[syslog-ng] syslong_ng and bind9

Ruben Safir ruben at mrbrklyn.com
Tue Oct 9 09:21:15 UTC 2018 

On 10/6/18 6:42 AM, Scheidler, Balázs wrote:
> Hi,
> 
> There's no facility code for named, basically the list of facility codes
> have been frozen for 30 years, so really not up to the task.
> 
> That syslog-ng.conf file could be simplified a lot, if you don't require so
> many log files, I'd recommend something simple like this:
> 
> ```
> 
> @version: 3.17
> 
> source s_local {
>   system();
> };
> 
> log {
>   source(s_local);
>   destination { file("/var/log/syslog"); };
> };
> 
> ```
> 
> And start adding your custom rules from here.
> 
> The named process can be matched easily with this filter expression:
> 
> ```
> filter f_named { program("named"); };
> ```

Thanks!  I did that ... pretty much.
destination d_named { file("/var/log/named.log"); };
filter f_named { facility(daemon) and program("named"); };
log { source(src); filter(f_named); destination(d_named); };


I'm a little confused though why named slipped through the cracks of
facilities.




> 
> No need to use facility codes, the program name is enough.
> 
> On Fri, Oct 5, 2018, 06:46 Ruben Safir <ruben at mrbrklyn.com> wrote:
> 
>> Hello
>>
>> I am trying to log named to syslog_ng and it is not set up by default on
>> arch or artex.
>>
>> I set up named for logging, I think
>>
>>
>> logging {
>>         category default { log_syslog; };
>>         channel log_syslog { syslog; };
>> };
>>
>>
>> in the config file for syslog_ng I had added
>>
>>
>> destination d_mail { file("/var/log/mail.log"); };
>> destination d_named { file("/var/log/named.log"); };
>> destination d_news { file("/var/log/news.log"); };
>>
>> I am looking at filters and have no idea what to do
>>
>> filter f_auth { facility(auth); };
>> filter f_authpriv { facility(auth, authpriv); };
>> filter f_syslog { program(syslog-ng); };
>> filter f_cron { facility(cron); };
>> filter f_daemon { facility(daemon); };
>> filter f_kernel { facility(kern) and not filter(f_iptables); };
>> filter f_lpr { facility(lpr); };
>> filter f_mail { facility(mail); };
>> filter f_news { facility(news); };
>> filter f_user { facility(user); };
>> filter f_uucp { facility(uucp); };
>> filter f_ppp { facility(local2); };
>> filter f_debug { not facility(auth, authpriv, news, mail); };
>> filter f_messages { level(info..warn) and not facility(auth, authpriv,
>> mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
>> filter f_everything { level(debug..emerg) and not facility(auth,
>> authpriv); };
>> filter f_emergency { level(emerg); };
>> filter f_info { level(info); };
>> filter f_notice { level(notice); };
>> filter f_warn { level(warn); };
>> filter f_crit { level(crit); };
>> filter f_err { level(err); };
>> filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT="
>> value("MESSAGE")); };
>> filter f_acpid { program("acpid"); };
>>
>>
>> I don't know if there is a built in facilty for named.  The docs for the
>> server and very detailed and rich, and overwhelming.
>>
>> Ruben
>>
>>
>> --
>> So many immigrant groups have swept through our town
>> that Brooklyn, like Atlantis, reaches mythological
>> proportions in the mind of the world - RI Safir 1998
>> http://www.mrbrklyn.com
>> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
>>
>> http://www.nylxs.com - Leadership Development in Free Software
>> http://www.brooklyn-living.com
>>
>> Being so tracked is for FARM ANIMALS and and extermination camps,
>> but incompatible with living as a free human being. -RI Safir 2013
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

More information about the syslog-ng mailing list