|
OpenBSD Installation and Upgrading Installing and upgrading OpenBSD. |
|
Thread Tools | Display Modes |
|
|
||||
Some of the common problems often seen with OpenBSD "how-to" instructions found on the Internet from unofficial sources
/etc/rc should, under normal circumstances, never be modified by the OpenBSD administrator. We have /etc/rc.local for manual scripts, if needed. However, the syslog-ng package includes an /etc/rc.d script to start and stop the daemon. If you installed the OpenBSD package for syslog-ng, you will find this script automatically installed in the /etc/rc.d directory. Please see the rc.d(8) man page for instructions on how the scripts get run if you ever wish to start/stop manually, or if you find you need to set a variable when you execute the script. Please see the rc.conf(8) manual for setting the pkg_scripts variable in your /etc/rc.conf.local file to automatically start and stop local daemons at startup and shutdown. Last edited by jggimi; 5th April 2013 at 05:10 PM. Reason: clarity, typo |
|
||||
Yes, your author has you editing /etc/rc in order to manage startup via newly defined rc.conf(8) variables. Manually editing /etc/rc is to be avoided; it needlessly complicates maintenance and upgrades.
While the "how-to" predates the rc.d(5) infrastructure, introduced with OpenBSD 5.0, editing /etc/rc was never a best practice. Daemon startup scripts were added to /etc/rc.local. And, even with the rc.d infrastructure, /etc/rc.local has been retained for any manual script needed at startup. Last edited by jggimi; 5th April 2013 at 05:26 PM. Reason: restructuring for clarity |
|
||||
Thanks for the great advise. I will consider them words of wisdom. I did as you suggested and edit the rc.conf.local and added the following:
Code:
syslog_ng_flags= syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags} Code:
Apr 5 13:54:59 Petirre syslog-ng[8784]: syslog-ng starting up; version='3.1.4' Apr 5 13:54:59 Petirre syslog-ng[8784]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:00 Petirre syslog-ng[16018]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:00 Petirre syslog-ng[16018]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[24885]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[24885]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[24848]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[24848]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[16772]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[16772]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[1063]: syslog-ng starting up; version='3.1.4' Apr 5 13:55:01 Petirre syslog-ng[1063]: syslog-ng starting up; version='3.1.4' Code:
root 23822 0.0 0.0 732 992 ?? I 1:54PM 0:00.00 supervising syslog-ng (syslog-ng) root 23205 0.0 0.1 1004 2320 ?? Is 1:54PM 0:00.04 /usr/local/sbin/syslog-ng _dhcp 9792 0.0 0.0 716 268 ?? Ss 1:54PM 0:00.00 dhclient: bge0 (dhclient) root 9067 0.0 0.0 460 792 ?? Is 1:54PM 0:00.00 syslogd: [priv] (syslogd) _syslogd 23183 0.0 0.0 468 764 ?? I 1:54PM 0:00.02 /usr/sbin/syslogd -a /var/www/dev/log -a /var/empty/dev/lo root 17007 0.0 0.0 620 464 ?? Is 1:54PM 0:00.00 pflogd: [priv] (pflogd) _pflogd 29014 0.0 0.0 684 324 ?? S 1:54PM 0:00.01 pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog (pflo root 8784 0.0 0.1 976 2352 ?? Is 1:54PM 0:00.02 /usr/local/sbin/syslog-ng root 4461 0.0 0.1 748 1220 ?? I 1:54PM 0:00.01 supervising syslog-ng (syslog-ng) root 5802 0.0 0.1 616 1224 ?? Is 1:55PM 0:00.01 /usr/sbin/sshd root 16018 0.0 0.1 864 2452 ?? Is 1:55PM 0:00.02 /usr/local/sbin/syslog-ng root 21738 0.0 0.1 652 1224 ?? I 1:55PM 0:00.01 supervising syslog-ng (syslog-ng) root 15999 0.0 0.1 1488 1592 ?? Ss 1:55PM 0:00.03 sendmail: accepting connections (sendmail) root 24885 0.0 0.1 800 2460 ?? Is 1:55PM 0:00.02 /usr/local/sbin/syslog-ng root 31643 0.0 0.1 592 1232 ?? I 1:55PM 0:00.01 supervising syslog-ng (syslog-ng) root 5333 0.0 0.0 408 792 ?? Is 1:55PM 0:00.01 /usr/sbin/inetd root 24848 0.0 0.1 788 2468 ?? Is 1:55PM 0:00.02 /usr/local/sbin/syslog-ng root 24131 0.0 0.1 576 1232 ?? I 1:55PM 0:00.01 supervising syslog-ng (syslog-ng) _sndio 3263 0.0 0.0 396 424 ?? I<s 1:55PM 0:00.00 /usr/bin/sndiod root 16772 0.0 0.1 952 2464 ?? Is 1:55PM 0:00.02 /usr/local/sbin/syslog-ng root 10742 0.0 0.1 740 1232 ?? I 1:55PM 0:00.01 supervising syslog-ng (syslog-ng) root 2422 0.0 0.0 520 920 ?? Is 1:55PM 0:00.01 /usr/sbin/cron root 17846 0.0 0.1 564 1224 ?? I 1:55PM 0:00.01 supervising syslog-ng (syslog-ng) root 1063 0.0 0.1 792 2464 ?? Is 1:55PM 0:00.02 /usr/local/sbin/syslog-ng Thanks again! Last edited by ocicat; 5th April 2013 at 06:23 PM. Reason: Please use [code] & [/code] tags when posting command output. |
|
||||
It appears syslog-ng is running. I don't know if syslog-ng is working. If your logs are going where they need to go while syslogd(8) is shut down, then it's working.
To keep syslogd(8) daemon from starting at boot time, add this line to /etc/rc.conf.local: Code:
syslogd_flags=NO Code:
start_daemon() { local _n for _n; do eval _do=\${${_n}_flags} if [ X"${_do}" != X"NO" ]; then /etc/rc.d/${_n} start fi done } |
|
||||
Good Afternoon,
I have not given up as of yet. syslog-ng doesn't work the way it should. I have edited the rc.conf.local. Code:
ntpd_flags= # enabled during install xdm_flags= # enabled during install syslogd_flags=NO syslog_ng_flags= syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags} Is there a way to configure the console messages to got to a specific location on my BSD 5.2? If so, please provide code. Thank you,
__________________
Speak softly and carry BSD! |
|
||||
Look at your flags. I don't know anything about syslog-ng, but this looks wrong to me:
Code:
syslog_ng_flags= syslog_ng_flags="-p /var/run/syslog-ng.pid" /usr/local/sbin/syslog-ng ${syslog_ng_flags} Quote:
|
|
||||
Thanks again for your response. I was able to see the error after many reboots. The files you mention did not have the error.
Code:
syntax error in /etc/syslog-ng/syslog-ng.conf line 44 Code:
# syslog-ng configuration file for OpenBSD. # This should provide the same behavior as OpenBSD's syslog.conf(5). # 2010-07-18 steven@openbsd.org @version: 3.0 options { use_dns(no); create_dirs(no); keep_hostname(yes); }; #source s_local { # unix-dgram ("/dev/log"); # unix-dgram ("/var/empty/dev/log"); # internal(); #}; #source s_local_all { # unix-dgram ("/dev/log"); # unix-dgram ("/var/empty/dev/log"); # unix-dgram ("/var/www/dev/log"); # internal(); #}; source s_net {udp(port(514)); }; destination d_console { file("/dev/console"); }; destination d_messages { file("/var/log/messages" owner(root) group(wheel) perm(0644)); }; destination d_authlog { file("/var/log/authlog" owner(root) group(wheel) perm(0640)); }; destination d_secure { file("/var/log/secure" owner(root) group(wheel) perm(0600)); }; destination d_cronlog { file("/var/cron/log" owner(root) group(wheel) perm(0600)); }; destination d_daemon { file("/var/log/daemon" owner(root) group(wheel) perm(0640)); }; destination d_xferlog { file("/var/log/xferlog" owner(root) group(wheel) perm(0640)); }; destination d_lpderrs { file("/var/log/lpd-errs" owner(root) group(wheel) perm(0640)); }; destination d_maillog { file("/var/log/maillog" owner(root) group(wheel) perm(0600)); }; destination d_uucplog { file("/var/log/uucp" owner(uucp) group(dialer) perm(0660)); }; destination d_sudolog { file("/var/log/sudo"); }; destination d_chatlog { file("/var/log/chat"); }; destination d_ttyall { usertty("*"); }; destination d_ttyroot { usertty("root"); }; destination d_loghost { udp("loghost" port(514)); }; destination d_network_hosts { file("/var/log/bcm/$HOST.log"); (line 44)filter f_notice { level(notice .. emerg) and not(facility(auth,authpriv,cron,ftp,kern,lpr,mail,user); }; filter f_kerndebug { level(debug .. emerg) and facility(kern); }; filter f_msginfo { level(info .. emerg) and facility(syslog,user); }; filter f_authinfo { level(info .. emerg) and facility(auth); }; filter f_authprivdebug { level(debug .. emerg) and facility(authpriv); }; filter f_croninfo { level(info .. emerg) and facility(cron); }; filter f_daemoninfo { level(info .. emerg) and facility(daemon); }; filter f_ftpinfo { level(info .. emerg) and facility(ftp); }; filter f_lprdebug { level(debug .. emerg) and facility(lpr); }; filter f_mailinfo { level(info .. emerg) and facility(mail); }; filter f_uucpinfo { level(info .. emerg) and facility(uucp); }; filter f_emerg { level(emerg); }; filter f_to_console { not (facility(authpriv)) and ((level(notice .. emerg) and facility(auth)) or (level(notice .. emerg)); }; filter f_to_loghost { (level(notice .. emerg) and not (facility(auth,authpriv,cron,ftp,kern,lpr,mail,user))) or (level(info .. emerg) and facility(auth,daemon,syslog,user)) or (level(debug .. emerg) and facility(authpriv,kern)); }; filter f_prog_sudo { program("sudo"); }; filter f_prog_chat { program("chat"); }; log { source(s_local); filter(f_notice); destination(d_messages);}; log { source(s_local); filter(f_kerndebug); destination(d_messages);}; log { source(s_local); filter(f_msginfo); destination(d_messages);}; log { source(s_local); filter(f_authinfo); destination(d_authlog); }; log { source(s_local); filter(f_authprivdebug); destination(d_secure); }; log { source(s_local); filter(f_croninfo); destination(d_cronlog); }; log { source(s_local); filter(f_daemoninfo); destination(d_daemon); }; log { source(s_local); filter(f_ftpinfo); destination(d_xferlog); }; log { source(s_local); filter(f_lprdebug); destination(d_lpderrs); }; log { source(s_local); filter(f_mailinfo); destination(d_maillog); }; #log { source(s_local); filter(f_uucpinfo); destination(d_uucplog); }; log { source (net); filter(f_net_hosts); destination(d_network_host); }; # Uncomment this line to send "important" messages to the system # console: be aware that this could create lots of output. #log { source(s_local); filter(f_to_console); destination(d_console); }; # Uncomment this to have all messages of notice level and higher # as well as all authentication messages sent to root. #log { source(s_local); filter(f_to_root); destination(d_ttyroot); }; # Everyone gets emergency messages. log { source(s_local); filter(f_emerg); destination(d_ttyall); }; # Uncomment to log to a central host named "loghost". #log { source(s_local); filter(f_to_loghost); destination(d_loghost); }; # Uncomment to log messages from sudo(8) and chat(8) to their own # respective log files. Matches are done based on the program name. # Program-specific logs: #log { source(s_local); filter(f_prog_sudo); destination(d_sudolog); }; #log { source(s_local); filter(f_prog_chat); destination(d_chatlog); }; # Uncomment to log messages from the network. # Note: it is recommended to specify a different destination here. #log { source(s_net); destination(d_messages); }; I hope you can see something four eyes see better than two. Regards,
__________________
Speak softly and carry BSD! |
|
|||
Missing closing braces (probably followed by a semicolon) on the line above line 44?
Code:
destination d_network_hosts { file("/var/log/bcm/$HOST.log"); |
|
||||
Thanks for your observation, four eyes see better than two. There still some errors that fly by when the system boots up, I can't see the whole thing. Darn,
I tried to modify my system so that I can redirect the console messages to a file console.log, this way I may get a hint as to what is going on. I found this link: I edited the newsyslog.conf file with: Code:
/var/log/console.log * * * * * * * * * *640 *5 * *250 ** * * Z Code:
*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */dev/console <snip> *.err * * * * * * * * * * * * * * * * * * * * * * * * * /dev/console *.notice;auth.debug * * * * * ** * * * * * * * * * * * /dev/console *.alert * * * * * * * * * * * * * * * ** * * * * * * * */dev/console Code:
*.err;kern.debug;auth.notice;authpriv.none;mail.crit * */var/log/console.log <snip> *.err * * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log *.notice;auth.debug * * * * * * * * * * * * * * * * * * /var/log/console.log *.alert * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log Code:
# touch /var/log/console.log # chmod 640 /var/log/console.log Code:
# cat syslog.conf # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info /var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog #uucp.info /var/log/uucp *.err;kern.debug;auth.notice;authpriv.none;mail.crit * */var/log/console.log <snip> *.err * * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log *.notice;auth.debug * * * * * * * * * * * * * * * * * * /var/log/console.log *.alert * * * * * * * * * * * * * * * * * * * * * * * * /var/log/console.log # Uncomment this line to send "important" messages to the system # console: be aware that this could create lots of output. #*.err;auth.notice;authpriv.none;kern.debug;mail.crit /dev/console # Uncomment this to have all messages of notice level and higher # as well as all authentication messages sent to root. #*.notice;auth.debug root # Everyone gets emergency messages. *.emerg * # Uncomment to log to a central host named "loghost". You need to run # syslogd with the -u option on the remote host if you are using this. # (This is also required to log info from things like routers and # ISDN-equipment). If you run -u, you are vulnerable to syslog bombing, # and should consider blocking external syslog packets. #*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost #auth,daemon,syslog,user.info;authpriv,kern.debug @loghost # Uncomment to log messages from sudo(8) and chat(8) to their own # respective log files. Matches are done based on the program name. # Program-specific logs: #!sudo #*.* /var/log/sudo #!chat #*.* /var/log/chat # Thank you and Regards
__________________
Speak softly and carry BSD! Last edited by CyberJet; 11th April 2013 at 06:14 PM. Reason: Typo |
|
|||
I just saw the man page at http://linux.die.net/man/8/syslog-ng
Code:
--syntax-only or -s Verify that the configuration file is syntactically correct and exit. [snip] --verbose or -v Enable verbose logging used to troubleshoot syslog-ng.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Thank you,
According to: Code:
syslog-ng -v Code:
systax error in etc/syslog-ng/syslog-ng.conf at line 42. Code:
destination d_network_hosts { file("/var/log/bcm/$HOST.log") }; Regards,
__________________
Speak softly and carry BSD! |
|
|||
I have the suspicion that /var/log exists, but /var/log/bcm does not.
|
|
|||
What does it say if you use both -s and -v options?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Thanks J65nko,
This is the output of syslog-ng -s -v: Code:
# syslog-ng -s syntax error in /etc/syslog-ng/syslog-ng.conf at line 42. syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng I did create the directory (mkdir) during the process in /var/log/bcm. It's just a thought, should I have assigned special permissions? I tried to list the perms using: Code:
ls -l ~/var/log/bcm Code:
ls: /bcm No such file or directory Code:
Xorg.0.log bcm daily.out.old lpd-errs messages secure wtmp Xorg.0.log.old console.log failedlogin maillog messages.0.gz security.out xdm.log authlog daemon ftpd maillog.0.gz pflog security.out.old xferlog authlog.0.gz daily.out lastlog maillog.1.gz rdist sendmail.st
__________________
Speak softly and carry BSD! Last edited by CyberJet; 12th April 2013 at 02:39 PM. Reason: Remove typo |
|
|||
Quote:
The two directories are not equivalent. ~/var/log/bcm specifies a directory underneath your home directory. /var/log/bcm is an absolute pathname underneath /. Note the use of the tilde (~) which is shorthand for designating the home directory of whatever account is issuing the commands. |
|
||||
Thanks for lesson Ocicat.
I just issued the command under /var/log Code:
ls -l Code:
-rw-r--r-- 1 root wheel 71431 Apr 12 11:42 Xorg.0.log -rw-r--r-- 1 root wheel 71684 Apr 11 13:24 Xorg.0.log.old -rw-r----- 1 root wheel 1104 Apr 10 10:07 authlog -rw-r----- 1 root wheel 248 Apr 9 17:00 authlog.0.gz drwxr-xr-x 2 root wheel 512 Apr 12 10:25 bcm -rw-r----- 1 root wheel 0 Apr 11 12:28 console.log -rw-r----- 1 root wheel 3292 Apr 10 10:23 daemon -rw------- 1 root wheel 1843 Apr 12 01:30 daily.out -rw------- 1 root wheel 1843 Apr 11 01:30 daily.out.old -rw------- 1 root wheel 0 Aug 1 2012 failedlogin -rw-r----- 1 root wheel 0 Aug 1 2012 ftpd -rw-r--r-- 1 root wheel 268268 Apr 11 14:09 lastlog -rw-r----- 1 root wheel 0 Aug 1 2012 lpd-errs -rw------- 1 root wheel 63 Apr 10 17:00 maillog -rw------- 1 root wheel 611 Apr 10 17:00 maillog.0.gz -rw------- 1 root wheel 441 Apr 9 17:00 maillog.1.gz -rw-r--r-- 1 root wheel 63 Apr 10 11:00 messages -rw-r--r-- 1 root wheel 4071 Apr 10 11:00 messages.0.gz -rw------- 1 root wheel 180 Apr 10 14:19 pflog drwxr-xr-x 2 root wheel 512 Aug 1 2012 rdist -rw------- 1 root wheel 0 Aug 1 2012 secure -rw------- 1 root wheel 793 Apr 12 01:30 security.out -rw------- 1 root wheel 6161 Apr 11 01:30 security.out.old -rw-rw-r-- 1 root wheel 728 Apr 12 01:30 sendmail.st -rw-r--r-- 1 root wheel 23700 Apr 11 14:09 wtmp -rw-r--r-- 1 root wheel 2228 Apr 12 11:42 xdm.log -rw-r----- 1 root wheel 0 Aug 1 2012 xferlog
__________________
Speak softly and carry BSD! |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
syslog strangeness on freebsd 8.0 and 8.1-RC | vikashb | FreeBSD General | 0 | 6th July 2010 04:31 AM |
Syslog-ng Monitor | plexter | OpenBSD Packages and Ports | 8 | 5th February 2010 09:38 PM |
Cisco Secure ACS 4.1 syslog OpenBSD 3.9 | cyberpaisalegionair | OpenBSD General | 1 | 24th July 2008 06:42 PM |
good old syslog-ng issue | amiga505 | OpenBSD Packages and Ports | 7 | 4th July 2008 06:01 PM |
SYSLOG disappearance | jaymax | FreeBSD General | 6 | 26th June 2008 02:53 AM |