Hello I am trying to log named to syslog_ng and it is not set up by default on arch or artex. I set up named for logging, I think logging { category default { log_syslog; }; channel log_syslog { syslog; }; }; in the config file for syslog_ng I had added destination d_mail { file("/var/log/mail.log"); }; destination d_named { file("/var/log/named.log"); }; destination d_news { file("/var/log/news.log"); }; I am looking at filters and have no idea what to do filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { program(syslog-ng); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kernel { facility(kern) and not filter(f_iptables); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_ppp { facility(local2); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); }; filter f_everything { level(debug..emerg) and not facility(auth, authpriv); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; filter f_acpid { program("acpid"); }; I don't know if there is a built in facilty for named. The docs for the server and very detailed and rich, and overwhelming. Ruben -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Hi, There's no facility code for named, basically the list of facility codes have been frozen for 30 years, so really not up to the task. That syslog-ng.conf file could be simplified a lot, if you don't require so many log files, I'd recommend something simple like this: ``` @version: 3.17 source s_local { system(); }; log { source(s_local); destination { file("/var/log/syslog"); }; }; ``` And start adding your custom rules from here. The named process can be matched easily with this filter expression: ``` filter f_named { program("named"); }; ``` No need to use facility codes, the program name is enough. On Fri, Oct 5, 2018, 06:46 Ruben Safir <ruben@mrbrklyn.com> wrote:
Hello
I am trying to log named to syslog_ng and it is not set up by default on arch or artex.
I set up named for logging, I think
logging { category default { log_syslog; }; channel log_syslog { syslog; }; };
in the config file for syslog_ng I had added
destination d_mail { file("/var/log/mail.log"); }; destination d_named { file("/var/log/named.log"); }; destination d_news { file("/var/log/news.log"); };
I am looking at filters and have no idea what to do
filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { program(syslog-ng); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kernel { facility(kern) and not filter(f_iptables); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_ppp { facility(local2); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); }; filter f_everything { level(debug..emerg) and not facility(auth, authpriv); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; filter f_acpid { program("acpid"); };
I don't know if there is a built in facilty for named. The docs for the server and very detailed and rich, and overwhelming.
Ruben
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On 10/6/18 6:42 AM, Scheidler, Balázs wrote:
Hi,
There's no facility code for named, basically the list of facility codes have been frozen for 30 years, so really not up to the task.
That syslog-ng.conf file could be simplified a lot, if you don't require so many log files, I'd recommend something simple like this:
```
@version: 3.17
source s_local { system(); };
log { source(s_local); destination { file("/var/log/syslog"); }; };
```
And start adding your custom rules from here.
The named process can be matched easily with this filter expression:
``` filter f_named { program("named"); }; ```
Thanks! I did that ... pretty much. destination d_named { file("/var/log/named.log"); }; filter f_named { facility(daemon) and program("named"); }; log { source(src); filter(f_named); destination(d_named); }; I'm a little confused though why named slipped through the cracks of facilities.
No need to use facility codes, the program name is enough.
On Fri, Oct 5, 2018, 06:46 Ruben Safir <ruben@mrbrklyn.com> wrote:
Hello
I am trying to log named to syslog_ng and it is not set up by default on arch or artex.
I set up named for logging, I think
logging { category default { log_syslog; }; channel log_syslog { syslog; }; };
in the config file for syslog_ng I had added
destination d_mail { file("/var/log/mail.log"); }; destination d_named { file("/var/log/named.log"); }; destination d_news { file("/var/log/news.log"); };
I am looking at filters and have no idea what to do
filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { program(syslog-ng); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kernel { facility(kern) and not filter(f_iptables); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_ppp { facility(local2); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); }; filter f_everything { level(debug..emerg) and not facility(auth, authpriv); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); }; filter f_acpid { program("acpid"); };
I don't know if there is a built in facilty for named. The docs for the server and very detailed and rich, and overwhelming.
Ruben
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
participants (2)
-
Ruben Safir
-
Scheidler, Balázs