Greetings to All, I need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and decided to try syslog-ng to work under this environment. I’m not 100% sure(trying to learn about all these things) that it’s working the way it’s supposed to. I followed an example detailed in this link: http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html It’s my hope that someone with much more expertise than I share some of their knowledge so that I can get this working. I have configured the firewall to send to my syslog server v3.1.4. Does anyone have this working on OpenBSD and can share their config files? $ cd syslog-ng syslog-ng.conf syslog-ng.conf.original $ more syslog-ng.conf # syslog-ng configuration file for OpenBSD. # This should provide the same behavior as OpenBSD's syslog.conf(5). # 2010-07-18 steven@openbsd.org @version: 3.0 options { use_dns(no); create_dirs(no); keep_hostname(yes); }; source s_local { unix-dgram ("/dev/log"); unix-dgram ("/var/empty/dev/log"); internal(); }; #source s_local_all { # unix-dgram ("/dev/log"); # unix-dgram ("/var/empty/dev/log"); # unix-dgram ("/var/www/dev/log"); # internal(); #}; #source s_net { # udp(port(514)); #}; destination d_console { file("/dev/console"); }; destination d_messages { file("/var/log/messages" owner(root) group(wheel) perm(0644)); }; destination d_authlog { file("/var/log/authlog" owner(root) group(wheel) perm(0640)); }; destination d_secure { file("/var/log/secure" owner(root) group(wheel) perm(0600)); }; destination d_cronlog { file("/var/cron/log" owner(root) group(wheel) perm(0600)); }; destination d_daemon { file("/var/log/daemon" owner(root) group(wheel) perm(0640)); }; destination d_xferlog { file("/var/log/xferlog" owner(root) group(wheel) perm(0640)); }; destination d_lpderrs { file("/var/log/lpd-errs" owner(root) group(wheel) perm(0640)); }; destination d_maillog { file("/var/log/maillog" owner(root) group(wheel) perm(0600)); }; destination d_uucplog { file("/var/log/uucp" owner(uucp) group(dialer) perm(0660)); }; destination d_sudolog { file("/var/log/sudo"); }; destination d_chatlog { file("/var/log/chat"); }; destination d_ttyall { usertty("*"); }; destination d_ttyroot { usertty("root"); }; destination d_loghost { udp("loghost" port(514)); }; destination d_network_hosts { file ("/var/log/bcm/$HOST.log"); }; filter f_notice { level(notice .. emerg) and not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)); }; filter f_kerndebug { level(debug .. emerg) and facility(kern); }; filter f_msginfo { level(info .. emerg) and facility(syslog,user); }; filter f_authinfo { level(info .. emerg) and facility(auth); }; filter f_authprivdebug { level(debug .. emerg) and facility(authpriv); }; filter f_croninfo { level(info .. emerg) and facility(cron); }; filter f_daemoninfo { level(info .. emerg) and facility(daemon); }; filter f_ftpinfo { level(info .. emerg) and facility(ftp); }; filter f_lprdebug { level(debug .. emerg) and facility(lpr); }; filter f_mailinfo { level(info .. emerg) and facility(mail); }; filter f_uucpinfo { level(info .. emerg) and facility(uucp); }; filter f_emerg { level(emerg); }; filter f_to_console { not (facility(authpriv)) and ((level(notice .. emerg) and facility(auth)) or (level(debug .. emerg) and facility(kern)) or (level(crit .. emerg) and facility(mail)) or level(err .. emerg)); }; filter f_to_root { (level(debug .. emerg) and facility(auth)) or (level(notice .. emerg)); }; filter f_to_loghost { (level(notice .. emerg) and not (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user))) or (level(info .. emerg) and facility(auth,daemon,syslog,user)) or (level(debug .. emerg) and facility(authpriv,kern)); }; filter f_prog_sudo { program("sudo"); }; filter f_prog_chat { program("chat"); }; log { source(s_local); filter(f_notice); destination(d_messages);}; log { source(s_local); filter(f_kerndebug); destination(d_messages);}; log { source(s_local); filter(f_msginfo); destination(d_messages);}; log { source(s_local); filter(f_authinfo); destination(d_authlog); }; log { source(s_local); filter(f_authprivdebug); destination(d_secure); }; log { source(s_local); filter(f_croninfo); destination(d_cronlog); }; log { source(s_local); filter(f_daemoninfo); destination(d_daemon); }; log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); }; log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); }; log { source(s_local); filter(f_mailinfo); destination(d_maillog); }; #log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); }; # Uncomment this line to send "important" messages to the system # console: be aware that this could create lots of output. #log { source(s_local); filter(f_to_console); destination(d_console); }; # Uncomment this to have all messages of notice level and higher # as well as all authentication messages sent to root. #log { source(s_local); filter(f_to_root); destination(d_ttyroot); }; # Everyone gets emergency messages. log { source(s_local); filter(f_emerg); destination(d_ttyall); }; # Uncomment to log to a central host named "loghost". #log { source(s_local); filter(f_to_loghost); destination(d_loghost); }; # Uncomment to log messages from sudo(8) and chat(8) to their own # respective log files. Matches are done based on the program name. # Program-specific logs: #log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); }; #log { source(s_local); filter(f_prog_chat); destination(d_chatlog); }; # Uncomment to log messages from the network. # Note: it is recommended to specify a different destination here. #log { source(s_net); destination(d_messages); }; $ syslog-ng-ctl Syntax: syslog-ng-ctl <command> [options] Possible commands are: stats Dump syslog-ng statistics verbose Enable/query verbose messages debug Enable/query debug messages trace Enable/query trace messages # syslog-ng-ctl stats SourceName;SourceId;SourceInstance;State;Type;Number center;;received;a;processed;0 destination;d_lpderrs;;a;processed;0 destination;d_messages;;a;processed;6 src.internal;s_local#2;;a;processed;5 src.internal;s_local#2;;a;stamp;1365446582 destination;d_daemon;;a;processed;0 destination;d_secure;;a;processed;0 center;;queued;a;processed;0 global;payload_reallocs;;a;processed;0 global;sdata_updates;;a;processed;0 destination;d_xferlog;;a;processed;0 destination;d_authlog;;a;processed;2 destination;d_cronlog;;a;processed;0 destination;d_maillog;;a;processed;0 global;msg_clones;;a;processed;0 source;s_local;;a;processed;7 destination;d_ttyall;;a;processed;0 # syslog-ng-ctl verbose --set=on # syslog-ng-ctl stats SourceName;SourceId;SourceInstance;State;Type;Number center;;received;a;processed;0 destination;d_lpderrs;;a;processed;0 destination;d_messages;;a;processed;9 src.internal;s_local#2;;a;processed;8 src.internal;s_local#2;;a;stamp;1365446909 destination;d_daemon;;a;processed;0 destination;d_secure;;a;processed;0 center;;queued;a;processed;0 global;payload_reallocs;;a;processed;0 global;sdata_updates;;a;processed;0 destination;d_xferlog;;a;processed;0 destination;d_authlog;;a;processed;2 destination;d_cronlog;;a;processed;0 destination;d_maillog;;a;processed;0 global;msg_clones;;a;processed;0 source;s_local;;a;processed;10 destination;d_ttyall;;a;processed;0 # Please let me know what more information you need to be able to help. Regards and Thank you,…Ramon