[syslog-ng] Testing log paths

Balazs Scheidler bazsi at balabit.hu
Mon Jun 12 13:06:04 CEST 2006


On Thu, 2006-06-08 at 13:32 -0600, Ryan Owen wrote:
> I'm looking for a way to test a syslog-ng configuration to see if a
> given message (generated by the local machine) will be logged.  This
> is for automated policy compliance measurement.  For example, I need a
> program or script to be able to tell me if all authpriv messages with
> priority debug or higher are logged somewhere.
> 
> With the old syslog stuff, the config file was easy enough to parse
> that a program could fairly easily determine this.  Syslog-ng's
> extremely flexible configuration mechanism is somewhat more difficult,
> though.
> 
> My current thinking is to take the lex/yacc grammar from the source
> and use it to write a program that could accept a message and return
> where it would be logged, if at all.  This is still a pretty complex
> task, though, so I was hoping that perhaps there would be a simpler
> way.  I'm not allowed to generate bogus log entries, or else I'd try
> spoofing a message of whatever facility/priority/etc that I needed to
> test for.
> 
> Does anyone know of a better way to accomplish this?

Hm... I think it should be doable with syslog-ng's code by using some
kind of command line switch to trigger configuration file validation. 
Something similar to the archaic "ipchains -C" switch:

       -C, --check
	      Check  the given packet against the selected chain.
	      This is extremely useful for testing, as	the  same
	      kernel  routines used to check "real" network pack-
	      ets are used to check this packet.  It can be  used
	      to check user-defined chains as well as the builtin
	      ones.  The same arguments used to specify	 firewall
	      rules  are  used	to  construct  the  packet  to be
	      tested.  In particular, the -s (source), -d (desti-
	      nation),	-p  (protocol),	 and -i (interface) flags
	      are compulsory.

Of course some changes would definitely be needed to the core.

-- 
Bazsi



More information about the syslog-ng mailing list