[syslog-ng] ipfw logging

maillist maillist@krel.org
Tue, 30 May 2000 17:20:34 -0400


hi, ive been trying for two days to log ipfw messages to separate file and with no success. as soon as i turn on old syslogd with 
!ipfw
*.*  /var/log/ipfw
it works
but syslog-ng with:
source src { unix-dgram("/var/run/log"); udp(); internal(); }
destination ipfw { file("/var/log/ipfw.log"); };
filter f_ipfw { program("ipfw"); };
log { source(src); filter("f_ipfw"); destination("ipfw"); };
just doesnt catch anything, all the messages from ipfw appear on console, but not in any file, even not in all.log!

here is my full config:
# options
options { long_hostnames(off); sync(0); };

# sources
source src { unix-dgram("/var/run/log"); udp(); internal(); };
source src2 { unix-dgram("/var/run/log2"); udp(ip(xxx.xxx.xxx.xxx) port(514)); };

# destinations
destination messages { file("/var/log/messages"); };
destination security { file("/var/log/security"); };
destination maillog { file("/var/log/maillog"); };
destination lpd-errs { file("/var/log/lpd-errs"); };
destination cron { file("/var/log/cron"); };
destination all { file("/var/log/all.log"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination console { file("/dev/console"); };
destination root { usertty("root"); };
destination allusers { usertty("*"); };
destination rogue { file("/var/log/rogue"); };
destination cobalt { file("/var/log/cobalt"); };
destination cisco { file("/var/log/cisco"); };
destination voyager { file("/var/log/voyager"); };
destination lists { file("/var/log/lists"); };
destination lists_m { file("/var/log/lists.sendmail"); };
destination apollo { file("/var/log/apollo"); };
destination samson { file("/var/log/samson"); };
destination samson_d { file("/var/log/samson.bind"); };
destination bugsy { file("/var/log/bugsy"); };
#destination loghost { udp("loghost" port(514)); };
destination goblin { file("/var/log/goblin"); };
destination allsec { file("/var/log/allsec"); };
destination samson.named { file("/var/log/named"); };
destination ipfw { file("/var/log/ipfw.log"); };

# log facility filters
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };

# log host filters
filter h_rogue { host("rogue"); };
filter h_cobalt { host("www"); };
filter h_cisco { host("cisco"); };
filter h_voyager { host("voyager"); };
filter h_lists { host("lists"); };
filter h_apollo { host("apollo"); };
filter h_samson { host("samson"); };
filter h_bugsy { host("bugsy"); };
filter h_goblin { host("goblin"); };

# log level filters
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };

# program filters
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
filter f_send { program("sendmail"); };
filter nf_send { not program("sendmail"); };
filter f_bind { program("named"); };
filter nf_bind { not program("named"); };
filter f_ipfw { program("ipfw"); };
#filter nf_ipfw { not program("ipfw"); };



log { source(src2); filter("f_ipfw"); destination("ipfw"); };

# *.err;kern.debug;auth.notice;mail.crit                /dev/console
log { source(src); filter(f_err); destination(console); };
log { source(src); filter(f_kern); filter(f_debug); destination(console); };
log { source(src); filter(f_auth); filter(f_notice); destination(console); };
log { source(src); filter(f_mail); filter(f_crit); destination(console); };

# *.notice;kern.debug;lpr.info;mail.crit;news.err       /var/log/messages
log { source(src); filter(f_notice); destination(messages); };
log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
log { source(src); filter(f_news); filter(f_err); destination(messages); };

# security.*                                            /var/log/security
log { source(src); filter(f_security); destination(security); };

# mail.info                                             /var/log/maillog
log { source(src); filter(f_mail); filter(f_info); destination(maillog); };

# lpr.info                                              /var/log/lpd-errs
log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };

# cron.*                                                /var/log/cron
log { source(src); filter(f_cron); destination(cron); };

# *.err                                                 root
log { source(src); filter(f_err); destination(root); };

# *.notice;news.err                                     root
log { source(src); filter(f_notice); destination(root); };
log { source(src); filter(f_news); filter(f_err); destination(root); };

# *.alert                                               root
log { source(src); filter(f_alert); destination(root); };

# *.emerg                                               *
log { source(src); filter(f_emerg); destination(allusers); };

# uncomment this to enable logging of all log messages to /var/log/all.log
# *.*                                                   /var/log/all.log
log { source(src); destination(all); };

# uncomment this to enable logging to a remote loghost named loghost
# *.*                                                   @loghost
#log { source(src); destination(loghost); };

# news.err                                              /var/log/news/news.err
# news.notice                                           /var/log/news/news.notice
#
#log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
#log { source(src); filter(f_news); filter(f_err); destination(newserr); };
#log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };


log { source("src2"); filter("h_rogue"); destination("rogue"); };
log { source("src2"); filter("h_cobalt"); destination("cobalt"); };
log { source("src2"); filter("h_cisco"); destination("cisco"); };
log { source("src2"); filter("h_voyager"); destination("voyager"); };
log { source("src2"); filter("h_lists"); filter("f_send"); destination("lists_m"); };
log { source("src2"); filter("h_lists"); filter("nf_send"); destination("lists"); };
log { source("src2"); filter("h_apollo"); destination("apollo"); };
log { source("src2"); filter("h_samson"); filter("f_bind"); destination("samson_d"); };
log { source("src2"); filter("h_samson"); filter("nf_bind"); destination("samson"); };
log { source("src2"); filter("h_bugsy"); destination("bugsy"); };
log { source("src2"); filter("h_goblin"); destination("goblin"); };
log { source("src2"); filter("f_security"); destination("allsec"); };