Re: syslog-ng on OSX 10.3.4
Richard, I haven't gotten syslog-ng installed on OS X 10.3.4 yet, but can share with you some resources I have for information. You might try reading <http://sial.org/howto/logging/> <http://www.campin.net/newlogcheck.html> I'd be happy to share my conf file with you once I get syslog-ng running, but I am one step behind you. I am trying to install syslog-ng 1.6.4 on OS X 10.3.4 and can't. Did you run into any problems installing syslog-ng? Thanks, Ken On Jul 14, 2004, at 3:53 AM, syslog-ng-request@lists.balabit.hu wrote:
Message: 4 Date: Fri, 09 Jul 2004 12:26:26 -0700 From: OpenMacNews <syslog-ng.20.openmacnews@spamgourmet.com> To: syslog-ng <syslog-ng@lists.balabit.hu> Subject: [syslog-ng]syslog-ng on OSX 10.3.4 Reply-To: syslog-ng@lists.balabit.hu
hi all,
i'm new to syslog-ng.
i've installed 1.7x on OSX 10.3.4; now, starting to deal with the config file.
i dl'd and searched thru the list archives for pointers, etc. and found the last relevant, post by Kim Cary, but nothing further.
i contacted Kim -- not yet finished/successful.
soooooo, to ask: has anyone here got syslog-ng up/running on OSX, and would you be willing to share your conf file?
thx!
richard
hi ken, -- On Friday, July 16, 2004 4:02 PM -0400 Ken Toney <ktoney@tiff.org> wrote:
I haven't gotten syslog-ng installed on OS X 10.3.4 yet, but can share with you some resources I have for information. You might try reading
I'd be happy to share my conf file with you once I get syslog-ng running, but I am one step behind you. I am trying to install syslog-ng 1.6.4 on OS X 10.3.4 and can't. Did you run into any problems installing syslog-ng? I'd be happy to share my conf file with you once I get syslog-ng running, but I am one step behind you. I am trying to install syslog-ng 1.6.4 on OS X 10.3.4 and can't. Did you run into any problems installing syslog-ng?
i've got it all working now for local & remote logging ... here are my build notes ... not pretty, but hey ;-) hope this is helpful! richard ======================================== 1st, my env particulars ... % /usr/local/ssl/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004 % uname -v Darwin Kernel Version 7.4.0: Wed May 12 16:58:24 PDT 2004; root:xnu/xnu-517.7.7.obj~7/RELEASE_PPC % glibtool --version ltmain.sh (GNU libtool) 1.5.6 (1.1220.2.94 2004/04/10 16:27:27) % automake --version automake (GNU automake) 1.8.5 % autoconf --version autoconf (GNU Autoconf) 2.59 , and, BIND 9.2.3 in /usr/local/bind9 ################################################################## libol wget http://www.balabit.com/downloads/libol/0.3/libol-0.3.13.tar.gz gnutar zxf libol-0.3.13.tar.gz unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS cd /usr/ports/libol-0.3.13 glibtoolize --force --copy ;\ aclocal ;\ autoconf ./configure \ --prefix=/usr/local make make install ################################################################## syslog-ng wget http://www.balabit.com/downloads/syslog-ng/1.6/src-snapshot/syslog-ng-1.6.4+... gnutar zxvf syslog-ng-1.6.4+20040714.tar.gz mv syslog-ng-1.6.4+20040714 syslog-ng cd /usr/ports/syslog-ng unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS ;\ setenv LDFLAGS "-bind_at_load -L/usr/local/bind9/lib -llwres -lbind" ;\ setenv CPPFLAGS "-I/usr/local/bind9/include" ./configure \ --prefix=/usr/local \ --enable-debug \ --enable-tcp-wrapper make make install now, set up the Mac startup items; i kill syslogd, then replace with syslog-ng. note: this *could* be done, instead, by mod-ing /etc/rc, where syslog is originally launched, but i haven't yet convinced myself the boot/startup process does NOT need original syslogd (pending question) ... ################################################################## mkdir -p /Library/StartupItems/SyslogNG ================================================== (EDITOR) /Library/StartupItems/SyslogNG/SyslogNG #!/bin/sh ## # SyslogNG StartupItem # # rather than . /etc/rc.common # [ -f /etc/hostconfig ] && . /etc/hostconfig RunService () { case $1 in start ) StartService ;; stop ) StopService ;; restart) RestartService ;; * ) echo "$0: unknown argument: $1";; esac } ## # SyslogNG StartupItem Handlers ## StartService () { if [ "${SYSLOGNG:=-NO-}" = "-YES-" ]; then ConsoleMessage "Stopping SYSLOGD server" sleep 2 killall syslogd ConsoleMessage "Starting SYSLOG-NG Logging Server" /usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -p /var/run/syslog-ng.pid fi } StopService () { if [ -f "/var/run/syslog-ng.pid" ] ; then ConsoleMessage "Stopping SYSLOG-NG server" sleep 2 kill -9 `cat /var/run/syslog-ng.pid` fi } RestartService () { StopService StartService } RunService "$1" ================================================================= ================================================== (EDITOR) /Library/StartupItems/SyslogNG/StartupParameters.plist { Description = "SyslogNG"; Provides = ("SyslogNG"); Requires = ("Resolver","Network Time","Disks"); Uses = ("Network"); OrderPreference = "None"; Messages = { start = "Starting SyslogNG"; stop = "Stopping SyslogNG"; }; } ================================================== chown -R root:wheel /Library/StartupItems/SyslogNG ;\ chmod 755 /Library/StartupItems/SyslogNG ;\ chmod 755 /Library/StartupItems/SyslogNG/SyslogNG ;\ chmod 644 /Library/StartupItems/SyslogNG/StartupParameters.plist don't forget ... ================================================== (EDITOR) /etc/hostconfig +++ SYSLOGNG-YES- ================================================== here's a working conf file: ================================================== (EDITOR)/etc/syslog-ng/syslog-ng.conf ############################################################### ## "/etc/syslog-ng/syslog-ng.conf" -- config file for syslog-ng ############################################################### # FACILITY & LEVEL mappings from /usr/include/sys/syslog.h # FACILITIES: # auth : security/authorization messages # authpriv : security/authorization messages (private) # cron : clock daemon # daemon : system daemons # ftp : ftp daemon # kern : kernel messages # lpr : line printer subsystem # mail : mail system # netinfo : netinfo # news : network news subsystem # remoteauth : remote authentication/authorization # syslog : messages generated internally by syslogd # user : random user-level messages # uucp : uucp subsystem # /* reserved for local use */ # local0, local1, local2, local3, local4, local5, local6, local7 # LEVELS: (highest to lowest priority ...) # .emerg : A panic condition. This is normally broadcast to all users. # .alert : A condition that should be corrected immediately, such as a corrupted system database. # .crit : Critical conditions, e.g., hard device errors. # .err : Errors. # .warning : Warning messages. # .notice : Conditions that are not error conditions, but should possibly be handled specially. # .info : Informational messages. # .debug : Messages that contain information normally of use only when debugging a program. ####################### ## Global Options # options { use_fqdn(no); use_dns(yes); # dns_cache(yes); keep_hostname(yes); long_hostnames(off); sync(1); log_fifo_size(1024); }; ####################### ## Source Configs # source src_local { unix-dgram("/var/run/syslog" group("daemon") owner("root")); internal(); pipe("/dev/klog" log_prefix("kernel: ")); udp(ip("127.0.0.1") port(514)); }; source src_linksys { unix-dgram("/var/run/syslog" group("daemon") owner("root")); internal(); udp(ip("10.0.0.6") port(514)); }; ####################### ## Log Destinations # ## by service destination console { usertty("root"); }; destination install { file("/var/log/syslog-ng/install.log" group("admin") owner("root") perm(0640) ); }; destination system { file("/var/log/syslog-ng/system.log" group("admin") owner("root") perm(0640) ); }; destination secure { file("/var/log/syslog-ng/secure.log" group("admin") owner("root") perm(0640) ); }; destination netinfo { file("/var/log/syslog-ng/netinfo.log" group("admin") owner("root") perm(0640) ); }; destination kernel { file("/var/log/syslog-ng/kernel.log" group("admin") owner("root") perm(0640) ); }; destination mail { file("/var/log/syslog-ng/mail.log" group("admin") owner("root") perm(0640) ); }; destination ftp { file("/var/log/syslog-ng/ftp.log" group("admin") owner("root") perm(0640)); }; destination lpr { file("/var/log/syslog-ng/lpr.log" group("admin") owner("root") perm(0640)); }; destination cron { file("/var/log/syslog-ng/cron.log" group("admin") owner("root") perm(0640) ); }; destination linksys { file("/var/log/syslog-ng/linksys.log" group("admin") owner("root") perm(0640) ); }; ####################### ## Facility Filters # filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; #filter f_netinfo { facility(netinfo); }; filter f_news { facility(news); }; #filter f_remoteauth { facility(remoteauth); }; filter f_syslog { not facility(authpriv, mail); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; ####################### ## Level Filters # filter f_emerg { level(emerg); }; filter f_alert { level(alert); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_warning { level(warning); }; filter f_notice { level(notice); }; filter f_info { level(info); }; filter f_debug { level(debug); }; ####################### ## Log Policies # #filter f_debug { not facility(auth, authpriv, news, mail); }; #filter f_messages { level(info..warn) # and not facility(auth, authpriv, mail, news); }; ## local # log { source(src_local); filter(f_authpriv); destination(secure); }; log { source(src_local); filter(f_syslog); destination(system); }; log { source(src_local); filter(f_cron); destination(cron); }; log { source(src_local); filter(f_daemon); destination(kernel); }; log { source(src_local); filter(f_kern); destination(kernel); }; log { source(src_local); filter(f_lpr); destination(lpr); }; log { source(src_local); filter(f_mail); destination(mail); }; log { source(src_local); filter(f_emerg); destination(console); }; #log { source(src_local); destination(console_all); }; ## linksys # log { source(src_linksys); filter(f_user); destination(linksys); }; ===================================================================== ############################################################# i then use 'logrotate' to manage/rotate all the logs as desired ... just fyi, some additional reading i haven't gotten to: sending apache logs to syslog-ng https://lists.balabit.hu/pipermail/syslog-ng/2001-February/001208.html advanced log processing http://www.securityfocus.com/infocus/1613 getting syslog-ng into postgresql https://lists.balabit.hu/pipermail/syslog-ng/2002-April/003249.html http://www.kdough.net/docs/syslog_postgresql/ Linksys Log Analysis tool? http://forums.macosxhints.com/archive/index.php/t-9090
Richard, Thanks for the info. I couldn't work on this project for a little while, but am now working through your setup instructions. I was stopped when I tried compiling syslog-ng though. On Jul 16, 2004, at 4:28 PM, OpenMacNews wrote:
hi ken,
-- On Friday, July 16, 2004 4:02 PM -0400 Ken Toney <ktoney@tiff.org> wrote:
I haven't gotten syslog-ng installed on OS X 10.3.4 yet, but can share with you some resources I have for information. You might try reading
I'd be happy to share my conf file with you once I get syslog-ng running, but I am one step behind you. I am trying to install syslog-ng 1.6.4 on OS X 10.3.4 and can't. Did you run into any problems installing syslog-ng? I'd be happy to share my conf file with you once I get syslog-ng running, but I am one step behind you. I am trying to install syslog-ng 1.6.4 on OS X 10.3.4 and can't. Did you run into any problems installing syslog-ng?
i've got it all working now for local & remote logging ...
here are my build notes ... not pretty, but hey ;-)
hope this is helpful!
richard
========================================
1st, my env particulars ...
% /usr/local/ssl/bin/openssl version OpenSSL 0.9.7d 17 Mar 2004 % uname -v Darwin Kernel Version 7.4.0: Wed May 12 16:58:24 PDT 2004; root:xnu/xnu-517.7.7.obj~7/RELEASE_PPC % glibtool --version ltmain.sh (GNU libtool) 1.5.6 (1.1220.2.94 2004/04/10 16:27:27) % automake --version automake (GNU automake) 1.8.5 % autoconf --version autoconf (GNU Autoconf) 2.59 , and, BIND 9.2.3 in /usr/local/bind9
My env particulars match, except for BIND. I hadn't planned on having BIND installed on this system. I don't see where it is needed for receiving the logs. Is it needed?
################################################################## libol wget http://www.balabit.com/downloads/libol/0.3/libol-0.3.13.tar.gz
gnutar zxf libol-0.3.13.tar.gz
unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS
cd /usr/ports/libol-0.3.13
glibtoolize --force --copy ;\ aclocal ;\ autoconf
./configure \ --prefix=/usr/local
make
make install
Got libol installed. Could you offer some explanation for the unsetenv line? I am using bash, but I changed my shell to tcsh so I could set the environmental variables in the same manner. Just curious what this is doing?
################################################################## syslog-ng wget http://www.balabit.com/downloads/syslog-ng/1.6/src-snapshot/syslog-ng -1.6.4+20040714.tar.gz
gnutar zxvf syslog-ng-1.6.4+20040714.tar.gz mv syslog-ng-1.6.4+20040714 syslog-ng cd /usr/ports/syslog-ng
unsetenv CFLAGS CPPFLAGS CXX CXXFLAGS LDFLAGS LDDLFLAGS LD_PREBIND EXTRA_LDFLAGS EXTRA_LIBS LC_ALL LANG LINGUAS ;\ setenv LDFLAGS "-bind_at_load -L/usr/local/bind9/lib -llwres -lbind" ;\ setenv CPPFLAGS "-I/usr/local/bind9/include"
./configure \ --prefix=/usr/local \ --enable-debug \ --enable-tcp-wrapper
make make install
Started running into problems installing syslog-ng. I used the line "unsetenv..." but not the following two lines for "setenv..." because they dealt with BIND. Some of my problems may be solved by my previous questions, so I'll wait to go into detail until we rule out those differences. Thanks for your help. Ken
My env particulars match, except for BIND. I hadn't planned on having BIND installed on this system. I don't see where it is needed for receiving the logs. Is it needed?
there are name/address resolution calls in the code ... it was needed for my setup. i did not note where, but the inclusion of the libs is there as a responses/resolution to a problem i must've had. whether you can link against other/existing libs for yours, you'll have to try ...
Got libol installed. Could you offer some explanation for the unsetenv line? I am using bash, but I changed my shell to tcsh so I could set the environmental variables in the same manner. Just curious what this is doing?
simply clears my ENV vars from any sets/presets left over from prior build, configs, etc.
Started running into problems installing syslog-ng. I used the line "unsetenv..." but not the following two lines for "setenv..." because they dealt with BIND. Some of my problems may be solved by my previous questions, so I'll wait to go into detail until we rule out those differences.
what errors are you seeing? richard
participants (2)
-
Ken Toney
-
OpenMacNews