[syslog-ng] Syslog-ng 3.1.4 on OpenBSD 5.2
Ramon F McDougall
cyberjet at live.com
Mon Apr 8 21:25:25 CEST 2013
Greetings
to All,
I
need your help, I recently installed Syslog-ng on an OpenBSD 5.2 and decided to
try syslog-ng to work under this environment. I’m not 100% sure(trying to learn about all these things) that it’s
working the way it’s supposed to. I followed an example detailed in this link: http://kimiushida.com/bitsandpieces/articles/openbsd_syslog-ng/index.html
It’s my hope that someone with much more expertise than I share
some of their knowledge so that I can get this working. I have configured the
firewall to send to my syslog server v3.1.4. Does anyone have this working on
OpenBSD and can share their config files?
$ cd syslog-ng
syslog-ng.conf
syslog-ng.conf.original
$ more syslog-ng.conf
# syslog-ng configuration file for OpenBSD.
# This should provide the same behavior as OpenBSD's
syslog.conf(5).
# 2010-07-18 steven at openbsd.org
@version: 3.0
options {
use_dns(no);
create_dirs(no);
keep_hostname(yes);
};
source s_local {
unix-dgram
("/dev/log");
unix-dgram
("/var/empty/dev/log");
internal();
};
#source s_local_all {
# unix-dgram
("/dev/log");
# unix-dgram
("/var/empty/dev/log");
# unix-dgram
("/var/www/dev/log");
# internal();
#};
#source s_net {
#
udp(port(514));
#};
destination d_console
{ file("/dev/console");
};
destination d_messages
{ file("/var/log/messages" owner(root) group(wheel)
perm(0644)); };
destination d_authlog
{ file("/var/log/authlog" owner(root) group(wheel)
perm(0640)); };
destination d_secure
{ file("/var/log/secure" owner(root) group(wheel)
perm(0600)); };
destination d_cronlog
{ file("/var/cron/log" owner(root) group(wheel)
perm(0600)); };
destination d_daemon
{ file("/var/log/daemon" owner(root) group(wheel)
perm(0640)); };
destination d_xferlog
{ file("/var/log/xferlog" owner(root) group(wheel)
perm(0640)); };
destination d_lpderrs
{ file("/var/log/lpd-errs" owner(root) group(wheel)
perm(0640)); };
destination d_maillog
{ file("/var/log/maillog" owner(root) group(wheel)
perm(0600)); };
destination d_uucplog
{ file("/var/log/uucp" owner(uucp) group(dialer)
perm(0660)); };
destination d_sudolog
{ file("/var/log/sudo");
};
destination d_chatlog
{ file("/var/log/chat");
};
destination d_ttyall
{ usertty("*");
};
destination d_ttyroot
{ usertty("root");
};
destination d_loghost
{ udp("loghost" port(514));
};
destination d_network_hosts { file
("/var/log/bcm/$HOST.log"); };
filter f_notice {
level(notice
.. emerg)
and
not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));
};
filter f_kerndebug {
level(debug ..
emerg) and facility(kern);
};
filter f_msginfo {
level(info ..
emerg) and facility(syslog,user);
};
filter f_authinfo {
level(info ..
emerg) and facility(auth);
};
filter f_authprivdebug {
level(debug ..
emerg) and facility(authpriv);
};
filter f_croninfo {
level(info ..
emerg) and facility(cron);
};
filter f_daemoninfo {
level(info ..
emerg) and facility(daemon);
};
filter f_ftpinfo {
level(info ..
emerg) and facility(ftp);
};
filter f_lprdebug {
level(debug ..
emerg) and facility(lpr);
};
filter f_mailinfo {
level(info ..
emerg) and facility(mail);
};
filter f_uucpinfo {
level(info ..
emerg) and facility(uucp);
};
filter f_emerg {
level(emerg);
};
filter f_to_console {
not
(facility(authpriv)) and
((level(notice
.. emerg) and facility(auth))
or
(level(debug .. emerg) and facility(kern))
or (level(crit
.. emerg) and facility(mail))
or level(err
.. emerg));
};
filter f_to_root {
(level(debug
.. emerg) and facility(auth))
or (level(notice .. emerg));
};
filter f_to_loghost {
(level(notice
.. emerg) and
not
(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))
or (level(info
.. emerg) and facility(auth,daemon,syslog,user))
or
(level(debug .. emerg) and facility(authpriv,kern));
};
filter f_prog_sudo {
program("sudo");
};
filter f_prog_chat {
program("chat");
};
log { source(s_local); filter(f_notice); destination(d_messages);};
log { source(s_local); filter(f_kerndebug); destination(d_messages);};
log { source(s_local); filter(f_msginfo); destination(d_messages);};
log { source(s_local); filter(f_authinfo); destination(d_authlog); };
log { source(s_local); filter(f_authprivdebug);
destination(d_secure); };
log { source(s_local); filter(f_croninfo); destination(d_cronlog); };
log { source(s_local); filter(f_daemoninfo); destination(d_daemon); };
log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); };
log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); };
log { source(s_local); filter(f_mailinfo); destination(d_maillog); };
#log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); };
# Uncomment this line to send "important" messages
to the system
# console: be aware that this could create lots of output.
#log { source(s_local); filter(f_to_console); destination(d_console); };
# Uncomment this to have all messages of notice level and
higher
# as well as all authentication messages sent to root.
#log { source(s_local); filter(f_to_root); destination(d_ttyroot); };
# Everyone gets emergency messages.
log { source(s_local); filter(f_emerg); destination(d_ttyall); };
# Uncomment to log to a central host named
"loghost".
#log { source(s_local); filter(f_to_loghost); destination(d_loghost); };
# Uncomment to log messages from sudo(8) and chat(8) to
their own
# respective log files.
Matches are done based on the program name.
# Program-specific logs:
#log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); };
#log { source(s_local); filter(f_prog_chat); destination(d_chatlog); };
# Uncomment to log messages from the network.
# Note: it is recommended to specify a different destination
here.
#log { source(s_net); destination(d_messages); };
$ syslog-ng-ctl
Syntax: syslog-ng-ctl <command> [options]
Possible commands are:
stats Dump syslog-ng statistics
verbose Enable/query verbose messages
debug Enable/query debug messages
trace Enable/query trace messages
# syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
center;;received;a;processed;0
destination;d_lpderrs;;a;processed;0
destination;d_messages;;a;processed;6
src.internal;s_local#2;;a;processed;5
src.internal;s_local#2;;a;stamp;1365446582
destination;d_daemon;;a;processed;0
destination;d_secure;;a;processed;0
center;;queued;a;processed;0
global;payload_reallocs;;a;processed;0
global;sdata_updates;;a;processed;0
destination;d_xferlog;;a;processed;0
destination;d_authlog;;a;processed;2
destination;d_cronlog;;a;processed;0
destination;d_maillog;;a;processed;0
global;msg_clones;;a;processed;0
source;s_local;;a;processed;7
destination;d_ttyall;;a;processed;0
# syslog-ng-ctl verbose --set=on
# syslog-ng-ctl stats
SourceName;SourceId;SourceInstance;State;Type;Number
center;;received;a;processed;0
destination;d_lpderrs;;a;processed;0
destination;d_messages;;a;processed;9
src.internal;s_local#2;;a;processed;8
src.internal;s_local#2;;a;stamp;1365446909
destination;d_daemon;;a;processed;0
destination;d_secure;;a;processed;0
center;;queued;a;processed;0
global;payload_reallocs;;a;processed;0
global;sdata_updates;;a;processed;0
destination;d_xferlog;;a;processed;0
destination;d_authlog;;a;processed;2
destination;d_cronlog;;a;processed;0
destination;d_maillog;;a;processed;0
global;msg_clones;;a;processed;0
source;s_local;;a;processed;10
destination;d_ttyall;;a;processed;0
#
Please let me know what more information you need to be able to help. Regards and Thank you,…Ramon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130408/2d5f9095/attachment-0001.htm
More information about the syslog-ng
mailing list