diff options
| -rw-r--r-- | tools/conf/etc/syslog-ng.conf | 11 | ||||
| -rw-r--r-- | tools/index.html | 4 | ||||
| -rw-r--r-- | tools/syslog-ng.html | 132 |
3 files changed, 20 insertions, 127 deletions
diff --git a/tools/conf/etc/syslog-ng.conf b/tools/conf/etc/syslog-ng.conf index 5b5fc75..cfb1c08 100644 --- a/tools/conf/etc/syslog-ng.conf +++ b/tools/conf/etc/syslog-ng.conf @@ -64,6 +64,7 @@ destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); }; destination d_shorewall_info { file ("/var/log/shorewall/info.log"); }; destination d_dnsmasq { file("/var/log/dnsmasq"); }; destination d_postgres { file("/var/log/pgsql"); }; +destination d_iptables { file("/var/log/iptables"); }; destination d_sshd { file("/var/log/sshd"); }; destination d_gitolite { file("/var/log/gitolite"); }; destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644)); }; @@ -124,14 +125,19 @@ filter f_dnsmasq { program("dnsmasq"); }; filter f_postgres { facility(local0); }; filter f_sshd { facility(local1); }; +filter f_iptables { + facility(kern) + and match("iptables" value("MESSAGE")) +}; + filter f_shorewall_warn { level (warn) - and match ("iptables" value("MESSAGE")); + and match ("Shorewall" value("MESSAGE")); }; filter f_shorewall_info { level (info) - and match ("iptables" value("MESSAGE")); + and match ("Shorewall" value("MESSAGE")); }; filter f_gitolite { program("gitolite"); }; @@ -145,6 +151,7 @@ filter f_nginx_error { }; +log { source (s_kernel); filter (f_iptables); destination (d_iptables); flags(final);}; log { source (s_kernel); filter (f_shorewall_warn); destination (d_shorewall_warn); flags(final);}; log { source (s_kernel); filter (f_shorewall_info); destination (d_shorewall_info); flags(final);}; log { source(s_log); filter(f_dnsmasq); destination(d_dnsmasq); flags(final); }; diff --git a/tools/index.html b/tools/index.html index 1c4eb00..2b6a4d4 100644 --- a/tools/index.html +++ b/tools/index.html @@ -94,10 +94,8 @@ </li> <li><a href="syslog-ng.html">Syslog-ng</a> <ul> - <li><a href="syslog-ng.html#eventlog">Install event log</a></li> <li><a href="syslog-ng.html#install">Install syslog-ng</a></li> - <li><a href="syslog-ng.html#syslogrc">Syslog-ng RC</a></li> - <li><a href="syslog-ng.html#syslog-conf">Syslog-ng configuration</a></li> + <li><a href="syslog-ng.html#configure">Configure syslog-ng</a></li> <li><a href="logrotate.html">Logrotate</a></li> <li><a href="logwatch.html">Logwatch</a> <ul> diff --git a/tools/syslog-ng.html b/tools/syslog-ng.html index e97b50d..f1ed95b 100644 --- a/tools/syslog-ng.html +++ b/tools/syslog-ng.html @@ -23,92 +23,17 @@ $ sudo tail -f messages kernel cron auth </pre> - <h2 id="eventlog">1.1. Install event log</h2> + <h2 id="install">1.1. Install syslog-ng</h2> <pre> - $ mkdir eventlog - $ vim Pkgfile + $ prt-get depinst syslog-ng </pre> - <pre> - # Description: replacement of the simple syslog() API - # URL: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system - # Maintainer: Thomas Penteker, tek at serverop dot de - # - # Depends on: - - name=eventlog - version=0.2.12 - release=1 - source=(http://ftp.uni-erlangen.de/pub/mirrors/gentoo/distfiles/${name}_${version}.tar.gz) - - build() { - cd $name-$version - - ./configure \ - --prefix=/usr \ - --disable-nls \ - --mandir=/usr/man - - make && make DESTDIR=$PKG install - rm -rf $PKG/usr/doc - } - </pre> - - <pre> - $ fakeroot pkgmk -d - $ sudo pkgadd /usr/ports/packages/eventlog#0.2.12-1.pkg.tar.gz - </pre> - - <h2 id="install">1.2. Install syslog-ng</h2> + <h2 id="configure">1.4. Syslog-ng configuration</h2> - <pre> - $ cd .. - $ mkdir syslog-ng - $ vim Pkgfile - </pre> - - <pre> - # Description: alternate syslogging daemon - # URL: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system - # Packager: c9 team, silvino at bk dot ru - # Depends on: eventlog, glib, libwrap - - name=syslog-ng - version=3.5.6 - release=1 - source=(http://balabit.com/downloads/files/syslog-ng/sources/$version/source/${name}_${version}.tar.gz - syslog-ng.rc syslog-ng.conf) - - build() { - cd $name-$version - - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --libexecdir=/var/libexec \ - --localstatedir=/var \ - --mandir=/usr/man \ - --enable-dynamic-linking \ - --sbindir=/sbin \ - --enable-tcp-wraper - - - make && make DESTDIR=$PKG install - rm -rf $PKG/usr/doc - rm -rf $PKG/usr/share/include/scl/syslogconf/README - install -D -m 644 ../syslog-ng.conf $PKG/etc/syslog-ng.conf - install -D -m 755 ../syslog-ng.rc $PKG/etc/rc.d/syslog-ng - } - </pre> - - <pre> - $ sudo prt-get depinst glib - $ pkgmk -um - $ pkgmk -uf - $ fakeroot pkgmk -d - $ sudo pkgadd /usr/ports/packages/syslog-ng#3.5.6-1.pkg.tar.gz - </pre> + <p>Example of <a href="conf/etc/syslog-ng.conf">/etc/syslog-ng.conf</a> + that configures syslog-ng matching tools already installed in the system + and some that are part of <a href="../tools/index.html">tools</a>.</p> <p>Change /etc/rc.conf, replace sysklog with syslog-ng;</p> @@ -122,48 +47,16 @@ TIMEZONE="Europe/Lisbon" HOSTNAME=box SYSLOG=syslog-ng - SERVICES=(syslog-ng lo net crond) + SERVICES=(lo net crond) # End of file </pre> - <h2 id="syslogrc">1.3. Syslog-ng RC</h2> - - <pre> - $ vim syslog-ng.rc - </pre> - <pre> - #!/bin/sh - # - # /etc/rc.d/syslog-ng: start/stop syslog-ng logging daemon - # - - case $1 in - start) - /sbin/syslog-ng -f /etc/syslog-ng.conf -p /var/run/syslog-ng.pid - ;; - stop) - killall -q /sbin/syslog-ng - rm -f /var/run/syslog-ng.pid - ;; - restart) - $0 stop - sleep 2 - $0 start - ;; - *) - echo "usage: $0 [start|stop|restart]" - ;; - esac + $ sudo sh /etc/rc.d/syslog-ng start + $ sudo sh /etc/rc.d/sysklogd stop </pre> - <h3 id="syslog-conf">1.4. Syslog-ng configuration</h3> - - <p>Example of <a href="conf/etc/syslog-ng.conf">/etc/syslog-ng.conf</a> - that configures syslog-ng matching tools already installed in the system - and some that are part of <a href="../tools/index.html">tools</a>.</p> - <p>Description off global options used;</p> <dl> @@ -249,15 +142,10 @@ latency.</dd> </dl> - <pre> - $ sudo sh /etc/rc.d/syslog-ng start - $ sudo sh /etc/rc.d/sysklogd stop - </pre> - <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. -Copyright (C) 2016 +Copyright (C) 2018 c9 team. See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> |