DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default OpenBSD 5.2 & Syslog-ng

Greetings to all!

I hope you are in great health and in the money. I need your help configuring my OBSD 5.2 with syslog-ng. I have been searching for a how-to for version 5.2 instead I found (OpenBSD and syslog-ng, published 09/09/2009) one for syslog-ng on OBSD 4.5.

I need to edit the /etc/rc: The author list the following:
Code:
sudo vi /etc/rc

    # syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
    # syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
    # syslogd ${syslogd_flags}

    syslog_ng_flags="-p /var/run/syslog-ng.pid"
    /usr/local/sbin/syslog-ng ${syslog_ng_flags}
I have searched /etc/rc but I find no reference to those lines, I just see:

start_daemon syslogd ldattach pflog named...

Questions, are the syslogd_flags configured else where? Does anyone have the correct configuration for running syslog-ng on OBSD 5.2?

Thanks in advance and regards to all.

Last edited by ocicat; 5th April 2013 at 06:22 PM. Reason: Please use [code] & [/code] tags when posting screen output.
Reply With Quote
  #2   (View Single Post)  
Old 5th April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,675
Thanked 214 Times in 189 Posts
Default

Some of the common problems often seen with OpenBSD "how-to" instructions found on the Internet from unofficial sources
  1. They are out-of-date
  2. They contain misleading or incomplete information
  3. They are written for a specific implementation rather than general use
  4. They are written by proud newbies who may not understand best practices.
You didn't provide a link, and I'm not going to go hunting for the how-to, but as your author has you modifying /etc/rc, I'm betting #3 and #4 apply.

/etc/rc should, under normal circumstances, never be modified by the OpenBSD administrator. We have /etc/rc.local for manual scripts, if needed.

However, the syslog-ng package includes an /etc/rc.d script to start and stop the daemon. If you installed the OpenBSD package for syslog-ng, you will find this script automatically installed in the /etc/rc.d directory.

Please see the rc.d(8) man page for instructions on how the scripts get run if you ever wish to start/stop manually, or if you find you need to set a variable when you execute the script.

Please see the rc.conf(8) manual for setting the
pkg_scripts variable in your /etc/rc.conf.local file to automatically start and stop local daemons at startup and shutdown.

Last edited by jggimi; 5th April 2013 at 05:10 PM. Reason: clarity, typo
Reply With Quote
  #3   (View Single Post)  
Old 5th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Thumbs up

Here is the link:

http://kimiushida.com/bitsandpieces/...-ng/index.html

Thanks for the information.
Reply With Quote
  #4   (View Single Post)  
Old 5th April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,675
Thanked 214 Times in 189 Posts
Default

Yes, your author has you editing /etc/rc in order to manage startup via newly defined rc.conf(8) variables. Manually editing /etc/rc is to be avoided; it needlessly complicates maintenance and upgrades.

While the "how-to" predates the rc.d(5) infrastructure, introduced with OpenBSD 5.0, editing /etc/rc was never a best practice. Daemon startup scripts were added to /etc/rc.local. And, even with the rc.d infrastructure, /etc/rc.local has been retained for any manual script needed at startup.

Last edited by jggimi; 5th April 2013 at 05:26 PM. Reason: restructuring for clarity
Reply With Quote
  #5   (View Single Post)  
Old 5th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks for the great advise. I will consider them words of wisdom. I did as you suggested and edit the rc.conf.local and added the following:
Code:
syslog_ng_flags=
syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags}
I checked /var/log/messages and I see this:
Code:
Apr  5 13:54:59 Petirre syslog-ng[8784]: syslog-ng starting up; version='3.1.4'
Apr  5 13:54:59 Petirre syslog-ng[8784]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:00 Petirre syslog-ng[16018]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:00 Petirre syslog-ng[16018]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[24885]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[24885]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[24848]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[24848]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[16772]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[16772]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[1063]: syslog-ng starting up; version='3.1.4'
Apr  5 13:55:01 Petirre syslog-ng[1063]: syslog-ng starting up; version='3.1.4'
Here is ps -aux
Code:
root     23822  0.0  0.0   732   992 ??  I      1:54PM    0:00.00 supervising syslog-ng (syslog-ng)
root     23205  0.0  0.1  1004  2320 ??  Is     1:54PM    0:00.04 /usr/local/sbin/syslog-ng
_dhcp     9792  0.0  0.0   716   268 ??  Ss     1:54PM    0:00.00 dhclient: bge0 (dhclient)
root      9067  0.0  0.0   460   792 ??  Is     1:54PM    0:00.00 syslogd: [priv] (syslogd)
_syslogd 23183  0.0  0.0   468   764 ??  I      1:54PM    0:00.02 /usr/sbin/syslogd -a /var/www/dev/log -a /var/empty/dev/lo
root     17007  0.0  0.0   620   464 ??  Is     1:54PM    0:00.00 pflogd: [priv] (pflogd)
_pflogd  29014  0.0  0.0   684   324 ??  S      1:54PM    0:00.01 pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog (pflo
root      8784  0.0  0.1   976  2352 ??  Is     1:54PM    0:00.02 /usr/local/sbin/syslog-ng
root      4461  0.0  0.1   748  1220 ??  I      1:54PM    0:00.01 supervising syslog-ng (syslog-ng)
root      5802  0.0  0.1   616  1224 ??  Is     1:55PM    0:00.01 /usr/sbin/sshd
root     16018  0.0  0.1   864  2452 ??  Is     1:55PM    0:00.02 /usr/local/sbin/syslog-ng
root     21738  0.0  0.1   652  1224 ??  I      1:55PM    0:00.01 supervising syslog-ng (syslog-ng)
root     15999  0.0  0.1  1488  1592 ??  Ss     1:55PM    0:00.03 sendmail: accepting connections (sendmail)
root     24885  0.0  0.1   800  2460 ??  Is     1:55PM    0:00.02 /usr/local/sbin/syslog-ng
root     31643  0.0  0.1   592  1232 ??  I      1:55PM    0:00.01 supervising syslog-ng (syslog-ng)
root      5333  0.0  0.0   408   792 ??  Is     1:55PM    0:00.01 /usr/sbin/inetd
root     24848  0.0  0.1   788  2468 ??  Is     1:55PM    0:00.02 /usr/local/sbin/syslog-ng
root     24131  0.0  0.1   576  1232 ??  I      1:55PM    0:00.01 supervising syslog-ng (syslog-ng)
_sndio    3263  0.0  0.0   396   424 ??  I<s    1:55PM    0:00.00 /usr/bin/sndiod
root     16772  0.0  0.1   952  2464 ??  Is     1:55PM    0:00.02 /usr/local/sbin/syslog-ng
root     10742  0.0  0.1   740  1232 ??  I      1:55PM    0:00.01 supervising syslog-ng (syslog-ng)
root      2422  0.0  0.0   520   920 ??  Is     1:55PM    0:00.01 /usr/sbin/cron
root     17846  0.0  0.1   564  1224 ??  I      1:55PM    0:00.01 supervising syslog-ng (syslog-ng)
root      1063  0.0  0.1   792  2464 ??  Is     1:55PM    0:00.02 /usr/local/sbin/syslog-ng
Can I safely infer that syslog-ng is working properly?

Thanks again!

Last edited by ocicat; 5th April 2013 at 06:23 PM. Reason: Please use [code] & [/code] tags when posting command output.
Reply With Quote
  #6   (View Single Post)  
Old 5th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

I have noticed that -syslogd 23183 is running, I believe this is the original syslog daemon. I did not see an entry in the rc.conf.local so that I can turn it off. I don't think it would be a good idea to run both. Please advise.
Reply With Quote
  #7   (View Single Post)  
Old 5th April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,675
Thanked 214 Times in 189 Posts
Default

It appears syslog-ng is running. I don't know if syslog-ng is working. If your logs are going where they need to go while syslogd(8) is shut down, then it's working.

To keep syslogd(8) daemon from starting at boot time, add this line to /etc/rc.conf.local:
Code:
syslogd_flags=NO
With that variable assignment, the start_daemon() subroutine in /etc/rc will not execute /etc/rc.d/syslogd:
Code:
start_daemon()
{
    local _n
    for _n; do
        eval _do=\${${_n}_flags}
        if [ X"${_do}" != X"NO" ]; then
            /etc/rc.d/${_n} start
        fi
    done
}
Reply With Quote
  #8   (View Single Post)  
Old 5th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks for the update. I'll check this out.

Regards,
Reply With Quote
  #9   (View Single Post)  
Old 10th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Good Afternoon,

I have not given up as of yet. syslog-ng doesn't work the way it should. I have edited the rc.conf.local.

Code:
ntpd_flags=             # enabled during install
xdm_flags=              # enabled during install
syslogd_flags=NO
syslog_ng_flags=
syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags}
I see that there is an error that scroll by very quickly while system reboots. I try to see it with dmesg but it's not there.

Is there a way to configure the console messages to got to a specific location on my BSD 5.2? If so, please provide code.

Thank you,
__________________
Speak softly and carry BSD!
Reply With Quote
Old 10th April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,675
Thanked 214 Times in 189 Posts
Default

Look at your flags. I don't know anything about syslog-ng, but this looks wrong to me:
Code:
syslog_ng_flags=
syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags}
You are setting variables. Not issuing shell commands. There is no apparent reason to have the first line, and no apparent reason to have anything beyond the closing quote of the second line.
Quote:
I see that there is an error that scroll by very quickly while system reboots. I try to see it with dmesg but it's not there.
You may find the message in /var/log -- look in /var/log/messages and /var/log/daemon.
Reply With Quote
Old 10th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks again for your response. I was able to see the error after many reboots. The files you mention did not have the error.
Code:
syntax error in /etc/syslog-ng/syslog-ng.conf line 44
Here is my syslog-ng conf:

Code:
# syslog-ng configuration file for OpenBSD.
# This should provide the same behavior as OpenBSD's syslog.conf(5).
# 2010-07-18 steven@openbsd.org

@version: 3.0
options {
        use_dns(no);
        create_dirs(no);
        keep_hostname(yes);
};

#source s_local {
#       unix-dgram ("/dev/log");
#       unix-dgram ("/var/empty/dev/log");
#       internal();
#};
#source s_local_all {
#       unix-dgram ("/dev/log");
#       unix-dgram ("/var/empty/dev/log");
#       unix-dgram ("/var/www/dev/log");
#       internal();
#};
source s_net {udp(port(514));
};

destination d_console   { file("/dev/console");         };
destination d_messages  { file("/var/log/messages" owner(root) group(wheel) perm(0644));        };
destination d_authlog   { file("/var/log/authlog" owner(root) group(wheel) perm(0640)); };
destination d_secure    { file("/var/log/secure" owner(root) group(wheel) perm(0600));  };
destination d_cronlog   { file("/var/cron/log" owner(root) group(wheel) perm(0600));    };
destination d_daemon    { file("/var/log/daemon" owner(root) group(wheel) perm(0640));  };
destination d_xferlog   { file("/var/log/xferlog" owner(root) group(wheel) perm(0640)); };
destination d_lpderrs   { file("/var/log/lpd-errs" owner(root) group(wheel) perm(0640));        };
destination d_maillog   { file("/var/log/maillog" owner(root) group(wheel) perm(0600)); };
destination d_uucplog   { file("/var/log/uucp" owner(uucp) group(dialer) perm(0660));   };
destination d_sudolog   { file("/var/log/sudo");        };
destination d_chatlog   { file("/var/log/chat");        };
destination d_ttyall    { usertty("*");                 };
destination d_ttyroot   { usertty("root");              };
destination d_loghost   { udp("loghost" port(514));     };

destination d_network_hosts { file("/var/log/bcm/$HOST.log");

(line 44)filter f_notice {
        level(notice .. emerg)
        and not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user);
};
filter f_kerndebug {
        level(debug .. emerg) and facility(kern);
};
filter f_msginfo {
        level(info .. emerg) and facility(syslog,user);
};
filter f_authinfo {
        level(info .. emerg) and facility(auth);
};
filter f_authprivdebug {
        level(debug .. emerg) and facility(authpriv);
};
filter f_croninfo {
        level(info .. emerg) and facility(cron);
};
filter f_daemoninfo {
        level(info .. emerg) and facility(daemon);
};
filter f_ftpinfo {
        level(info .. emerg) and facility(ftp);
};
filter f_lprdebug {
        level(debug .. emerg) and facility(lpr);
};
filter f_mailinfo {
        level(info .. emerg) and facility(mail);
};
filter f_uucpinfo {
        level(info .. emerg) and facility(uucp);
};
filter f_emerg {
        level(emerg);
};
filter f_to_console {
        not (facility(authpriv)) and
        ((level(notice .. emerg) and facility(auth))
        or (level(notice .. emerg));
};
filter f_to_loghost {
        (level(notice .. emerg) and
          not (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user)))
        or (level(info .. emerg) and facility(auth,daemon,syslog,user))
        or (level(debug .. emerg) and facility(authpriv,kern));
};
filter f_prog_sudo {
        program("sudo");
};
filter f_prog_chat {
        program("chat");
};

log { source(s_local); filter(f_notice);        destination(d_messages);};
log { source(s_local); filter(f_kerndebug);     destination(d_messages);};
log { source(s_local); filter(f_msginfo);       destination(d_messages);};
log { source(s_local); filter(f_authinfo);      destination(d_authlog); };
log { source(s_local); filter(f_authprivdebug); destination(d_secure);  };
log { source(s_local); filter(f_croninfo);      destination(d_cronlog); };
log { source(s_local); filter(f_daemoninfo);    destination(d_daemon);  };
log { source(s_local); filter(f_ftpinfo);       destination(d_xferlog); };
log { source(s_local); filter(f_lprdebug);      destination(d_lpderrs); };
log { source(s_local); filter(f_mailinfo);      destination(d_maillog); };
#log { source(s_local); filter(f_uucpinfo);     destination(d_uucplog); };
log { source (net); filter(f_net_hosts);        destination(d_network_host); };

# Uncomment this line to send "important" messages to the system
# console: be aware that this could create lots of output.
#log { source(s_local); filter(f_to_console);   destination(d_console); };

# Uncomment this to have all messages of notice level and higher
# as well as all authentication messages sent to root.
#log { source(s_local); filter(f_to_root);      destination(d_ttyroot); };
# Everyone gets emergency messages.
log { source(s_local); filter(f_emerg);         destination(d_ttyall);  };

# Uncomment to log to a central host named "loghost".
#log { source(s_local); filter(f_to_loghost);   destination(d_loghost); };

# Uncomment to log messages from sudo(8) and chat(8) to their own
# respective log files.  Matches are done based on the program name.
# Program-specific logs:
#log { source(s_local); filter(f_prog_sudo);    destination(d_sudolog); };
#log { source(s_local); filter(f_prog_chat);    destination(d_chatlog); };

# Uncomment to log messages from the network.
# Note: it is recommended to specify a different destination here.
#log { source(s_net); destination(d_messages); };
I have commented this line and the error moves to line 48. I don't understand, perhaps these statement are not needed, but syslog-ng does not start.

I hope you can see something four eyes see better than two.

Regards,
__________________
Speak softly and carry BSD!
Reply With Quote
Old 11th April 2013
denta denta is offline
Fdisk Soldier
 
Join Date: Nov 2009
Posts: 73
Thanked 0 Times in 0 Posts
Default

Missing closing braces (probably followed by a semicolon) on the line above line 44?

Code:
destination d_network_hosts { file("/var/log/bcm/$HOST.log");
Reply With Quote
Old 11th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks for your observation, four eyes see better than two. There still some errors that fly by when the system boots up, I can't see the whole thing. Darn,

I tried to modify my system so that I can redirect the console messages to a file console.log, this way I may get a hint as to what is going on.

I found this link:

I edited the newsyslog.conf file with:
Code:
/var/log/console.log * * * * * * * * * *640 *5 * *250 ** * * Z
Since my knowledge is very limited I'm not sure that this code really works: Can someone please analyze?
Code:
*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */dev/console
&lt;snip&gt;
*.err * * * * * * * * * * * * * * * * * * * * * * * * * /dev/console
*.notice;auth.debug * * * * * ** * * * * * * * * * * * /dev/console
*.alert * * * * * * * * * * * * * * * ** * * * * * * * */dev/console
I'm suppose to change previous code to this:
Code:
*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */var/log/console.log
&lt;snip&gt;	
*.err * * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log
*.notice;auth.debug * * * * * * * * * * * * * * * * * * /var/log/console.log
*.alert * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log
I created and changed the permission as directed:
Code:
# touch /var/log/console.log
# chmod 640 /var/log/console.log
This is the content of my:

Code:
# cat syslog.conf
#       $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info                             /var/log/messages
auth.info                                               /var/log/authlog
authpriv.debug                                          /var/log/secure
cron.info                                               /var/cron/log
daemon.info                                             /var/log/daemon
ftp.info                                                /var/log/xferlog
lpr.debug                                               /var/log/lpd-errs
mail.info                                               /var/log/maillog
#uucp.info                                              /var/log/uucp

*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */var/log/console.log
&lt;snip&gt;
*.err * * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log
*.notice;auth.debug * * * * * * * * * * * * * * * * * * /var/log/console.log
*.alert * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log

# Uncomment this line to send "important" messages to the system
# console: be aware that this could create lots of output.
#*.err;auth.notice;authpriv.none;kern.debug;mail.crit   /dev/console

# Uncomment this to have all messages of notice level and higher
# as well as all authentication messages sent to root.
#*.notice;auth.debug                                    root

# Everyone gets emergency messages.
*.emerg                                                 *

# Uncomment to log to a central host named "loghost".  You need to run
# syslogd with the -u option on the remote host if you are using this.
# (This is also required to log info from things like routers and
# ISDN-equipment).  If you run -u, you are vulnerable to syslog bombing,
# and should consider blocking external syslog packets.
#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none        @loghost
#auth,daemon,syslog,user.info;authpriv,kern.debug               @loghost

# Uncomment to log messages from sudo(8) and chat(8) to their own
# respective log files.  Matches are done based on the program name.
# Program-specific logs:
#!sudo
#*.*                                                    /var/log/sudo
#!chat
#*.*                                                    /var/log/chat
#
This may be considered unrelated but I need to be able to see the error messages that are scrolling by. I'm sure that with your help I can get to solving this issue.

Thank you and Regards
__________________
Speak softly and carry BSD!

Last edited by CyberJet; 11th April 2013 at 06:14 PM. Reason: Typo
Reply With Quote
Old 11th April 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,143
Thanked 182 Times in 149 Posts
Default

I just saw the man page at http://linux.die.net/man/8/syslog-ng

Code:
--syntax-only or -s
    Verify that the configuration file is syntactically correct and exit. 

[snip]

--verbose or -v
    Enable verbose logging used to troubleshoot syslog-ng.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 11th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thank you,

According to:
Code:
syslog-ng -v
I get error:
Code:
systax error in etc/syslog-ng/syslog-ng.conf at line 42.
Upon inspection of /etc/syslog-ng/syslog-ng.conf I see:
Code:
destination d_network_hosts { file("/var/log/bcm/$HOST.log") };
Please forgive me, but don't see the syntax error. How many spaces must I use in between the last ")" and the bracket "}"?

Regards,
__________________
Speak softly and carry BSD!
Reply With Quote
Old 11th April 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,880
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by CyberJet View Post
Upon inspection of /etc/syslog-ng/syslog-ng.conf I see:
Code:
destination d_network_hosts { file("/var/log/bcm/$HOST.log") };
Please forgive me, but don't see the syntax error. How many spaces must I use in between the last ")" and the bracket "}"?
I have the suspicion that /var/log exists, but /var/log/bcm does not.
Reply With Quote
Old 12th April 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,143
Thanked 182 Times in 149 Posts
Default

What does it say if you use both -s and -v options?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 12th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks J65nko,

This is the output of syslog-ng -s -v:

Code:
# syslog-ng -s
syntax error in /etc/syslog-ng/syslog-ng.conf at line 42.

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
I have signed up and and posted on balabit.com

I did create the directory (mkdir) during the process in /var/log/bcm. It's just a thought, should I have assigned special permissions? I tried to list the perms using:

Code:
 ls -l ~/var/log/bcm
It produces:

Code:
ls: /bcm No such file or directory
pwd shows:

Code:
Xorg.0.log        bcm               daily.out.old     lpd-errs          messages          secure            wtmp
Xorg.0.log.old    console.log       failedlogin       maillog           messages.0.gz     security.out      xdm.log
authlog           daemon            ftpd              maillog.0.gz      pflog             security.out.old  xferlog
authlog.0.gz      daily.out         lastlog           maillog.1.gz      rdist             sendmail.st
Again thanks for your help.
__________________
Speak softly and carry BSD!

Last edited by CyberJet; 12th April 2013 at 02:39 PM. Reason: Remove typo
Reply With Quote
Old 12th April 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,880
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by CyberJet View Post
I did create the directory (mkdir) during the process in /var/log/bcm. It's just a thought, should I have assigned special permissions? I tried to list the perms using:

Code:
 ls -l ~/var/log/bcm
It produces:

Code:
ls: /bcm No such file or directory
Highlighting color added.

The two directories are not equivalent. ~/var/log/bcm specifies a directory underneath your home directory. /var/log/bcm is an absolute pathname underneath /. Note the use of the tilde (~) which is shorthand for designating the home directory of whatever account is issuing the commands.
Reply With Quote
Old 12th April 2013
CyberJet's Avatar
CyberJet CyberJet is offline
Real Name: Ramon
BSD Student
 
Join Date: Feb 2009
Location: Miami FL
Posts: 98
Thanked 0 Times in 0 Posts
Default

Thanks for lesson Ocicat.

I just issued the command under /var/log

Code:
 ls -l
These are my perms:

Code:
-rw-r--r--  1 root  wheel   71431 Apr 12 11:42 Xorg.0.log
-rw-r--r--  1 root  wheel   71684 Apr 11 13:24 Xorg.0.log.old
-rw-r-----  1 root  wheel    1104 Apr 10 10:07 authlog
-rw-r-----  1 root  wheel     248 Apr  9 17:00 authlog.0.gz
drwxr-xr-x  2 root  wheel     512 Apr 12 10:25 bcm
-rw-r-----  1 root  wheel       0 Apr 11 12:28 console.log
-rw-r-----  1 root  wheel    3292 Apr 10 10:23 daemon
-rw-------  1 root  wheel    1843 Apr 12 01:30 daily.out
-rw-------  1 root  wheel    1843 Apr 11 01:30 daily.out.old
-rw-------  1 root  wheel       0 Aug  1  2012 failedlogin
-rw-r-----  1 root  wheel       0 Aug  1  2012 ftpd
-rw-r--r--  1 root  wheel  268268 Apr 11 14:09 lastlog
-rw-r-----  1 root  wheel       0 Aug  1  2012 lpd-errs
-rw-------  1 root  wheel      63 Apr 10 17:00 maillog
-rw-------  1 root  wheel     611 Apr 10 17:00 maillog.0.gz
-rw-------  1 root  wheel     441 Apr  9 17:00 maillog.1.gz
-rw-r--r--  1 root  wheel      63 Apr 10 11:00 messages
-rw-r--r--  1 root  wheel    4071 Apr 10 11:00 messages.0.gz
-rw-------  1 root  wheel     180 Apr 10 14:19 pflog
drwxr-xr-x  2 root  wheel     512 Aug  1  2012 rdist
-rw-------  1 root  wheel       0 Aug  1  2012 secure
-rw-------  1 root  wheel     793 Apr 12 01:30 security.out
-rw-------  1 root  wheel    6161 Apr 11 01:30 security.out.old
-rw-rw-r--  1 root  wheel     728 Apr 12 01:30 sendmail.st
-rw-r--r--  1 root  wheel   23700 Apr 11 14:09 wtmp
-rw-r--r--  1 root  wheel    2228 Apr 12 11:42 xdm.log
-rw-r-----  1 root  wheel       0 Aug  1  2012 xferlog
Are the permission for the bcm directory correct?
__________________
Speak softly and carry BSD!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
syslog strangeness on freebsd 8.0 and 8.1-RC vikashb FreeBSD General 0 6th July 2010 04:31 AM
Syslog-ng Monitor plexter OpenBSD Packages and Ports 8 5th February 2010 09:38 PM
Cisco Secure ACS 4.1 syslog OpenBSD 3.9 cyberpaisalegionair OpenBSD General 1 24th July 2008 06:42 PM
good old syslog-ng issue amiga505 OpenBSD Packages and Ports 7 4th July 2008 06:01 PM
SYSLOG disappearance jaymax FreeBSD General 6 26th June 2008 02:53 AM


All times are GMT. The time now is 08:33 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick