[syslog-ng]syslog server do not log itself correctly
Alessandro Fiorenzi
syslog-ng@lists.balabit.hu
Fri, 20 Feb 2004 16:31:50 +0100
--=-xJdvIOICDzRrtORU9k71
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hi, I have set up a wondefull log server with syslog-ng, where I record
every host separately.
suppose log server name is logserver.localdomain.it, the problem is that
I get the logserver.localdomain.it directory but insede i get only
messages and syslog file, if i fail a an authentication or what other I
get no log about it.
someone can help me?
Thanks
This is part of configuration file:
options {
long_hostnames(off);
sync(0); # no line
buffered: scriviamo subito
# forse sui
client si puņ rimuovere
create_dirs(yes);
log_fifo_size(30000); # aumentiamo
log_fifo_size per evitare il drop dei pacchetti,
use_fqdn(yes); # Inserisce gli
host in formato Fully Qualified Domain Name
# use_time_recvd(true); # nel caso di
client con ora non sincronizzata
};
source src {
internal();
pipe("/proc/kmsg");
#file("/proc/kmsg" log_prefix("kernel: "));
tcp(ip(192.168.xxx.yyy) port(514) max-connections(100));
udp(ip(0.0.0.0) port(514));
};
destination authlog {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/auth.log"
owner("root") group("adm") perm(0640)); };
destination syslog {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/syslog"
owner("root") group("adm") perm(0640)); };
destination cron {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/cron.log"
owner("root") group("adm") perm(0640)); };
destination daemon {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/daemon.log"
owner("root") group("adm") perm(0640)); };
destination kern {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/kern.log"
owner("root") group("adm") perm(0640)); };
destination lpr {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/lpr.log"
owner("root") group("adm") perm(0640)); };
destination mail {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/mail.log"
owner("root") group("adm") perm(0640)); };
destination user {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/user.log"
owner("root") group("adm") perm(0640)); };
destination uucp {
file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/uucp.log"
owner("root") group("adm") perm(0640)); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
------------------------------------------------------------------------
INFOGROUP S.P.A http://www.infogroup.it
-------------------------------------------------------------------------
DR. FIORENZI ALESSANDRO
Consulente Tribunale Firenze - sicurezza informatica -
Security Administrator
Socio CLUSIT, ALSI
Tel : +39.055.43.65.742
CE : +39.335.64.144.77
@Email : a.fiorenzi@infogroup.it
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc
-------------------------------------------------------------------------
"Faber est suae quisque fortunae"
-------------------------------------------------------------------------
--=-xJdvIOICDzRrtORU9k71
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.9">
</HEAD>
<BODY>
Hi, I have set up a wondefull log server with syslog-ng, where I record every host separately.<BR>
<BR>
suppose log server name is logserver.localdomain.it, the problem is that I get the logserver.localdomain.it directory but insede i get only messages and syslog file, if i fail a an authentication or what other I get no log about it.<BR>
<BR>
someone can help me?<BR>
<BR>
Thanks<BR>
<BR>
This is part of configuration file:<BR>
<BR>
options {<BR>
long_hostnames(off); <BR>
sync(0); # no line buffered: scriviamo subito<BR>
# forse sui client si può rimuovere<BR>
create_dirs(yes);<BR>
log_fifo_size(30000); # aumentiamo log_fifo_size per evitare il drop dei pacchetti,<BR>
use_fqdn(yes); # Inserisce gli host in formato Fully Qualified Domain Name<BR>
# use_time_recvd(true); # nel caso di client con ora non sincronizzata<BR>
};<BR>
<BR>
source src {<BR>
internal();<BR>
pipe("/proc/kmsg");<BR>
#file("/proc/kmsg" log_prefix("kernel: "));<BR>
tcp(ip(192.168.xxx.yyy) port(514) max-connections(100));<BR>
udp(ip(0.0.0.0) port(514));<BR>
};<BR>
<BR>
<BR>
destination authlog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/auth.log" owner("root") group("adm") perm(0640)); };<BR>
destination syslog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/syslog" owner("root") group("adm") perm(0640)); };<BR>
destination cron { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/cron.log" owner("root") group("adm") perm(0640)); };<BR>
destination daemon { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/daemon.log" owner("root") group("adm") perm(0640)); };<BR>
destination kern { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/kern.log" owner("root") group("adm") perm(0640)); };<BR>
destination lpr { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/lpr.log" owner("root") group("adm") perm(0640)); };<BR>
destination mail { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/mail.log" owner("root") group("adm") perm(0640)); };<BR>
destination user { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/user.log" owner("root") group("adm") perm(0640)); };<BR>
destination uucp { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/uucp.log" owner("root") group("adm") perm(0640)); };<BR>
<BR>
<BR>
filter f_authpriv { facility(auth, authpriv); };<BR>
filter f_syslog { not facility(auth, authpriv); };<BR>
filter f_cron { facility(cron); };<BR>
filter f_daemon { facility(daemon); };<BR>
filter f_kern { facility(kern); };<BR>
filter f_lpr { facility(lpr); };<BR>
filter f_mail { facility(mail); };<BR>
filter f_user { facility(user); };<BR>
filter f_uucp { facility(uucp); };<BR>
<BR>
<BR>
log { source(src); filter(f_authpriv); destination(authlog); };<BR>
log { source(src); filter(f_syslog); destination(syslog); };<BR>
log { source(src); filter(f_cron); destination(cron); };<BR>
log { source(src); filter(f_daemon); destination(daemon); };<BR>
log { source(src); filter(f_kern); destination(kern); };<BR>
log { source(src); filter(f_lpr); destination(lpr); };<BR>
log { source(src); filter(f_mail); destination(mail); };<BR>
log { source(src); filter(f_user); destination(user); };<BR>
log { source(src); filter(f_uucp); destination(uucp); };<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<FONT SIZE="3"><B>------------------------------------------------------------------------
<ADDRESS>INFOGROUP S.P.A http://www.infogroup.it </ADDRESS>
-------------------------------------------------------------------------<BR>
DR. FIORENZI ALESSANDRO </B></FONT><BR>
<BR>
Consulente Tribunale Firenze - sicurezza informatica -<BR>
Security Administrator <BR>
Socio <A HREF="file:///home/fiore/signature/www.clusit.it"><U>CLUSIT</U></A>, <A HREF="file:///home/fiore/signature/www.alsi.it"><U>ALSI</U></A><BR>
<BR>
<BR>
<BR>
<BR>
<ADDRESS>Tel : +39.055.43.65.742 <BR>
CE : +39.335.64.144.77 <BR>
@Email : a.fiorenzi@infogroup.it <BR>
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc</ADDRESS>
<FONT SIZE="3"><I>-------------------------------------------------------------------------<BR>
<B>"Faber est suae quisque fortunae" </B><BR>
-------------------------------------------------------------------------</I></FONT>
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
--=-xJdvIOICDzRrtORU9k71--