Hi all,
I switched from syslogd to syslog-ng (from package,
syslog-ng-3.6.4.tgz) on a amd64 board but now logging of local events
don't works.
Logging of remote events (UDP) works fine.
Only syslog-ng log statistics are recorded to log files, nothing else.
I tried both configurations:
source s_local {
unix-dgram ("/dev/log");
pipe("/dev/klog" log_prefix("kernel: "));
internal();
};
and
source s_local {
internal();
file("/dev/klog" program_override("kernel: "));
unix-dgram("/dev/log");
};
without success.
More details about the system:
#############################################
$ uname -a
OpenBSD ap.ca.fr.lo 5.9 GENERIC.MP#1888 amd64
$ cat /etc/syslog-ng/syslog-ng.conf
# syslog-ng configuration file for OpenBSD.
# This should provide the same behavior as OpenBSD's syslog.conf(5).
# 2010-07-18 ste...@openbsd.org
@version: 3.6
options {
use_dns(no);
create_dirs(no);
keep_hostname(yes);
};
source s_local {
unix-dgram ("/dev/log");
pipe("/dev/klog" log_prefix("kernel: "));
internal();
};
#source s_local_all {
# unix-dgram ("/dev/log");
# unix-dgram ("/var/empty/dev/log");
# unix-dgram ("/var/www/dev/log");
# internal();
#};
source s_net {
udp(port(514));
};
destination d_console { file("/dev/console"); };
destination d_messages { file("/var/log/messages" owner(root)
group(wheel) perm(0644)); };
destination d_authlog { file("/var/log/authlog" owner(root)
group(wheel) perm(0640)); };
destination d_secure { file("/var/log/secure" owner(root)
group(wheel) perm(0600)); };
destination d_cronlog { file("/var/cron/log" owner(root)
group(wheel) perm(0600)); };
destination d_daemon { file("/var/log/daemon" owner(root)
group(wheel) perm(0640)); };
destination d_xferlog { file("/var/log/xferlog" owner(root)
group(wheel) perm(0640)); };
destination d_lpderrs { file("/var/log/lpd-errs" owner(root)
group(wheel) perm(0640)); };
destination d_maillog { file("/var/log/maillog" owner(root)
group(wheel) perm(0600)); };
destination d_uucplog { file("/var/log/uucp" owner(uucp)
group(dialer) perm(0660)); };
destination d_doaslog { file("/var/log/doas"); };
destination d_ttyall { usertty("*"); };
destination d_ttyroot { usertty("root"); };
destination d_loghost { udp("loghost" port(514)); };
destination d_857 { file("/var/log/857" owner(root) group(wheel)
perm(0640)); };
filter f_notice {
level(notice .. emerg)
and not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user));
};
filter f_kerndebug {
level(debug .. emerg) and facility(kern);
};
filter f_msginfo {
level(info .. emerg) and facility(syslog,user);
};
filter f_authinfo {
level(info .. emerg) and facility(auth);
};
filter f_authprivdebug {
level(debug .. emerg) and facility(authpriv);
};
filter f_croninfo {
level(info .. emerg) and facility(cron);
};
filter f_daemoninfo {
level(info .. emerg) and facility(daemon);
};
filter f_ftpinfo {
level(info .. emerg) and facility(ftp);
};
filter f_lprdebug {
level(debug .. emerg) and facility(lpr);
};
filter f_mailinfo {
level(info .. emerg) and facility(mail);
};
filter f_uucpinfo {
level(info .. emerg) and facility(uucp);
};
filter f_emerg {
level(emerg);
};
filter f_to_console {
not (facility(authpriv)) and
((level(notice .. emerg) and facility(auth))
or (level(debug .. emerg) and facility(kern))
or (level(crit .. emerg) and facility(mail))
or level(err .. emerg));
};
filter f_to_root {
(level(debug .. emerg) and facility(auth))
or (level(notice .. emerg));
};
filter f_to_loghost {
(level(notice .. emerg) and
not (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))
or (level(info .. emerg) and facility(auth,daemon,syslog,user))
or (level(debug .. emerg) and facility(authpriv,kern));
};
filter f_prog_doas {
program("doas");
};
filter f_from_857 {
(host(192.168.2.252))
};
log { source(s_local); filter(f_notice); destination(d_messages);};
log { source(s_local); filter(f_kerndebug); destination(d_messages);};
log { source(s_local); filter(f_msginfo); destination(d_messages);};
log { source(s_local); filter(f_authinfo); destination(d_authlog); };
log { source(s_local); filter(f_authprivdebug); destination(d_secure); };
log { source(s_local); filter(f_croninfo); destination(d_cronlog); };
log { source(s_local); filter(f_daemoninfo); destination(d_daemon); };
log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); };
log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); };
log { source(s_local); filter(f_mailinfo); destination(d_maillog); };
#log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); };
# Uncomment this line to send "important" messages to the system
# console: be aware that this could create lots of output.
#log { source(s_local); filter(f_to_console); destination(d_console); };
# Uncomment this to have all messages of notice level and higher
# as well as all authentication messages sent to root.
#log { source(s_local); filter(f_to_root); destination(d_ttyroot); };
# Everyone gets emergency messages.
log { source(s_local); filter(f_emerg); destination(d_ttyall); };
# Uncomment to log to a central host named "loghost".
#log { source(s_local); filter(f_to_loghost); destination(d_loghost); };
# Uncomment to log messages from doas(1) to its own log file. Matches are done
# based on the program name.
# Program-specific logs:
log { source(s_local); filter(f_prog_doas); destination(d_doaslog); };
# Uncomment to log messages from the network.
# Note: it is recommended to specify a different destination here.
#log { source(s_net); destination(d_messages); };
#857
log { source(s_net); filter(f_from_857); destination(d_857); };
#############################################
Do you have a working configuration of syslog-ng to share?
Thanks,
-f
