Difference between revisions of "Syslog-ng"
From CBLFS
Jump to navigationJump to search(20 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
|-valign="top" | |-valign="top" | ||
!Download Source: | !Download Source: | ||
− | | http://www.balabit.com/downloads/files/syslog-ng/sources/ | + | | http://www.balabit.com/downloads/files/syslog-ng/sources/{{Syslog-ng-Version2}}/src/syslog-ng-{{Syslog-ng-Version}}.tar.gz |
|} | |} | ||
Line 10: | Line 10: | ||
== Dependencies == | == Dependencies == | ||
+ | |||
+ | === Required === | ||
+ | * [[Eventlog]] | ||
+ | * [[Glib2]] | ||
+ | * [[Pkg-config]] | ||
+ | |||
+ | === Optional === | ||
+ | * [[GnuTLS]] | ||
+ | * [[OpenSSL]] | ||
+ | * [[libdbi]] (Required for SQL Support) | ||
+ | * [[libnet]] (Required for Spoof Source) | ||
+ | * [[TCP Wrappers]] | ||
== Non-Multilib == | == Non-Multilib == | ||
− | |||
Compile the package: | Compile the package: | ||
− | ./configure --prefix=/usr && | + | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ |
+ | --localstatedir=/var/lib/syslog-ng \ | ||
+ | --enable-ipv6 --enable-tcp-wrapper && | ||
make | make | ||
Line 28: | Line 41: | ||
=== 32Bit === | === 32Bit === | ||
+ | Compile the package: | ||
+ | |||
+ | CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \ | ||
+ | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
+ | --localstatedir=/var/lib/syslog-ng \ | ||
+ | --enable-ipv6 --enable-tcp-wrapper && | ||
+ | make | ||
+ | |||
+ | Install the package | ||
+ | |||
+ | make install | ||
=== N32 === | === N32 === | ||
+ | Compile the package: | ||
+ | CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \ | ||
+ | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
+ | --localstatedir=/var/lib/syslog-ng \ | ||
+ | --enable-ipv6 --enable-tcp-wrapper && | ||
+ | make | ||
+ | |||
+ | Install the package | ||
+ | |||
+ | make install | ||
=== 64Bit === | === 64Bit === | ||
+ | |||
+ | Compile the package: | ||
+ | |||
+ | CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \ | ||
+ | ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ | ||
+ | --localstatedir=/var/lib/syslog-ng \ | ||
+ | --enable-ipv6 --enable-tcp-wrapper && | ||
+ | make | ||
+ | |||
+ | Install the package | ||
+ | |||
+ | make install | ||
+ | |||
+ | == Confuration == | ||
+ | |||
+ | === Bootscript === | ||
+ | |||
+ | {{Note|You may need a newer tarball then the one provided with your CLFS system as this boot script is still fairly new}} | ||
+ | |||
+ | Uninstall Sysklogd with the following commands: | ||
+ | |||
+ | rm -v /usr/sbin/{k,sys}logd && | ||
+ | rm -v /usr/share/man/man5/syslog.conf.5 | ||
+ | rm -v /usr/share/man/man8/{sysklogd.8,syslogd.8,klogd.8} && | ||
+ | rm -v /etc/syslog.conf && | ||
+ | rm -v /etc/rc.d/*/*sysklogd | ||
+ | |||
+ | Install the init script included in the [[bootscripts]] package. | ||
+ | |||
+ | make install-syslog-ng | ||
+ | |||
+ | === syslog-ng.conf === | ||
+ | |||
+ | The following is an example configuration that will work in most situations: | ||
+ | |||
+ | mkdir -pv /etc/syslog-ng && | ||
+ | cat > /etc/syslog-ng/syslog-ng.conf << "EOF" | ||
+ | # Begin /etc/syslog-ng/syslog-ng.conf | ||
+ | |||
+ | options { | ||
+ | sync (0); | ||
+ | time_reopen (10); | ||
+ | log_fifo_size (1000); | ||
+ | long_hostnames(off); | ||
+ | use_dns (no); | ||
+ | use_fqdn (no); | ||
+ | create_dirs (no); | ||
+ | keep_hostname (yes); | ||
+ | stats(43200); | ||
+ | }; | ||
+ | |||
+ | source src { | ||
+ | unix-stream("/dev/log"); | ||
+ | internal(); | ||
+ | pipe("/proc/kmsg"); | ||
+ | }; | ||
+ | |||
+ | destination authlog { file("/var/log/auth.log"); }; | ||
+ | destination boot { file("/var/log/boot.log"); }; | ||
+ | destination syslog { file("/var/log/syslog.log"); }; | ||
+ | destination cron { file("/var/log/cron.log"); }; | ||
+ | destination daemon { file("/var/log/daemon.log"); }; | ||
+ | destination kernel { file("/var/log/kernel.log"); }; | ||
+ | destination lpr { file("/var/log/lpr.log"); }; | ||
+ | destination user { file("/var/log/user.log"); }; | ||
+ | destination uucp { file("/var/log/uucp.log"); }; | ||
+ | destination mail { file("/var/log/mail.log"); }; | ||
+ | destination news { file("/var/log/news.log"); }; | ||
+ | destination debug { file("/var/log/debug.log"); }; | ||
+ | destination messages { file("/var/log/messages"); }; | ||
+ | destination console { usertty("root"); }; | ||
+ | destination console_all { file("/dev/tty12"); }; | ||
+ | |||
+ | filter f_auth { facility(auth); }; | ||
+ | filter f_boot { facility(local2); }; | ||
+ | filter f_authpriv { facility(auth, authpriv); }; | ||
+ | filter f_syslog { not facility(authpriv, mail); }; | ||
+ | filter f_cron { facility(cron); }; | ||
+ | filter f_daemon { facility(daemon); }; | ||
+ | filter f_kernel { facility(kern); }; | ||
+ | filter f_lpr { facility(lpr); }; | ||
+ | filter f_mail { facility(mail); }; | ||
+ | filter f_news { facility(news); }; | ||
+ | filter f_user { facility(user); }; | ||
+ | filter f_uucp { facility(cron); }; | ||
+ | filter f_news { facility(news); }; | ||
+ | filter f_debug { not facility(auth, authpriv, news, mail); }; | ||
+ | filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; | ||
+ | |||
+ | filter f_emergency { level(emerg); }; | ||
+ | filter f_info { level(info); }; | ||
+ | filter f_notice { level(notice); }; | ||
+ | filter f_warn { level(warn); }; | ||
+ | filter f_crit { level(crit); }; | ||
+ | filter f_err { level(err); }; | ||
+ | |||
+ | log { source(src); filter(f_authpriv); destination(authlog); }; | ||
+ | log { source(src); filter(f_boot); destination(boot); }; | ||
+ | log { source(src); filter(f_syslog); destination(syslog); }; | ||
+ | log { source(src); filter(f_cron); destination(cron); }; | ||
+ | log { source(src); filter(f_daemon); destination(daemon); }; | ||
+ | log { source(src); filter(f_kernel); destination(kernel); }; | ||
+ | log { source(src); filter(f_lpr); destination(lpr); }; | ||
+ | log { source(src); filter(f_mail); destination(mail); }; | ||
+ | log { source(src); filter(f_news); destination(news); }; | ||
+ | log { source(src); filter(f_user); destination(user); }; | ||
+ | log { source(src); filter(f_uucp); destination(uucp); }; | ||
+ | log { source(src); filter(f_debug); destination(debug); }; | ||
+ | log { source(src); filter(f_messages); destination(messages); }; | ||
+ | log { source(src); filter(f_emergency); destination(console); }; | ||
+ | log { source(src); destination(console_all); }; | ||
+ | |||
+ | # End /etc/syslog-ng/syslog-ng.conf | ||
+ | EOF | ||
+ | |||
+ | [[Category:General Utilities]] |
Latest revision as of 14:03, 19 March 2009
Download Source: | http://www.balabit.com/downloads/files/syslog-ng/sources/2.1/src/syslog-ng-2.1.4.tar.gz |
---|
Contents
Introduction to Syslog-ng
syslog-ng embodies the next generation of logging systems, and is the first truly flexible and scalable system logging application.
Project Homepage: http://www.balabit.com/network-security/syslog-ng/
Dependencies
Required
Optional
- GnuTLS
- OpenSSL
- libdbi (Required for SQL Support)
- libnet (Required for Spoof Source)
- TCP Wrappers
Non-Multilib
Compile the package:
./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ --localstatedir=/var/lib/syslog-ng \ --enable-ipv6 --enable-tcp-wrapper && make
Install the package
make install
Multilib
This package does not provide any libraries so only one installation is needed.
32Bit
Compile the package:
CC="gcc ${BUILD32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH32}" \ ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ --localstatedir=/var/lib/syslog-ng \ --enable-ipv6 --enable-tcp-wrapper && make
Install the package
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" PKG_CONFIG_PATH="${PKG_CONFIG_PATHN32}" \ ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ --localstatedir=/var/lib/syslog-ng \ --enable-ipv6 --enable-tcp-wrapper && make
Install the package
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" PKG_CONFIG_PATH="${PKG_CONFIG_PATH64}" \ ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ --localstatedir=/var/lib/syslog-ng \ --enable-ipv6 --enable-tcp-wrapper && make
Install the package
make install
Confuration
Bootscript
You may need a newer tarball then the one provided with your CLFS system as this boot script is still fairly new
Uninstall Sysklogd with the following commands:
rm -v /usr/sbin/{k,sys}logd && rm -v /usr/share/man/man5/syslog.conf.5 rm -v /usr/share/man/man8/{sysklogd.8,syslogd.8,klogd.8} && rm -v /etc/syslog.conf && rm -v /etc/rc.d/*/*sysklogd
Install the init script included in the bootscripts package.
make install-syslog-ng
syslog-ng.conf
The following is an example configuration that will work in most situations:
mkdir -pv /etc/syslog-ng && cat > /etc/syslog-ng/syslog-ng.conf << "EOF" # Begin /etc/syslog-ng/syslog-ng.conf options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames(off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); stats(43200); }; source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination authlog { file("/var/log/auth.log"); }; destination boot { file("/var/log/boot.log"); }; destination syslog { file("/var/log/syslog.log"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kernel { file("/var/log/kernel.log"); }; destination lpr { file("/var/log/lpr.log"); }; destination user { file("/var/log/user.log"); }; destination uucp { file("/var/log/uucp.log"); }; destination mail { file("/var/log/mail.log"); }; destination news { file("/var/log/news.log"); }; destination debug { file("/var/log/debug.log"); }; destination messages { file("/var/log/messages"); }; destination console { usertty("root"); }; destination console_all { file("/dev/tty12"); }; filter f_auth { facility(auth); }; filter f_boot { facility(local2); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kernel { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; filter f_news { facility(news); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_boot); destination(boot); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(src); filter(f_kernel); destination(kernel); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_news); destination(news); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_uucp); destination(uucp); }; log { source(src); filter(f_debug); destination(debug); }; log { source(src); filter(f_messages); destination(messages); }; log { source(src); filter(f_emergency); destination(console); }; log { source(src); destination(console_all); }; # End /etc/syslog-ng/syslog-ng.conf EOF