[syslog-ng] Testing log paths
Balazs Scheidler
bazsi at balabit.hu
Mon Jun 12 13:06:04 CEST 2006
On Thu, 2006-06-08 at 13:32 -0600, Ryan Owen wrote:
> I'm looking for a way to test a syslog-ng configuration to see if a
> given message (generated by the local machine) will be logged. This
> is for automated policy compliance measurement. For example, I need a
> program or script to be able to tell me if all authpriv messages with
> priority debug or higher are logged somewhere.
>
> With the old syslog stuff, the config file was easy enough to parse
> that a program could fairly easily determine this. Syslog-ng's
> extremely flexible configuration mechanism is somewhat more difficult,
> though.
>
> My current thinking is to take the lex/yacc grammar from the source
> and use it to write a program that could accept a message and return
> where it would be logged, if at all. This is still a pretty complex
> task, though, so I was hoping that perhaps there would be a simpler
> way. I'm not allowed to generate bogus log entries, or else I'd try
> spoofing a message of whatever facility/priority/etc that I needed to
> test for.
>
> Does anyone know of a better way to accomplish this?
Hm... I think it should be doable with syslog-ng's code by using some
kind of command line switch to trigger configuration file validation.
Something similar to the archaic "ipchains -C" switch:
-C, --check
Check the given packet against the selected chain.
This is extremely useful for testing, as the same
kernel routines used to check "real" network pack-
ets are used to check this packet. It can be used
to check user-defined chains as well as the builtin
ones. The same arguments used to specify firewall
rules are used to construct the packet to be
tested. In particular, the -s (source), -d (desti-
nation), -p (protocol), and -i (interface) flags
are compulsory.
Of course some changes would definitely be needed to the core.
--
Bazsi
More information about the syslog-ng
mailing list