msst
Apprentice
Joined: 07 Jun 2011
Posts: 259
|
 Posted: Sat Jul 27, 2013 6:48 pm Post subject: syslog-ng nowadays has a crippled default config? |
 |
|
I am not sure since when that is and whether to consider it an annoyance or a feature, but I just noticed that since beginning of July the logging facility of syslog-ng seemed to just not log certain events any more and basically all log files that were still used was log/messages.
Specifically I noticed that my log/mail.log and log/demon.log files did not get any more entries despite exim and other daemons running and working well - just without producing any logs.
As this happened on two gentoo machines, one run as a mini-server, it is probably linked to some syslog-ng update. I saw that the update had apparently installed a very minimalistic syslog-ng.conf, which basically only logs to messages file and just disregards all else.
I fixed this issue by copying the sample config from
http://www.gentoo.org/doc/de/security/security-handbook.xml?part=1&chap=3
over it, which is much more reasonable and seems to do what I expected.
As said, I am not sure if that is supposed to be so, but the currently shipping sample config in the syslog-ng package is close to useless for servers so people running a server should probably also look into replacing it as described and/or be careful not to allow any syslog-ng update to "update" the config file. |
|
Networking & Security
