syslog-ng.conf v3 and the Gentoo Security Handbook

[rpmohn]

I've been using the recommended /etc/syslog-ng/syslog-ng.conf file from code listing 4.1 of the Gentoo Security Handbook, but that file no longer works since upgrading to syslog-ng v3.0.4. There are apparently several significant syntax changes to the conf file format. I know I could RTFM, but would somebody please throw me a bone on this one?

Thanks in advance! -Ross

[cookiecrusher]

Posting some extracts of mine, maybe you're recognizing, what you need to change :>
(Hint: first line, destinations and statements)

Code: Select all

[~]% cat /etc/syslog-ng/syslog-ng.conf
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux
# contributed by Michael Sterrett
#################################################
#
## Some global options
#
options { 
	chain_hostnames(no); 
	flush_lines(0);
	stats_freq(43200); 
	mark_freq(43200);
  time_reopen (10);
  log_fifo_size (1000);
  long_hostnames(off);
  use_dns (no);
  use_fqdn (no);
  create_dirs (no);
  keep_hostname (yes);
  perm(0640);
};

#################################################

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

#################################################

#
## Some destinations
#

destination d_authlog { file("/var/log/sys/auth.log"); };
destination d_syslog { file("/var/log/sys/syslog"); };
#
## This files are the log come from the mail subsystem.
#
destination d_mail { file("/var/log/mail/mail.log"); };

#
## Logging to tty12.
#
destination console_all { file("/dev/tty12"); };

#
## Some filter
#
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv) and not facility(mail); };
filter f_mail { facility(mail); };

#################################################

#
## Log statements send logs somewhere, files, across the network, etc.
#

log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); destination(console_all); };

[xtz]

It is the config from the Gentoo Security Handbook, modified for syslog-ng 3.x. I have changed a few things, mainly about the e-mail logging, the rest is unchanged.

Code: Select all

xtz@DeathStar ~ $ cat /etc/syslog-ng/syslog-ng.conf
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.1 2009/05/25 20:07:21 mr_bones_ Exp $
#
# Syslog-ng customized configuration file for Gentoo Linux

options {
        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats_freq(43200);
};

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
};

source kernsrc { file("/proc/kmsg"); };

#define destinations
destination authlog { file("/var/log/auth.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
        and not facility(auth, authpriv, cron, mail, news); };
filter f_emergency { level(emerg); };

filter f_notice { level(notice); };
filter f_crit { level(crit); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };


#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };

#default log
log { source(src); destination(console_all); };

[rpmohn]

Thanks much! Cheers -Ross

[hoyanf]

I'd think the site admin should update the site for current configs...

Regards,
hoyanf

[mimosinnet]

I'd think the site admin should update the site for current configs...

I often look at the gentoo wiki after reading the official documentation in case there are any updates.

Cheers!

[likewhoa]

I'd think the site admin should update the site for current configs...

I often look at the gentoo wiki after reading the official documentation in case there are any updates.

Cheers!

the wiki is outdated since v3