[syslog-ng] Testing log paths

Orth, Alan AOrth at exchange.csuchico.edu
Mon Jun 19 22:30:11 CEST 2006


Orlando,
 
Actually, I'm sitting in an office in San Ramon as we speak.  I'm interning here at Chevron for the summer!
 
Tell Moon Jee I say "hi"! I hope someone in the tech shop can help you guys...
 
-- 
Alan Orth
Upward Bound - Systems Administrator
User Services - Field Technician
California State University, Chico
x6000

________________________________

From: syslog-ng-bounces at lists.balabit.hu on behalf of Balazs Scheidler
Sent: Mon 6/12/2006 4:06 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Testing log paths



On Thu, 2006-06-08 at 13:32 -0600, Ryan Owen wrote:
> I'm looking for a way to test a syslog-ng configuration to see if a
> given message (generated by the local machine) will be logged.  This
> is for automated policy compliance measurement.  For example, I need a
> program or script to be able to tell me if all authpriv messages with
> priority debug or higher are logged somewhere.
>
> With the old syslog stuff, the config file was easy enough to parse
> that a program could fairly easily determine this.  Syslog-ng's
> extremely flexible configuration mechanism is somewhat more difficult,
> though.
>
> My current thinking is to take the lex/yacc grammar from the source
> and use it to write a program that could accept a message and return
> where it would be logged, if at all.  This is still a pretty complex
> task, though, so I was hoping that perhaps there would be a simpler
> way.  I'm not allowed to generate bogus log entries, or else I'd try
> spoofing a message of whatever facility/priority/etc that I needed to
> test for.
>
> Does anyone know of a better way to accomplish this?

Hm... I think it should be doable with syslog-ng's code by using some
kind of command line switch to trigger configuration file validation.
Something similar to the archaic "ipchains -C" switch:

       -C, --check
              Check  the given packet against the selected chain.
              This is extremely useful for testing, as  the  same
              kernel  routines used to check "real" network pack-
              ets are used to check this packet.  It can be  used
              to check user-defined chains as well as the builtin
              ones.  The same arguments used to specify  firewall
              rules  are  used  to  construct  the  packet  to be
              tested.  In particular, the -s (source), -d (desti-
              nation),  -p  (protocol),  and -i (interface) flags
              are compulsory.

Of course some changes would definitely be needed to the core.

--
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6610 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060619/1fe42827/attachment.bin


More information about the syslog-ng mailing list