[syslog-ng]OpenBSD 3.5 not logging.. anything
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Fri, 30 Jul 2004 23:01:51 +0100
I have sandboxed Syslog-ng on OpenBSD 3.5. It doesn't appear to be
logging anything other than itself.
# ls -al /dev/log
sr-Sr-S--- 1 _syslogng _syslogng 0 Jul 30 22:50 /dev/log
# ls -al /var/log/
total 156
drwx------ 2 _syslogng _syslogng 512 Jul 30 22:36 .
drwxr-xr-x 20 root wheel 512 Jul 28 11:21 ..
-rw-r----- 1 _syslogng _syslogng 566 Jul 30 22:50 all.log
-rw-r----- 1 _syslogng _syslogng 586 Jul 28 11:20 authlog
-rw-r----- 1 _syslogng _syslogng 45 Jul 28 11:15 daemon
-rw-r----- 1 _syslogng _syslogng 22685 Jul 30 22:50 debug
-rw------- 1 _syslogng _syslogng 304 Jul 28 13:30 failedlogin
-rw-r----- 1 _syslogng _syslogng 0 Mar 29 19:47 ftpd
-rw-r----- 1 _syslogng _syslogng 268536 Jul 30 22:36 lastlog
-rw-r----- 1 _syslogng _syslogng 0 Mar 29 19:47 lpd-errs
-rw------- 1 _syslogng _syslogng 415 Jul 28 11:30 maillog
-rw-r----- 1 _syslogng _syslogng 33733 Jul 30 22:50 messages
-rw------- 1 _syslogng _syslogng 0 Mar 29 19:47 secure
-rw-r----- 1 _syslogng _syslogng 22685 Jul 30 22:50 syslog
-rw-r----- 1 _syslogng _syslogng 9600 Jul 30 22:46 wtmp
-rw-r--r-- 1 _syslogng _syslogng 147 Jul 28 11:49 wtmp.0.gz
-rw-r----- 1 _syslogng _syslogng 0 Mar 29 19:47 xferlog
and my config file:
# $Xanthus: syslog-ng.conf,v 1.1 2004/07/27 02:56:44 markzero Exp $
# syslog-ng config
#
options {
long_hostnames(off);
owner(_syslogng);
group(_syslogng);
perm(0640);
dir_owner(_syslogng);
dir_group(_syslogng);
dir_perm(0640);
sync(0);
};
source src {
unix-stream("/dev/log"
owner("_syslogng")
group("_syslogng")
perm(06440));
internal();
};
destination all { file("/var/log/all.log"); };
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
#destination loghost { udp("loghost" port(999)); };
filter test { level(debug..emerg); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
log { source(src); filter(test); destination(all); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info);
destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn);
destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err);
destination(mailerr); };
log { source(src); filter(f_news); filter(f_crit);
destination(newscrit); };
log { source(src); filter(f_news); filter(f_err);
destination(newserr); };
log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#log { source(src); destination(console_all); };
-although this config is theoretical, it's not one I plan on using in
production (hence the (all) destination). The contents of the log
files in /var/log include:
STATS: dropped 0
syslog-ng version 1.5.24 going down
syslog-ng version 1.5.24 starting
..and not a lot else. I've tried generating alerts with the 'logger'
command, as well as deliberately typing in the wrong password to su,
attempting to login as root over ssh and sending lots of mail to
nonexistant users on my system. No logs of any kind are generated.
I don't get any errors, where do I go from here?
mark