[syslog-ng]kern messages not trapping correctly?
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Sun, 7 Dec 2003 16:06:45 -0700 (MST)
I just moved from syslog to syslog-ng. It looks great, except that kernel
messages don't seem to be getting passed into the logs. For example, I
have my iptables rules set to log any connection that fails all ACCEPT
rules. Under syslog the firewall log file got to be rather large very
quickly (which is fine). I accomplished it with --log-level info
and putting
kern.info /var/log/firewall
in my syslog.conf file. I translated that into syslog-ng, but my firewall
log has not increased one bit, even when I purposly hit a blocked port
from the outside.
Here's the syslog-ng.conf file. Perhaps someone can see an issue?
options { dir_perm(0755); perm(0644); chain_hostnames(no);
keep_hostname(yes); };
source local {
unix-stream("/dev/log");
udp(ip(0.0.0.0) port(514));
internal();
};
filter f_kern {
facility(kern) and level(debug...emerg);
};
filter f_notcron {
not facility(cron);
};
filter f_infoemerg {
level(info...emerg);
};
filter f_notmail {
not facility(mail);
};
filter f_notauth {
not facility(authpriv);
};
filter f_auth {
facility(authpriv) and level(debug...emerg);
};
filter f_mail {
facility(mail) and level(debug...emerg);
};
filter f_cron {
facility(cron) and level(debug...emerg);
};
filter f_emerg {
level(emerg);
};
filter f_newscrit {
facility(uucp,news) and level(crit...emerg);
};
filter f_boot {
facility(local7) and level(debug...emerg);
};
filter f_firewall {
facility(kern) and match("IN=");
};
destination d_firewall {
file("/var/log/firewall" create_dirs(yes));
};
destination d_messages {
file("/var/log/messages" create_dirs(yes));
};
destination d_spooler {
file("/var/log/spooler" create_dirs(yes));
};
destination d_console {
file("/dev/console" create_dirs(yes));
};
destination d_secure {
file("/var/log/secure" create_dirs(yes));
};
destination d_maillog {
file("/var/log/maillog" create_dirs(yes));
};
destination d_cron {
file("/var/log/cron" create_dirs(yes));
};
destination d_panic {
usertty("*");
};
destination d_boot {
file("/var/log/boot.log" create_dirs(yes));
};
log { source(local); filter(f_newscrit); destination(d_spooler); };
log { source(local); filter(f_cron); destination(d_cron); };
log { source(local); filter(f_emerg); destination(d_panic); };
log { source(local); filter(f_boot); destination(d_boot); };
log { source(local); filter(f_mail); destination(d_maillog); };
log { source(local); filter(f_kern); destination(d_console); };
log { source(local); filter(f_notcron); filter(f_infoemerg); filter(f_notmail); filter(f_notauth); destination(d_messages); };
log { source(local); filter(f_auth); destination(d_secure); };
log { filter(f_firewall); destination(d_firewall); };
I even tried it without the match, so it was just anything from the kern
facility. No go.
Running RedHat linux 9.
Thanks in advance!
--- Dan