| View previous topic :: View next topic |
| Author |
Message |
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
 Posted: Mon Feb 14, 2011 9:28 pm Post subject: syntax error in /etc/syslog-ng/syslog-ng.conf at line 40 |
 |
|
Greetings,
There wasn't any issue prior to installing bastille on this gentoo box.
/etc/init.d/syslog-ng start
| Code: | syntax error in /etc/syslog-ng/syslog-ng.conf at line 40.
syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
* Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf) |
cat /etc/syslog-ng/syslog-ng.conf -n
| Code: | 1 @version: 3.0
2 # $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
3 #
4 # Syslog-ng default configuration file for Gentoo Linux
5
6 options {
7 chain_hostnames(no);
8
9 # The default action of syslog-ng is to log a STATS line
10 # to the file every 10 minutes. That's pretty ugly after a while.
11 # Change it to every 12 hours so you get a nice daily update of
12 # how many messages syslog-ng missed (0).
13 stats_freq(43200);
14 };
15
16 source src {
17 unix-stream("/dev/log" max-connections(256));
18 internal();
19 file("/proc/kmsg");
20 };
21
22 destination messages { file("/var/log/messages"); };
23 destination debug { file("/var/log/debug"); };
24
25
26 # By default messages are logged to tty12...
27 destination console_all { file("/dev/tty12"); };
28 # ...if you intend to use /dev/console for programs like xconsole
29 # you can comment out the destination line above that references /dev/tty12
30 # and uncomment the line below.
31 #destination console_all { file("/dev/console"); };
32
33 log { source(src); destination(messages); };
34 log { source(src); destination(console_all); };
35 filter f_debug { not facility(auth, authpriv, news, mail); };
36 log { source(src); filter(f_debug); destination(debug); };
37
38 ############ BASTILLE ADDITIONS BELOW : #################
39 # Log warning and errors to the new file /var/log/syslog
40 destination syslog { file("/var/log/syslog"); };
41 filter f_syslog { facility(warn, err); };
42 log { source(src); filter(f_syslog); destination(syslog); };
43
44 # Log all kernel messages to the new file /var/log/kernel
45 source kernsrc { file("/proc/kmsg"); };
46 destination kern { file("/var/log/kernel"); };
47 filter f_kern { facility(kern); };
48 log { source(kernsrc); filter(f_kern); destination(kern); };
49
50 # Log all logins to /var/log/loginlog
51 destination loginlog { file("/var/log/loginlog"); };
52 filter f_loginlog { facility(auth, user) and not facility(daemon); };
53 log { source(src); filter(f_loginlog); destination(loginlog); };
54
55 # Log additional data to the Alt-F7 and Alt-F8 screens (Pseudo TTY 7 and 8)
56
57 destination tty7 { file("/dev/tty7"); };
58 destination tty8 { file("/dev/tty8"); };
59 filter f_info { level(info) and not facility(mail, authpriv); };
60 filter f_authpriv { facility(authpriv); };
61 filter f_warnerr { level(warn, err); };
62 filter f_mail { facility(mail); };
63 log { source(src); filter(f_info); destination(tty7); };
64 log { source(src); filter(f_authpriv); destination(tty7); };
65 log { source(src); filter(f_warnerr); destination(tty7); };
66 log { source(kernsrc); filter(f_kern); destination(tty7); };
67 log { source(src); filter(f_mail); destination(tty8); };
68
69 ########## BASTILLE ADDITIONS CONCLUDED : ############### |
Can someone please help?
Thanks in advance. |
|
| Back to top |
|
 |
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 431
Location: Leeds
|
| Posted: Mon Feb 14, 2011 10:25 pm Post subject: |
|
|
Hi, I don't know if this will make any difference, but at the end of my syslog-ng.conf I have | Code: | # ALWAYS AT THE END
log { source(src); destination(messages); };
log { source(src); destination(console_all); }; |
where these 2 lines are at 33 in yours.. is it worth a shot moving them to the end?
_________________
# touch it
touch: cannot touch `it': Permission denied |
|
| Back to top |
|
|
lxg
Veteran
Joined: 12 Nov 2005
Posts: 1019
Location: Aachen, Germany
|
| Posted: Mon Feb 14, 2011 10:30 pm Post subject: |
|
|
upengan78: What happens if you temporarily comment out this line and restart syslog-ng? (Sometimes, if a parser woes about a certain line, the actual error may already have been before.)
_________________
lxg.de – codebits and tech talk |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Mon Feb 14, 2011 10:35 pm Post subject: |
|
|
| lxg wrote: | | upengan78: What happens if you temporarily comment out this line and restart syslog-ng? (Sometimes, if a parser woes about a certain line, the actual error may already have been before.) |
Line 40 commented
/etc/init.d/syslog-ng start
Unknown facility; facility='warn'
* Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)
hank you for helping me out. |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Mon Feb 14, 2011 10:38 pm Post subject: |
|
|
| cdstealer wrote: | Hi, I don't know if this will make any difference, but at the end of my syslog-ng.conf I have | Code: | # ALWAYS AT THE END
log { source(src); destination(messages); };
log { source(src); destination(console_all); }; |
where these 2 lines are at 33 in yours.. is it worth a shot moving them to the end? |
Moving lines 33,34 to the end also failed with same messages. Thanks for help! |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Mon Feb 14, 2011 10:42 pm Post subject: |
|
|
| upengan78 wrote: | | lxg wrote: | | upengan78: What happens if you temporarily comment out this line and restart syslog-ng? (Sometimes, if a parser woes about a certain line, the actual error may already have been before.) |
Line 40 commented
/etc/init.d/syslog-ng start
Unknown facility; facility='warn'
* Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)
hank you for helping me out. |
Commented below lines
| Code: | 40 destination syslog { file("/var/log/syslog"); };
41 filter f_syslog { facility(warn, err); };
42 log { source(src); filter(f_syslog); destination(syslog); };
|
Then syslog-ng started with OK status
/etc/init.d/syslog-ng restart
| Code: | * Stopping bastille-firewall ...
WARNING: reverting to default settings (dropping firewall)
disabling IP forwarding... done.
unloading masquerading modules... done.
resetting default input rules to accept... done.
resetting default output rule to accept... done.
resetting default forward rule to accept... done.
flushing INPUT rules... done.
flushing OUTPUT rules... done.
flushing FORWARD rules... done.
removing user-defined chains... done. [ ok ]
* Stopping psadwatchd ... [ ok ]
* Stopping psad ... [ ok ]
* Stopping syslog-ng ... [ ok ]
* Starting syslog-ng ... [ ok ]
* Starting bastille-firewall ...
FATAL: Module ip_tables not found.
FATAL: Module ip_conntrack not found.
FATAL: Module ip_conntrack_ftp not found.
FATAL: Module ipt_LOG not found.
Setting up IP spoofing protection... done.
Allowing traffic from trusted interfaces... done.
Setting up chains for public/internal interface traffic... done.
Setting up general rules... done.
Setting up outbound rules... done. [ ok ]
* Starting psad ... [ ok ] |
|
|
| Back to top |
|
|
lxg
Veteran
Joined: 12 Nov 2005
Posts: 1019
Location: Aachen, Germany
|
| Posted: Mon Feb 14, 2011 10:45 pm Post subject: |
|
|
Uhm, if I were you, I'd comment the entire Bastille section and post a bug report. I don't know much about the config of Syslog-NG, but something seems to be quite wrong.
By the way, this “Bastille Linux” looks pretty unmaintained to me, the latest release is more than two years old. It is well possible that some internals of Syslog-NG changed, which Bastille relies on. And I wouldn't be astonished if the Gentoo devs kicked it out of Portage as “unmaintained”.
edit: Ok you got it running, never mind. 
_________________
lxg.de – codebits and tech talk |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Tue Feb 15, 2011 5:51 pm Post subject: |
|
|
Hi LXG,
I think you are right, Bastille is something I had heard long time back. However, recently I saw on some mailing list that people still recommend this software for server hardening. I got curious and tried eix bastille and was excited to find it in portage. I thought if this is in portage, it is okay to install this and being maintained or at-least someone is watching over it. But the developers website tells the truth - 2008...
Anyone knows if there are similar packages like bastille ? I do use ossec, fail2ban but bastille also got me iptables firewall configured and psad as well. |
|
| Back to top |
|
|
|
Networking & Security
