Gregory Edigarov wrote: > On 20.12.16 13:47, Stuart Henderson wrote: > > On 2016-12-17, Remi Locherer <remi.loche...@relo.ch> wrote: > >> On December 17, 2016 12:07:18 PM GMT+01:00, Federico Donati > >> <nix.b...@gmail.com> wrote: > >>> Hi all, > >>> > >>> I've a problem with an OpenBSD 6.0 box with rsyslog. > >>> > >>> I need to send every local logs to a remote server and I can't use > >>> syslogd, because it does not send the hostname of the server (the one > >>> indicated in /etc/myname), but on the remote server messages come with > >>> the PTR record of my public ip. > >> have you tried -h for syslogd from base? > > Yep this is the easy way. > > > >>> I've installed rsyslogd, but it doesn't send anything to the remote > >>> server. And more than that, it doesn't write anything local. > > Since 5.6, OpenBSD uses a special sendsyslog(2) system call for > > logging. This avoids the need for a device node and available file > > descriptor, which helps with chrooted programs, or if someone is > > able to cause too many FDs to be opened in an attempt to prevent > > logging from working. > > > > It needs a syslogd that is able to receive these messages. It's a > > fairly simple change (see src/usr.sbin/syslogd/syslogd.c r1.111) > > but afaik none of the third-party log daemons support it yet. > > It's quite likely that diffs to add support for this to other > > daemons would be accepted for ports, maybe upstreams would accept > > them too. > > > > Workaround for this without modifying the syslog daemon: > > - run normal OpenBSD syslogd in addition to the other daemon > > - have the other syslog daemon bind to a specific IP address > > - have OpenBSD syslogd feed the other daemon using a network socket > > > Or, do not run anything else then syslogd. Seriously, I can't thought > off any case where > that wouldn't be enough.
I could think of one case. Namely based on reading man pages syslogd doesn't support MySQL logging. I am looking to play with echofish https://echothrust.github.io/echofish/ which is developed on OpenBSD in-spite of the fact that it is not in the ports tree and is real time log monitoring system. Based on this short notes https://github.com/echothrust/echofish/blob/master/INSTALL.md I inferring that syslog-ng which runs really well on OpenBSD is a good choice for echofish. This is my question @Stuart Could you please clarify if syslogd is automatically going to open/hold port 514 upd. Namely I would like to keep running syslog daemon on the loggin server itself and send the log files to syslog-ng per https://www.balabit.com/wiki/syslog-ng-faq-syslogd Thanks, Predrag
