From 50f9d4a5d286fff80b4df38136c45bde5abcd4c4 Mon Sep 17 00:00:00 2001
From: Silvino Silva <silvino@bk.ru>
Date: Tue, 10 Apr 2018 14:46:34 +0100
Subject: tools syslogng revision

---
 tools/conf/etc/syslog-ng.conf |  11 +++-
 tools/index.html              |   4 +-
 tools/syslog-ng.html          | 132 ++++--------------------------------------
 3 files changed, 20 insertions(+), 127 deletions(-)

diff --git a/tools/conf/etc/syslog-ng.conf b/tools/conf/etc/syslog-ng.conf
index 5b5fc75..cfb1c08 100644
--- a/tools/conf/etc/syslog-ng.conf
+++ b/tools/conf/etc/syslog-ng.conf
@@ -64,6 +64,7 @@ destination d_shorewall_warn { file ("/var/log/shorewall/warn.log"); };
 destination d_shorewall_info { file ("/var/log/shorewall/info.log"); };
 destination d_dnsmasq	{ file("/var/log/dnsmasq"); };
 destination d_postgres  { file("/var/log/pgsql"); };
+destination d_iptables  { file("/var/log/iptables"); };
 destination d_sshd      { file("/var/log/sshd"); };
 destination d_gitolite  { file("/var/log/gitolite"); };
 destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644));  };
@@ -124,14 +125,19 @@ filter f_dnsmasq { program("dnsmasq"); };
 filter f_postgres { facility(local0); };
 filter f_sshd { facility(local1); };
 
+filter f_iptables {
+    facility(kern)
+    and match("iptables" value("MESSAGE"))
+};
+
 filter f_shorewall_warn {
         level (warn)
-        and match ("iptables" value("MESSAGE"));
+        and match ("Shorewall" value("MESSAGE"));
 };
 
 filter f_shorewall_info {
         level (info)
-        and match ("iptables" value("MESSAGE"));
+        and match ("Shorewall" value("MESSAGE"));
 };
 
 filter f_gitolite { program("gitolite"); };
@@ -145,6 +151,7 @@ filter f_nginx_error {
 };
 
 
+log { source (s_kernel); filter (f_iptables); destination (d_iptables); flags(final);};
 log { source (s_kernel); filter (f_shorewall_warn); destination (d_shorewall_warn); flags(final);};
 log { source (s_kernel); filter (f_shorewall_info); destination (d_shorewall_info); flags(final);};
 log { source(s_log); filter(f_dnsmasq); destination(d_dnsmasq); flags(final); };
diff --git a/tools/index.html b/tools/index.html
index 1c4eb00..2b6a4d4 100644
--- a/tools/index.html
+++ b/tools/index.html
@@ -94,10 +94,8 @@
             </li>
             <li><a href="syslog-ng.html">Syslog-ng</a>
                 <ul>
-                    <li><a href="syslog-ng.html#eventlog">Install event log</a></li>
                     <li><a href="syslog-ng.html#install">Install syslog-ng</a></li>
-                    <li><a href="syslog-ng.html#syslogrc">Syslog-ng RC</a></li>
-                    <li><a href="syslog-ng.html#syslog-conf">Syslog-ng configuration</a></li>
+                    <li><a href="syslog-ng.html#configure">Configure syslog-ng</a></li>
                     <li><a href="logrotate.html">Logrotate</a></li>
                     <li><a href="logwatch.html">Logwatch</a>
                         <ul>
diff --git a/tools/syslog-ng.html b/tools/syslog-ng.html
index e97b50d..f1ed95b 100644
--- a/tools/syslog-ng.html
+++ b/tools/syslog-ng.html
@@ -23,92 +23,17 @@
         $ sudo tail -f messages kernel cron auth
         </pre>
 
-        <h2 id="eventlog">1.1. Install event log</h2>
+        <h2 id="install">1.1. Install  syslog-ng</h2>
 
         <pre>
-        $ mkdir eventlog
-        $ vim Pkgfile
+        $ prt-get depinst syslog-ng
         </pre>
 
-        <pre>
-        # Description: replacement of the simple syslog() API
-        # URL:         http://www.balabit.com/network-security/syslog-ng/opensource-logging-system
-        # Maintainer:  Thomas Penteker, tek at serverop dot de
-        #
-        # Depends on:
-
-        name=eventlog
-        version=0.2.12
-        release=1
-        source=(http://ftp.uni-erlangen.de/pub/mirrors/gentoo/distfiles/${name}_${version}.tar.gz)
-
-        build() {
-        cd $name-$version
-
-        ./configure \
-        --prefix=/usr \
-        --disable-nls \
-        --mandir=/usr/man
-
-        make && make DESTDIR=$PKG install
-        rm -rf $PKG/usr/doc
-        }
-        </pre>
-
-        <pre>
-        $ fakeroot pkgmk -d
-        $ sudo pkgadd /usr/ports/packages/eventlog#0.2.12-1.pkg.tar.gz
-        </pre>
-
-        <h2 id="install">1.2. Install  syslog-ng</h2>
+        <h2 id="configure">1.4. Syslog-ng configuration</h2>
 
-        <pre>
-        $ cd ..
-        $ mkdir syslog-ng
-        $ vim Pkgfile
-        </pre>
-
-        <pre>
-        # Description: alternate syslogging daemon
-        # URL:         http://www.balabit.com/network-security/syslog-ng/opensource-logging-system
-        # Packager:    c9 team, silvino at bk dot ru
-        # Depends on:  eventlog, glib, libwrap
-
-        name=syslog-ng
-        version=3.5.6
-        release=1
-        source=(http://balabit.com/downloads/files/syslog-ng/sources/$version/source/${name}_${version}.tar.gz
-        syslog-ng.rc syslog-ng.conf)
-
-        build() {
-           cd $name-$version
-
-           ./configure \
-              --prefix=/usr \
-              --sysconfdir=/etc \
-              --libexecdir=/var/libexec \
-              --localstatedir=/var \
-              --mandir=/usr/man \
-              --enable-dynamic-linking \
-              --sbindir=/sbin \
-              --enable-tcp-wraper
-
-
-           make && make DESTDIR=$PKG install
-           rm -rf $PKG/usr/doc
-           rm -rf $PKG/usr/share/include/scl/syslogconf/README
-           install -D -m 644 ../syslog-ng.conf $PKG/etc/syslog-ng.conf
-           install -D -m 755 ../syslog-ng.rc $PKG/etc/rc.d/syslog-ng
-        }
-        </pre>
-
-        <pre>
-        $ sudo prt-get depinst glib
-        $ pkgmk -um
-        $ pkgmk -uf
-        $ fakeroot pkgmk -d
-        $ sudo pkgadd /usr/ports/packages/syslog-ng#3.5.6-1.pkg.tar.gz
-        </pre>
+        <p>Example of <a href="conf/etc/syslog-ng.conf">/etc/syslog-ng.conf</a>
+        that configures syslog-ng matching tools already installed in the system
+        and some that are part of <a href="../tools/index.html">tools</a>.</p>
 
         <p>Change /etc/rc.conf, replace sysklog with syslog-ng;</p>
 
@@ -122,48 +47,16 @@
         TIMEZONE="Europe/Lisbon"
         HOSTNAME=box
         SYSLOG=syslog-ng
-        SERVICES=(syslog-ng lo net crond)
+        SERVICES=(lo net crond)
 
         # End of file
         </pre>
 
-        <h2 id="syslogrc">1.3. Syslog-ng RC</h2>
-
-        <pre>
-        $ vim syslog-ng.rc
-        </pre>
-
         <pre>
-        #!/bin/sh
-        #
-        # /etc/rc.d/syslog-ng: start/stop syslog-ng logging daemon
-        #
-
-        case $1 in
-        start)
-          /sbin/syslog-ng -f /etc/syslog-ng.conf -p /var/run/syslog-ng.pid
-          ;;
-        stop)
-          killall -q /sbin/syslog-ng
-          rm -f /var/run/syslog-ng.pid
-          ;;
-        restart)
-          $0 stop
-          sleep 2
-          $0 start
-          ;;
-        *)
-          echo "usage: $0 [start|stop|restart]"
-          ;;
-        esac
+        $ sudo sh /etc/rc.d/syslog-ng start
+        $ sudo sh /etc/rc.d/sysklogd stop
         </pre>
 
-        <h3 id="syslog-conf">1.4. Syslog-ng configuration</h3>
-
-        <p>Example of <a href="conf/etc/syslog-ng.conf">/etc/syslog-ng.conf</a>
-        that configures syslog-ng matching tools already installed in the system
-        and some that are part of <a href="../tools/index.html">tools</a>.</p>
-
         <p>Description off global options used;</p>
 
         <dl>
@@ -249,15 +142,10 @@
             latency.</dd>
         </dl>
 
-        <pre>
-        $ sudo sh /etc/rc.d/syslog-ng start
-        $ sudo sh /etc/rc.d/sysklogd stop
-        </pre>
-
         <a href="index.html">Tools Index</a>
 
         <p>This is part of the c9-doc Manual.
-Copyright (C) 2016
+Copyright (C) 2018
 c9 team.
 See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
 for copying conditions.</p>
-- 
cgit 1.4.1-2-gfad0