Difference between revisions of "Syslog-ng"
From CBLFS
Jump to navigationJump to search (→Required) |
|||
| (17 intermediate revisions by 3 users not shown) | |||
| Line 2: | Line 2: | ||
|-valign="top" | |-valign="top" | ||
!Download Source: | !Download Source: | ||
| − | | http://www.balabit.com/downloads/files/syslog-ng/sources/ | + | | http://www.balabit.com/downloads/files/syslog-ng/sources/{{Syslog-ng-Version2}}/src/syslog-ng-{{Syslog-ng-Version}}.tar.gz |
|} | |} | ||
| Line 12: | Line 12: | ||
=== Required === | === Required === | ||
| + | * [[Eventlog]] | ||
* [[Glib2]] | * [[Glib2]] | ||
| − | * [[ | + | * [[Pkg-config]] |
| − | * [[libdbi]] | + | |
| + | === Optional === | ||
| + | * [[GnuTLS]] | ||
| + | * [[OpenSSL]] | ||
| + | * [[libdbi]] (Required for SQL Support) | ||
| + | * [[libnet]] (Required for Spoof Source) | ||
| + | * [[TCP Wrappers]] | ||
== Non-Multilib == | == Non-Multilib == | ||
| − | |||
Compile the package: | Compile the package: | ||
| − | ./configure --prefix=/usr && | + | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ |
| + | --localstatedir=/var/lib/syslog-ng \ | ||
| + | --enable-ipv6 --enable-tcp-wrapper && | ||
make | make | ||
| Line 33: | Line 41: | ||
=== 32Bit === | === 32Bit === | ||
| + | Compile the package: | ||
| + | |||
| + | CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \ | ||
| + | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
| + | --localstatedir=/var/lib/syslog-ng \ | ||
| + | --enable-ipv6 --enable-tcp-wrapper && | ||
| + | make | ||
| + | |||
| + | Install the package | ||
| + | |||
| + | make install | ||
=== N32 === | === N32 === | ||
| + | Compile the package: | ||
| + | CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \ | ||
| + | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
| + | --localstatedir=/var/lib/syslog-ng \ | ||
| + | --enable-ipv6 --enable-tcp-wrapper && | ||
| + | make | ||
| + | |||
| + | Install the package | ||
| + | |||
| + | make install | ||
=== 64Bit === | === 64Bit === | ||
| + | |||
| + | Compile the package: | ||
| + | |||
| + | CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \ | ||
| + | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
| + | --localstatedir=/var/lib/syslog-ng \ | ||
| + | --enable-ipv6 --enable-tcp-wrapper && | ||
| + | make | ||
| + | |||
| + | Install the package | ||
| + | |||
| + | make install | ||
| + | |||
| + | == Confuration == | ||
| + | |||
| + | === Bootscript === | ||
| + | |||
| + | {{Note|You may need a newer tarball then the one provided with your CLFS system as this boot script is still fairly new}} | ||
| + | |||
| + | Uninstall Sysklogd with the following commands: | ||
| + | |||
| + | rm -v /usr/sbin/{k,sys}logd && | ||
| + | rm -v /usr/share/man/man5/syslog.conf.5 | ||
| + | rm -v /usr/share/man/man8/{sysklogd.8,syslogd.8,klogd.8} && | ||
| + | rm -v /etc/syslog.conf && | ||
| + | rm -v /etc/rc.d/*/*sysklogd | ||
| + | |||
| + | Install the init script included in the [[bootscripts]] package. | ||
| + | |||
| + | make install-syslog-ng | ||
| + | |||
| + | === syslog-ng.conf === | ||
| + | |||
| + | The following is an example configuration that will work in most situations: | ||
| + | |||
| + | mkdir -pv /etc/syslog-ng && | ||
| + | cat > /etc/syslog-ng/syslog-ng.conf << "EOF" | ||
| + | # Begin /etc/syslog-ng/syslog-ng.conf | ||
| + | |||
| + | options { | ||
| + | sync (0); | ||
| + | time_reopen (10); | ||
| + | log_fifo_size (1000); | ||
| + | long_hostnames(off); | ||
| + | use_dns (no); | ||
| + | use_fqdn (no); | ||
| + | create_dirs (no); | ||
| + | keep_hostname (yes); | ||
| + | stats(43200); | ||
| + | }; | ||
| + | |||
| + | source src { | ||
| + | unix-stream("/dev/log"); | ||
| + | internal(); | ||
| + | pipe("/proc/kmsg"); | ||
| + | }; | ||
| + | |||
| + | destination authlog { file("/var/log/auth.log"); }; | ||
| + | destination boot { file("/var/log/boot.log"); }; | ||
| + | destination syslog { file("/var/log/syslog.log"); }; | ||
| + | destination cron { file("/var/log/cron.log"); }; | ||
| + | destination daemon { file("/var/log/daemon.log"); }; | ||
| + | destination kernel { file("/var/log/kernel.log"); }; | ||
| + | destination lpr { file("/var/log/lpr.log"); }; | ||
| + | destination user { file("/var/log/user.log"); }; | ||
| + | destination uucp { file("/var/log/uucp.log"); }; | ||
| + | destination mail { file("/var/log/mail.log"); }; | ||
| + | destination news { file("/var/log/news.log"); }; | ||
| + | destination debug { file("/var/log/debug.log"); }; | ||
| + | destination messages { file("/var/log/messages"); }; | ||
| + | destination console { usertty("root"); }; | ||
| + | destination console_all { file("/dev/tty12"); }; | ||
| + | |||
| + | filter f_auth { facility(auth); }; | ||
| + | filter f_boot { facility(local2); }; | ||
| + | filter f_authpriv { facility(auth, authpriv); }; | ||
| + | filter f_syslog { not facility(authpriv, mail); }; | ||
| + | filter f_cron { facility(cron); }; | ||
| + | filter f_daemon { facility(daemon); }; | ||
| + | filter f_kernel { facility(kern); }; | ||
| + | filter f_lpr { facility(lpr); }; | ||
| + | filter f_mail { facility(mail); }; | ||
| + | filter f_news { facility(news); }; | ||
| + | filter f_user { facility(user); }; | ||
| + | filter f_uucp { facility(cron); }; | ||
| + | filter f_news { facility(news); }; | ||
| + | filter f_debug { not facility(auth, authpriv, news, mail); }; | ||
| + | filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; | ||
| + | |||
| + | filter f_emergency { level(emerg); }; | ||
| + | filter f_info { level(info); }; | ||
| + | filter f_notice { level(notice); }; | ||
| + | filter f_warn { level(warn); }; | ||
| + | filter f_crit { level(crit); }; | ||
| + | filter f_err { level(err); }; | ||
| + | |||
| + | log { source(src); filter(f_authpriv); destination(authlog); }; | ||
| + | log { source(src); filter(f_boot); destination(boot); }; | ||
| + | log { source(src); filter(f_syslog); destination(syslog); }; | ||
| + | log { source(src); filter(f_cron); destination(cron); }; | ||
| + | log { source(src); filter(f_daemon); destination(daemon); }; | ||
| + | log { source(src); filter(f_kernel); destination(kernel); }; | ||
| + | log { source(src); filter(f_lpr); destination(lpr); }; | ||
| + | log { source(src); filter(f_mail); destination(mail); }; | ||
| + | log { source(src); filter(f_news); destination(news); }; | ||
| + | log { source(src); filter(f_user); destination(user); }; | ||
| + | log { source(src); filter(f_uucp); destination(uucp); }; | ||
| + | log { source(src); filter(f_debug); destination(debug); }; | ||
| + | log { source(src); filter(f_messages); destination(messages); }; | ||
| + | log { source(src); filter(f_emergency); destination(console); }; | ||
| + | log { source(src); destination(console_all); }; | ||
| + | |||
| + | # End /etc/syslog-ng/syslog-ng.conf | ||
| + | EOF | ||
| + | |||
| + | [[Category:General Utilities]] | ||
Latest revision as of 15:03, 19 March 2009
| Download Source: | http://www.balabit.com/downloads/files/syslog-ng/sources/2.1/src/syslog-ng-2.1.4.tar.gz |
|---|
Contents
Introduction to Syslog-ng
syslog-ng embodies the next generation of logging systems, and is the first truly flexible and scalable system logging application.
Project Homepage: http://www.balabit.com/network-security/syslog-ng/
Dependencies
Required
Optional
- GnuTLS
- OpenSSL
- libdbi (Required for SQL Support)
- libnet (Required for Spoof Source)
- TCP Wrappers
Non-Multilib
Compile the package:
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
--localstatedir=/var/lib/syslog-ng \
--enable-ipv6 --enable-tcp-wrapper &&
make
Install the package
make install
Multilib
This package does not provide any libraries so only one installation is needed.
32Bit
Compile the package:
CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
--localstatedir=/var/lib/syslog-ng \
--enable-ipv6 --enable-tcp-wrapper &&
make
Install the package
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
--localstatedir=/var/lib/syslog-ng \
--enable-ipv6 --enable-tcp-wrapper &&
make
Install the package
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
--localstatedir=/var/lib/syslog-ng \
--enable-ipv6 --enable-tcp-wrapper &&
make
Install the package
make install
Confuration
Bootscript
Note
You may need a newer tarball then the one provided with your CLFS system as this boot script is still fairly new
Uninstall Sysklogd with the following commands:
rm -v /usr/sbin/{k,sys}logd &&
rm -v /usr/share/man/man5/syslog.conf.5
rm -v /usr/share/man/man8/{sysklogd.8,syslogd.8,klogd.8} &&
rm -v /etc/syslog.conf &&
rm -v /etc/rc.d/*/*sysklogd
Install the init script included in the bootscripts package.
make install-syslog-ng
syslog-ng.conf
The following is an example configuration that will work in most situations:
mkdir -pv /etc/syslog-ng &&
cat > /etc/syslog-ng/syslog-ng.conf << "EOF"
# Begin /etc/syslog-ng/syslog-ng.conf
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames(off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
stats(43200);
};
source src {
unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
};
destination authlog { file("/var/log/auth.log"); };
destination boot { file("/var/log/boot.log"); };
destination syslog { file("/var/log/syslog.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail.log"); };
destination news { file("/var/log/news.log"); };
destination debug { file("/var/log/debug.log"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
filter f_auth { facility(auth); };
filter f_boot { facility(local2); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_boot); destination(boot); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kernel); destination(kernel); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_news); destination(news); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); destination(console_all); };
# End /etc/syslog-ng/syslog-ng.conf
EOF
