Re: [syslog-ng] syslog-ng Digest, Vol 96, Issue 6

9 Apr 2013


      Dear Ramon,  the config looks ok,  What is the issue you are having ?

--Yarick.


On Mon, Apr 8, 2013 at 3:25 PM, <syslog-ng-request@lists.balabit.hu> wrote:
...
Send syslog-ng mailing list submissions to
        syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.balabit.hu/mailman/listinfo/syslog-ng
or, via email, send a message with subject or body 'help' to
        syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at
        syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re:  Syslog-ng 3.1.4 on OpenBSD 5.2 (Ramon F McDougall)
----------------------------------------------------------------------
Message: 1
Date: Mon, 8 Apr 2013 15:25:25 -0400
From: Ramon F McDougall <cyberjet@live.com>
Subject: Re: [syslog-ng] Syslog-ng 3.1.4 on OpenBSD 5.2
To: "syslog-ng@lists.balabit.hu" <syslog-ng@lists.balabit.hu>
Message-ID: <BAY148-W654AE36D7E7FB13020FC85B7C50@phx.gbl>
Content-Type: text/plain; charset="windows-1252"
Greetings
to All,
I
need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and
decided to
try syslog-ng to work under this environment. I?m not 100% sure(trying to
learn about all these things) that it?s
working the way it?s supposed to. I followed an example detailed in this
link:
http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html
It?s my hope that someone with much more expertise than I share
some of their knowledge so that I can get this working. I have configured
the
firewall to send to my syslog server v3.1.4. Does anyone have this working
on
OpenBSD and can share their config files?
$ cd syslog-ng
syslog-ng.conf
syslog-ng.conf.original
$ more syslog-ng.conf
# syslog-ng configuration file for OpenBSD.
# This should provide the same behavior as OpenBSD's
syslog.conf(5).
# 2010-07-18 steven@openbsd.org
@version: 3.0
options {
use_dns(no);
create_dirs(no);
keep_hostname(yes);
};
source s_local {
unix-dgram
("/dev/log");
unix-dgram
("/var/empty/dev/log");
internal();
};
#source s_local_all {
#       unix-dgram
("/dev/log");
#       unix-dgram
("/var/empty/dev/log");
#       unix-dgram
("/var/www/dev/log");
#       internal();
#};
#source s_net {
#
udp(port(514));
#};
destination d_console
{ file("/dev/console");
};
destination d_messages
{ file("/var/log/messages" owner(root) group(wheel)
perm(0644));        };
destination d_authlog
{ file("/var/log/authlog" owner(root) group(wheel)
perm(0640)); };
destination d_secure
{ file("/var/log/secure" owner(root) group(wheel)
perm(0600));  };
destination d_cronlog
{ file("/var/cron/log" owner(root) group(wheel)
perm(0600));    };
destination d_daemon
{ file("/var/log/daemon" owner(root) group(wheel)
perm(0640));  };
destination d_xferlog
{ file("/var/log/xferlog" owner(root) group(wheel)
perm(0640)); };
destination d_lpderrs
{ file("/var/log/lpd-errs" owner(root) group(wheel)
perm(0640));        };
destination d_maillog
{ file("/var/log/maillog" owner(root) group(wheel)
perm(0600)); };
destination d_uucplog
{ file("/var/log/uucp" owner(uucp) group(dialer)
perm(0660));   };
destination d_sudolog
{ file("/var/log/sudo");
};
destination d_chatlog
{ file("/var/log/chat");
};
destination d_ttyall
{ usertty("*");
};
destination d_ttyroot
{ usertty("root");
};
destination d_loghost
{ udp("loghost" port(514));
};
destination d_network_hosts { file
("/var/log/bcm/$HOST.log"); };
filter f_notice {
level(notice
.. emerg)
and
not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));
};
filter f_kerndebug {
level(debug ..
emerg) and facility(kern);
};
filter f_msginfo {
level(info ..
emerg) and facility(syslog,user);
};
filter f_authinfo {
level(info ..
emerg) and facility(auth);
};
filter f_authprivdebug {
level(debug ..
emerg) and facility(authpriv);
};
filter f_croninfo {
level(info ..
emerg) and facility(cron);
};
filter f_daemoninfo {
level(info ..
emerg) and facility(daemon);
};
filter f_ftpinfo {
level(info ..
emerg) and facility(ftp);
};
filter f_lprdebug {
level(debug ..
emerg) and facility(lpr);
};
filter f_mailinfo {
level(info ..
emerg) and facility(mail);
};
filter f_uucpinfo {
level(info ..
emerg) and facility(uucp);
};
filter f_emerg {
level(emerg);
};
filter f_to_console {
not
(facility(authpriv)) and
((level(notice
.. emerg) and facility(auth))
or
(level(debug .. emerg) and facility(kern))
or (level(crit
.. emerg) and facility(mail))
or level(err
.. emerg));
};
filter f_to_root {
(level(debug
.. emerg) and facility(auth))
or (level(notice .. emerg));
};
filter f_to_loghost {
(level(notice
.. emerg) and
not
(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))
or (level(info
.. emerg) and facility(auth,daemon,syslog,user))
or
(level(debug .. emerg) and facility(authpriv,kern));
};
filter f_prog_sudo {
program("sudo");
};
filter f_prog_chat {
program("chat");
};
log { source(s_local); filter(f_notice);        destination(d_messages);};
log { source(s_local); filter(f_kerndebug);     destination(d_messages);};
log { source(s_local); filter(f_msginfo);       destination(d_messages);};
log { source(s_local); filter(f_authinfo);      destination(d_authlog); };
log { source(s_local); filter(f_authprivdebug);
destination(d_secure);  };
log { source(s_local); filter(f_croninfo);      destination(d_cronlog); };
log { source(s_local); filter(f_daemoninfo);    destination(d_daemon);  };
log { source(s_local); filter(f_ftpinfo);       destination(d_xferlog); };
log { source(s_local); filter(f_lprdebug);      destination(d_lpderrs); };
log { source(s_local); filter(f_mailinfo);      destination(d_maillog); };
#log { source(s_local); filter(f_uucpinfo);     destination(d_uucplog); };
# Uncomment this line to send "important" messages
to the system
# console: be aware that this could create lots of output.
#log { source(s_local); filter(f_to_console);   destination(d_console); };
# Uncomment this to have all messages of notice level and
higher
# as well as all authentication messages sent to root.
#log { source(s_local); filter(f_to_root);      destination(d_ttyroot); };
# Everyone gets emergency messages.
log { source(s_local); filter(f_emerg);         destination(d_ttyall);  };
# Uncomment to log to a central host named
"loghost".
#log { source(s_local); filter(f_to_loghost);   destination(d_loghost); };
# Uncomment to log messages from sudo(8) and chat(8) to
their own
# respective log files.
Matches are done based on the program name.
# Program-specific logs:
#log { source(s_local); filter(f_prog_sudo);    destination(d_sudolog); };
#log { source(s_local); filter(f_prog_chat);    destination(d_chatlog); };
# Uncomment to log messages from the network.
# Note: it is recommended to specify a different destination
here.
#log { source(s_net); destination(d_messages); };
$ syslog-ng-ctl
Syntax: syslog-ng-ctl <command> [options]
Possible commands are:
stats        Dump syslog-ng statistics
verbose      Enable/query verbose messages
debug        Enable/query debug messages
trace        Enable/query trace messages
# syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
center;;received;a;processed;0
destination;d_lpderrs;;a;processed;0
destination;d_messages;;a;processed;6
src.internal;s_local#2;;a;processed;5
src.internal;s_local#2;;a;stamp;1365446582
destination;d_daemon;;a;processed;0
destination;d_secure;;a;processed;0
center;;queued;a;processed;0
global;payload_reallocs;;a;processed;0
global;sdata_updates;;a;processed;0
destination;d_xferlog;;a;processed;0
destination;d_authlog;;a;processed;2
destination;d_cronlog;;a;processed;0
destination;d_maillog;;a;processed;0
global;msg_clones;;a;processed;0
source;s_local;;a;processed;7
destination;d_ttyall;;a;processed;0
# syslog-ng-ctl verbose --set=on
# syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
center;;received;a;processed;0
destination;d_lpderrs;;a;processed;0
destination;d_messages;;a;processed;9
src.internal;s_local#2;;a;processed;8
src.internal;s_local#2;;a;stamp;1365446909
destination;d_daemon;;a;processed;0
destination;d_secure;;a;processed;0
center;;queued;a;processed;0
global;payload_reallocs;;a;processed;0
global;sdata_updates;;a;processed;0
destination;d_xferlog;;a;processed;0
destination;d_authlog;;a;processed;2
destination;d_cronlog;;a;processed;0
destination;d_maillog;;a;processed;0
global;msg_clones;;a;processed;0
source;s_local;;a;processed;10
destination;d_ttyall;;a;processed;0
#
Please let me know what more information you need to be able to help.
Regards and Thank you,?Ramon

Yarick Tsagoyko

tags

participants (1)