[syslog-ng] Syslog-ng on OpenBSD

Joe McDonagh joseph.e.mcdonagh at gmail.com
Thu Sep 2 17:14:31 CEST 2010 

Nothing is being logged except Log Processing Statistics in 
/var/log/debug. I am seeing a ton of dropped stuff to my loghost, but 
what's really alarming is that stuff isn't being logged locally?

Sep  2 11:10:02 machine syslog-ng[4179]: Log statistics; 
dropped='tcp(localhost:61514)=48833', processed='center(queued)=52', 
processed='center(received)=13', processed='destination(messages)=13', 
processed='destination(mailinfo)=0', 
processed='destination(mailwarn)=0', processed='destination(console)=0', 
processed='destination(mailerr)=0', processed='destination(loghost)=13', 
processed='destination(authlog)=0', processed='destination(user)=0', 
processed='destination(lpr)=0', processed='destination(daemon)=0', 
processed='destination(cron)=0', processed='destination(kern)=0', 
processed='destination(mail)=0', processed='destination(debug)=13', 
processed='destination(syslog)=13', 
processed='destination(console_all)=0', processed='source(src)=13', 
suppressed='tcp(localhost:61514)=0'

This is happening on all my OpenBSD machines I recently setup to use 
syslog-ng (needed TCP with stunnel in front to send to my log host).

This is the config:

# This file is managed by puppet as a file in the syslog::client class

options { long_hostnames(off); sync(20); use_dns(no);};

source src { internal(); pipe("/dev/klog" log_prefix("kernel: ")); 
unix-stream("/dev/log"); };

destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination loghost { tcp("localhost" port(61514)); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, mail); };
filter f_messages { level(info..warn)
         and not facility(auth, authpriv, mail); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };

log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); destination(loghost); };

<<EOF>>

I'm wondering if my source line is just wrong for OpenBSD. Anybody with 
a working OpenBSD config care to share?

-- 
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."

More information about the syslog-ng mailing list