r" switch. Joe.
Date: Thu, 17 Jan 2008 09:35:06 +0000 From: Sandor.Geller@morganstanley.com To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] 2.0.7 contrib/rhel-packaging/syslog-ng.conf typos
Hi,
IIRC I made the initial packaging, so I have the credit for the bugs :)
This packaging data wasn't made to be a replacement for syslogd. In its current form it could be used in conjunction with syslogd. Up to RHEL4 there is a direct dependency on sysklogd in the RPM database (vixie-cron, initscripts). AFAIK this has been changed in RHEL5 so the syslog-ng RPM could be used as a syslogd replacement.
Other comments inlined.
Here's the patch in line. Seems to have caused problems as an attachment.
--- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.init 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.init 2008-01-15 15:45:44.000000000 +0000 @@ -13,7 +13,7 @@ # Source function library. . /etc/init.d/functions
-binary="/sbin/syslog-ng" +binary="/usr/sbin/syslog-ng"
I disagree. The spec uses prefix=/, and these have to be in sync.
[ -x $binary ] || exit 0
--- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.conf 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.conf 2008-01-15 15:59:28.000000000 +0000 @@ -1,5 +1,5 @@ # -# configuration file for syslog-ng, customized for remote logging +# configuration file for syslog-ng #
source s_internal { internal(); }; @@ -7,21 +7,24 @@ log { source(s_internal); destination(d_syslognglog); };
-# Local sources, filters and destinations are commented out -# If you want to replace sysklogd simply uncomment the following -# parts and disable sysklogd +# Local sources, filters and destinations are commented out. +# +# If you want to replace syslogd and klogd simply uncomment +# the following parts. You will also need to modify +# /etc/logrotate.d/syslog and /etc/logrotate.d/syslog-ng +# appropriately. # # Local sources # #source s_local { # unix-dgram("/dev/log"); -# file("/proc/kmsg" log_prefix "kernel:"); +# file("/proc/kmsg" log_prefix("kernel:"));
OK, good catch.
#}; # # Local filters # #filter f_messages { level(info..emerg); }; #filter f_secure { facility(authpriv); }; -#filter f_mail { facility(mail); }; +#filter f_maillog { facility(mail); };
This should remain f_mail, the problem should be fixed later when it is referenced as f_maillog instead of f_mail.
The remaining part of the patch is about commenting out network sources. As I've stated above the packaging/ configuration was created for its purpose. It is up to the current packager whether he will accept this part of your patch or not.
Regards,
Sandor Geller --------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_________________________________________________________________ Windows Vista + Windows Live. Open up your digital life. Get Windows Live free. http://get.live.com
On Thu, 2008-01-17 at 11:09 +0000, Joe Fegan wrote:
Hi Sandor,
Up to RHEL4 there is a direct dependency on sysklogd in the RPM database (vixie-cron, initscripts). AFAIK this has been changed in RHEL5 so the syslog-ng RPM could be used as a syslogd replacement.
On RHEL4 if I have the standard sysklogd RPM installed, but have done "chkconfig syslog off" to prevent it from running, is that sufficient to meet this requirement? I don't really want to run both syslogd and syslog-ng at the same time - I'd rather have syslog-ng handle all logging - but I could live with standard syslogd being installed but inactive.
The remaining part of the patch is about commenting out network sources. As I've stated above the packaging/ configuration was created for its purpose.
I think you're saying that your aim in creating this conf file was that installing syslog-ng would not interfere with the operation of the standard syslogd by default. I definitely agree with that aim and in fact that's why I was proposing to comment out the remote configuration; it seemed to me that if you configure syslog-ng to process remote messages by default there is a potential for conflict with the standard syslogd, if it happens to be running with the "-r" switch.
First of all, thanks for your contributions. I've committed parts of your patches that did not change the original intents (e.g. I did not commit the parts that committed out the network sources). We are planning to make the various packages easier to install for all of the supported platforms, then we will introduce some incompatible changes. -- Bazsi
participants (4)
-
Balazs Scheidler
-
Geller, Sandor (IT)
-
Joe Fegan
-
wiskbroom@hotmail.com