| View previous topic :: View next topic |
| Author |
Message |
rpmohn
Tux's lil' helper
Joined: 26 Aug 2003
Posts: 116
Location: Vermont
|
 Posted: Thu Nov 19, 2009 10:06 pm Post subject: syslog-ng.conf v3 and the Gentoo Security Handbook |
 |
|
I've been using the recommended /etc/syslog-ng/syslog-ng.conf file from code listing 4.1 of the Gentoo Security Handbook, but that file no longer works since upgrading to syslog-ng v3.0.4. There are apparently several significant syntax changes to the conf file format. I know I could RTFM, but would somebody please throw me a bone on this one? 
Thanks in advance! -Ross |
|
| Back to top |
|
 |
cookiecrusher
n00b
Joined: 10 Jun 2008
Posts: 23
|
| Posted: Fri Nov 20, 2009 8:54 am Post subject: |
|
|
Posting some extracts of mine, maybe you're recognizing, what you need to change :>
(Hint: first line, destinations and statements)
| Code: | [~]% cat /etc/syslog-ng/syslog-ng.conf
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
#################################################
#
## Some global options
#
options {
chain_hostnames(no);
flush_lines(0);
stats_freq(43200);
mark_freq(43200);
time_reopen (10);
log_fifo_size (1000);
long_hostnames(off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
perm(0640);
};
#################################################
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
#################################################
#
## Some destinations
#
destination d_authlog { file("/var/log/sys/auth.log"); };
destination d_syslog { file("/var/log/sys/syslog"); };
#
## This files are the log come from the mail subsystem.
#
destination d_mail { file("/var/log/mail/mail.log"); };
#
## Logging to tty12.
#
destination console_all { file("/dev/tty12"); };
#
## Some filter
#
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv) and not facility(mail); };
filter f_mail { facility(mail); };
#################################################
#
## Log statements send logs somewhere, files, across the network, etc.
#
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); destination(console_all); }; |
_________________
~ If love can kill people, surely hatred can save them ~
Noir - Altena, Ep 26 |
|
| Back to top |
|
|
xtz
Apprentice
Joined: 29 Oct 2007
Posts: 181
Location: Singapore
|
| Posted: Fri Nov 20, 2009 10:18 am Post subject: |
|
|
It is the config from the Gentoo Security Handbook, modified for syslog-ng 3.x. I have changed a few things, mainly about the e-mail logging, the rest is unchanged.
| Code: | xtz@DeathStar ~ $ cat /etc/syslog-ng/syslog-ng.conf
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.1 2009/05/25 20:07:21 mr_bones_ Exp $
#
# Syslog-ng customized configuration file for Gentoo Linux
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
#define destinations
destination authlog { file("/var/log/auth.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, cron, mail, news); };
filter f_emergency { level(emerg); };
filter f_notice { level(notice); };
filter f_crit { level(crit); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#default log
log { source(src); destination(console_all); }; |
|
|
| Back to top |
|
|
rpmohn
Tux's lil' helper
Joined: 26 Aug 2003
Posts: 116
Location: Vermont
|
| Posted: Fri Nov 20, 2009 7:36 pm Post subject: |
|
|
| Thanks much! Cheers -Ross |
|
| Back to top |
|
|
hoyanf
Tux's lil' helper
Joined: 27 Aug 2005
Posts: 80
Location: Malaysia
|
| Posted: Fri Apr 02, 2010 6:33 am Post subject: Revised version |
|
|
I'd think the site admin should update the site for current configs...
Regards,
hoyanf
_________________
WorkPC -> Xeon x3440 | Gigabyte P55-UD6 | 16GB DDR3 | HDD1 - 600GB | HDD2 - 500 GB | HDD3 - 1TB
HomePC -> Xeon x3320 | Gigabyte GA-EP45-UD3P | 8GB DDR2 | HDD1 - 500GB | HDD2 - 1TB |
|
| Back to top |
|
|
mimosinnet
l33t
Joined: 10 Aug 2006
Posts: 717
Location: Barcelona, Spain
|
| Posted: Sat Apr 03, 2010 8:35 pm Post subject: Re: Revised version |
|
|
| hoyanf wrote: | | I'd think the site admin should update the site for current configs... |
I often look at the gentoo wiki after reading the official documentation in case there are any updates.
Cheers! |
|
| Back to top |
|
|
likewhoa
l33t
Joined: 04 Oct 2006
Posts: 778
Location: Brooklyn, New York
|
| Posted: Thu Dec 30, 2010 10:11 pm Post subject: Re: Revised version |
|
|
| mimosinnet wrote: | | hoyanf wrote: | | I'd think the site admin should update the site for current configs... |
I often look at the gentoo wiki after reading the official documentation in case there are any updates.
Cheers! |
the wiki is outdated since v3 |
|
| Back to top |
|
|
|
Networking & Security
