[syslog-ng] syslong_ng and bind9

Sat Oct 6 10:42:32 UTC 2018

Hi,

There's no facility code for named, basically the list of facility codes
have been frozen for 30 years, so really not up to the task.

That syslog-ng.conf file could be simplified a lot, if you don't require so
many log files, I'd recommend something simple like this:

```

@version: 3.17

source s_local {
  system();
};

log {
  source(s_local);
  destination { file("/var/log/syslog"); };
};

```

And start adding your custom rules from here.

The named process can be matched easily with this filter expression:

```
filter f_named { program("named"); };
```

No need to use facility codes, the program name is enough.

On Fri, Oct 5, 2018, 06:46 Ruben Safir <ruben at mrbrklyn.com> wrote:

> Hello
>
> I am trying to log named to syslog_ng and it is not set up by default on
> arch or artex.
>
> I set up named for logging, I think
>
>
> logging {
>         category default { log_syslog; };
>         channel log_syslog { syslog; };
> };
>
>
> in the config file for syslog_ng I had added
>
>
> destination d_mail { file("/var/log/mail.log"); };
> destination d_named { file("/var/log/named.log"); };
> destination d_news { file("/var/log/news.log"); };
>
> I am looking at filters and have no idea what to do
>
> filter f_auth { facility(auth); };
> filter f_authpriv { facility(auth, authpriv); };
> filter f_syslog { program(syslog-ng); };
> filter f_cron { facility(cron); };
> filter f_daemon { facility(daemon); };
> filter f_kernel { facility(kern) and not filter(f_iptables); };
> filter f_lpr { facility(lpr); };
> filter f_mail { facility(mail); };
> filter f_news { facility(news); };
> filter f_user { facility(user); };
> filter f_uucp { facility(uucp); };
> filter f_ppp { facility(local2); };
> filter f_debug { not facility(auth, authpriv, news, mail); };
> filter f_messages { level(info..warn) and not facility(auth, authpriv,
> mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
> filter f_everything { level(debug..emerg) and not facility(auth,
> authpriv); };
> filter f_emergency { level(emerg); };
> filter f_info { level(info); };
> filter f_notice { level(notice); };
> filter f_warn { level(warn); };
> filter f_crit { level(crit); };
> filter f_err { level(err); };
> filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT="
> value("MESSAGE")); };
> filter f_acpid { program("acpid"); };
>
>
> I don't know if there is a built in facilty for named.  The docs for the
> server and very detailed and rich, and overwhelming.
>
> Ruben
>
>
> --
> So many immigrant groups have swept through our town
> that Brooklyn, like Atlantis, reaches mythological
> proportions in the mind of the world - RI Safir 1998
> http://www.mrbrklyn.com
> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
>
> http://www.nylxs.com - Leadership Development in Free Software
> http://www.brooklyn-living.com
>
> Being so tracked is for FARM ANIMALS and and extermination camps,
> but incompatible with living as a free human being. -RI Safir 2013
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181006/ab504a55/attachment.html>