diff options
Diffstat (limited to 'app/admin/syslog-ng')
-rw-r--r-- | app/admin/syslog-ng/logrotate.d/syslog-ng | 6 | ||||
-rw-r--r-- | app/admin/syslog-ng/rc.syslog-ng.new | 37 | ||||
-rw-r--r-- | app/admin/syslog-ng/slack-required | 4 | ||||
-rw-r--r-- | app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff | 277 | ||||
-rwxr-xr-x | app/admin/syslog-ng/syslog-ng.SlackBuild | 241 | ||||
-rw-r--r-- | app/admin/syslog-ng/syslog-ng.conf.new | 270 |
6 files changed, 835 insertions, 0 deletions
diff --git a/app/admin/syslog-ng/logrotate.d/syslog-ng b/app/admin/syslog-ng/logrotate.d/syslog-ng new file mode 100644 index 00000000..b6a7e1d8 --- /dev/null +++ b/app/admin/syslog-ng/logrotate.d/syslog-ng @@ -0,0 +1,6 @@ +/var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog { + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/syslog-ng.pid`2>/dev/null || true + endscript +} diff --git a/app/admin/syslog-ng/rc.syslog-ng.new b/app/admin/syslog-ng/rc.syslog-ng.new new file mode 100644 index 00000000..513154f7 --- /dev/null +++ b/app/admin/syslog-ng/rc.syslog-ng.new @@ -0,0 +1,37 @@ +#!/bin/sh +# Start/stop/restart the system logging daemons. +# +# Written for Slackware Linux by Patrick J. Volkerding <volkerdi@slackware.com>. +# Modyfied for syslog-ng by Kanedaaa <kaneda@bohater.net> + +syslogng_start() { + if [ -x /usr/sbin/syslog-ng ]; then + echo -n "Starting syslog-ng daemon: " + echo " /usr/sbin/syslog-ng" + /usr/sbin/syslog-ng + fi +} + +syslogng_stop() { + killall syslog-ng 2> /dev/null +} + +syslogng_restart() { + syslogng_stop + sleep 1 + syslogng_start +} + +case "$1" in +'start') + syslogng_start + ;; +'stop') + syslogng_stop + ;; +'restart') + syslogng_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac diff --git a/app/admin/syslog-ng/slack-required b/app/admin/syslog-ng/slack-required new file mode 100644 index 00000000..6ee81c3a --- /dev/null +++ b/app/admin/syslog-ng/slack-required @@ -0,0 +1,4 @@ +# Dependency list to syslog-ng +# +# dependency [condition] [version]] +eventlog diff --git a/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff b/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff new file mode 100644 index 00000000..5b0a2309 --- /dev/null +++ b/app/admin/syslog-ng/syslog-ng-anon-2.0.6.diff @@ -0,0 +1,277 @@ +diff -Naur syslog-ng-2.0.5.orig/doc/Makefile.am syslog-ng-2.0.5/doc/Makefile.am +--- syslog-ng-2.0.5.orig/doc/Makefile.am 2007-04-19 21:37:16.000000000 +0200 ++++ syslog-ng-2.0.5/doc/Makefile.am 2007-11-03 00:28:59.000000000 +0100 +@@ -6,6 +6,7 @@ + reference/syslog-ng.xml \ + reference/syslog-ng.txt \ + reference/syslog-ng.xsl \ ++ reference/README.syslog-ng-anon \ + examples/syslog-ng.conf.sample \ + examples/syslog-ng.conf.solaris + +diff -Naur syslog-ng-2.0.5.orig/doc/Makefile.in syslog-ng-2.0.5/doc/Makefile.in +--- syslog-ng-2.0.5.orig/doc/Makefile.in 2007-07-22 15:40:04.000000000 +0200 ++++ syslog-ng-2.0.5/doc/Makefile.in 2007-11-03 00:28:59.000000000 +0100 +@@ -135,6 +135,7 @@ + reference/syslog-ng.xml \ + reference/syslog-ng.txt \ + reference/syslog-ng.xsl \ ++ reference/README/syslog-ng-anon \ + examples/syslog-ng.conf.sample \ + examples/syslog-ng.conf.solaris + +diff -Naur syslog-ng-2.0.5.orig/doc/reference/README.syslog-ng-anon syslog-ng-2.0.5/doc/reference/README.syslog-ng-anon +--- syslog-ng-2.0.5.orig/doc/reference/README.syslog-ng-anon 1970-01-01 01:00:00.000000000 +0100 ++++ syslog-ng-2.0.5/doc/reference/README.syslog-ng-anon 2007-11-03 00:42:04.000000000 +0100 +@@ -0,0 +1,88 @@ ++syslog-ng-anon ++ ++ This patch adds the capability to syslog-ng that allows you to strip ++ out any given regexp or all IP addresses from log messages before ++ they are written to disk. The goal is to give the system administrator ++ the means to implement site logging policies, by allowing them easy ++ control over exactly what data they retain in their logfiles, ++ regardless of what a particular daemon might think is best. ++ ++Background: ++ ++ Data retention has become a hot legal topic for ISPs and other Online ++ Service Providers (OSPs). There are many instances where it is preferable ++ to keep less information on users than is collected by default on many ++ systems. In the United States it is not currently required to retain ++ data on users of a server, but you may be required to provide all data ++ on a user which you have retained. OSPs can protect themselves from legal ++ hassles and added work by choosing what data they wish to retain. ++ ++ From "Best Practices for Online Service Providers" ++ (http://www.eff.org/osp): ++ ++ As an intermediary, the OSP [Online Service Provider] finds itself in ++ a position to collect and store detailed information about its users ++ and their online activities that may be of great interest to third ++ parties. The USA PATRIOT Act also provides the government with ++ expanded powers to request this information. As a result, OSP owners ++ must deal with requests from law enforcement and lawyers to hand over ++ private user information and logs. Yet, compliance with these demands ++ takes away from an OSP's goal of providing users with reliable, ++ secure network services. In this paper, EFF offers some suggestions, ++ both legal and technical, for best practices that balance the needs ++ of OSPs and their users' privacy and civil liberties. ++ ++ Rather than scrubbing the information you don't want in logs, this patch ++ ensures that the information is never written to disk. Also, for those ++ daemons which log through syslog facilities, this patch provides a ++ convenient single configuration to limit what you wish to log. ++ ++ Here are some related links: ++ ++ Best Practices for Online Service Providers ++ http://www.eff.org/osp ++ http://www.eff.org/osp/20040819_OSPBestPractices.pdf ++ ++ EPIC International Data Retention Page ++ http://www.epic.org/privacy/intl/data_retention.html ++ ++ Working Paper on Usage Log Data Management (from Computer, Freedom, and ++ Privacy conference) http://cryptome.org/usage-logs.htm ++ ++ ++Installing syslog-ng-anon ++ ++ Applying the patch ++ ++ This patch has been tested against the following versions of syslog-ng: ++ . Debian package syslog-ng_2.0.5-2 ++ ++ To use this patch, obtain the source for syslog-ng ++ (apt-get source syslog-ng) and the ++ syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/). ++ Apply the patch the patch: ++ ++ % cd syslog-ng-2.0.5 ++ % patch -p1 < ../syslog-ng-anon.diff ++ ++ Then compile and install syslog-ng: ++ ++ % dpkg-buildpackage -rfakeroot -b ++ % dpkg -i ../syslog-ng_2.0.5-2_i386.deb ++ ++ How to use it ++ ++ This patch adds the filter "strip". For example: ++ ++ filter f_strip {strip(<regexp>);}; ++ ++ This will strip out all matches of the regular expression on logs to ++ which the filter is applied and replaces all matches with the fixed length ++ four dashes ("----"). ++ ++ In place of a regular expression, you can put "ips", which will replace all ++ internet addresses with 0.0.0.0. For example: ++ ++ filter f_strip {strip(ips);}; ++ ++ You can alter what the replacement strings are by using replace: +diff -Naur syslog-ng-2.0.5.orig/src/cfg-grammar.y syslog-ng-2.0.5/src/cfg-grammar.y +--- syslog-ng-2.0.5.orig/src/cfg-grammar.y 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/cfg-grammar.y 2007-11-03 00:28:59.000000000 +0100 +@@ -107,7 +107,7 @@ + %token KW_USE_TIME_RECVD + + /* filter items*/ +-%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK ++%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK KW_STRIP KW_REPLACE + + /* yes/no switches */ + %token KW_YES KW_NO +@@ -802,6 +802,8 @@ + | KW_PROGRAM '(' string ')' { $$ = filter_prog_new($3); free($3); } + | KW_HOST '(' string ')' { $$ = filter_host_new($3); free($3); } + | KW_MATCH '(' string ')' { $$ = filter_match_new($3); free($3); } ++ | KW_STRIP '(' string ')' { $$ = filter_strip_new($3); free($3); } ++ | KW_REPLACE '(' string string ')' { $$ = filter_replace_new($3, $4); free($3); free($4); } + | KW_FILTER '(' string ')' { $$ = filter_call_new($3, configuration); free($3); } + | KW_NETMASK '(' string ')' { $$ = filter_netmask_new($3); free($3); } + ; +@@ -907,4 +909,4 @@ + last_reader_options = NULL; + last_writer_options = NULL; + last_template = NULL; +-} +\ No newline at end of file ++} +diff -Naur syslog-ng-2.0.5.orig/src/cfg-lex.l syslog-ng-2.0.5/src/cfg-lex.l +--- syslog-ng-2.0.5.orig/src/cfg-lex.l 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/cfg-lex.l 2007-11-03 00:28:59.000000000 +0100 +@@ -165,6 +165,8 @@ + { "host", KW_HOST }, + { "match", KW_MATCH }, + { "netmask", KW_NETMASK }, ++ { "strip", KW_STRIP }, ++ { "replace", KW_REPLACE }, + + /* on/off switches */ + { "yes", KW_YES }, +diff -Naur syslog-ng-2.0.5.orig/src/filter.c syslog-ng-2.0.5/src/filter.c +--- syslog-ng-2.0.5.orig/src/filter.c 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/filter.c 2007-11-03 00:30:22.000000000 +0100 +@@ -226,6 +226,7 @@ + typedef struct _FilterRE + { + FilterExprNode super; ++ GString *replace; + regex_t regex; + } FilterRE; + +@@ -310,6 +311,9 @@ + filter_re_free(FilterExprNode *s) + { + FilterRE *self = (FilterRE *) s; ++ ++ if (self->replace != NULL) ++ g_string_free(self->replace, TRUE); + + regfree(&self->regex); + g_free(s); +@@ -494,3 +498,89 @@ + self->super.eval = filter_netmask_eval; + return &self->super; + } ++ ++FilterExprNode * ++filter_strip_new(const gchar *re) ++{ ++ if (g_ascii_strcasecmp(re, "ips") == 0) ++ return filter_replace_new(re, "0.0.0.0"); ++ return filter_replace_new(re, "----"); ++} ++ ++#define FMIN(a, b) (a) < (b) ? (a) : (b) ++#define NEW_MSG_SIZE 2048 ++ ++static gboolean ++filter_replace_eval(FilterExprNode *s, LogMessage *log) ++{ ++ FilterRE *self = (FilterRE *) s; ++ gchar *buffer = log->msg.str; ++ gint snippet_size; ++ regmatch_t pmatch; ++ gchar new_msg[NEW_MSG_SIZE]; ++ gchar *new_msg_max = new_msg + NEW_MSG_SIZE; ++ gchar *new_msg_ptr = new_msg; ++ gint replace_length = self->replace->len; ++ gint error; ++ ++ error = regexec(&self->regex, buffer, 1, &pmatch, 0); ++ if (error) ++ return TRUE; ++ while (!error) ++ { ++ /* copy string snippet which preceeds matched text */ ++ snippet_size = FMIN(pmatch.rm_so, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, buffer, snippet_size); ++ new_msg_ptr += snippet_size; ++ ++ /* copy replacement */ ++ snippet_size = FMIN(replace_length, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, self->replace->str, snippet_size); ++ new_msg_ptr += snippet_size; ++ ++ /* search for next match */ ++ buffer += pmatch.rm_eo; ++ error = regexec(&self->regex, buffer, 1, &pmatch, REG_NOTBOL); ++ } ++ ++ /* copy the rest of the old message */ ++ snippet_size = log->msg.len - (buffer - log->msg.str) + 1; ++ snippet_size = FMIN(snippet_size, new_msg_max - new_msg_ptr); ++ memcpy(new_msg_ptr, buffer, snippet_size); ++ new_msg[NEW_MSG_SIZE-1] = '\0'; ++ ++ g_string_erase(&(log->msg), 0, -1); ++ g_string_append(&(log->msg), new_msg); ++ ++ return TRUE; ++} ++ ++FilterExprNode * ++filter_replace_new(const gchar *re, const gchar *replacement) ++{ ++ FilterRE *self = g_new0(FilterRE, 1); ++ gint regerr; ++ ++ if (!g_ascii_strcasecmp(re, "ips")) ++ re = "(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}"; ++ ++ regerr = regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED); ++ if (regerr) ++ { ++ gchar errorbuf[256]; ++ regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf)); ++ msg_error("Error compiling regular expression:", ++ evt_tag_str("re", re), ++ evt_tag_str("error", errorbuf), ++ NULL); ++ g_free(self); ++ return NULL; ++ } ++ ++ self->replace = g_string_new(replacement); ++ self->super.eval = filter_replace_eval; ++ self->super.free_fn = filter_re_free; ++ ++ return &self->super; ++} ++ +diff -Naur syslog-ng-2.0.5.orig/src/filter.h syslog-ng-2.0.5/src/filter.h +--- syslog-ng-2.0.5.orig/src/filter.h 2007-05-21 19:21:07.000000000 +0200 ++++ syslog-ng-2.0.5/src/filter.h 2007-11-03 00:28:59.000000000 +0100 +@@ -54,6 +54,8 @@ + FilterExprNode *filter_match_new(gchar *re); + FilterExprNode *filter_call_new(gchar *rule, struct _GlobalConfig *cfg); + FilterExprNode *filter_netmask_new(gchar *cidr); ++FilterExprNode *filter_strip_new(const gchar *re); ++FilterExprNode *filter_replace_new(const gchar *re, const gchar *replacement); + + typedef struct _LogFilterRule + { diff --git a/app/admin/syslog-ng/syslog-ng.SlackBuild b/app/admin/syslog-ng/syslog-ng.SlackBuild new file mode 100755 index 00000000..5c2fa073 --- /dev/null +++ b/app/admin/syslog-ng/syslog-ng.SlackBuild @@ -0,0 +1,241 @@ +#!/bin/bash +# +# syslog-ng.SlackBuild is free software; you can redistribute +# it and/or modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the License, +# or any later version. +# +# syslog-ng.SlackBuild is distributed in the hope that it will +# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +# +# slackbuild for syslog-ng, by Silvio Rhatto +# requires: eventlog +# tested: syslog-ng-2.0.6 +# + +# Look for slackbuildrc +if [ -f ~/.slackbuildrc ]; then + source ~/.slackbuildrc +elif [ -f /etc/slackbuildrc ]; then + source /etc/slackbuildrc +fi + +# Set variables +CWD="$(pwd)" +SRC_NAME="syslog-ng" +PKG_NAME="syslog-ng" +ARCH=${ARCH:=i486} +SRC_VERSION=${VERSION:=2.0.6} +PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')" +BUILD=${BUILD:=1rha} +SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME +TMP=${TMP:=/tmp} +PKG=${PKG:=$TMP/package-$PKG_NAME} +REPOS=${REPOS:=$TMP} +PREFIX=${PREFIX:=/usr} +PKG_WORK="$TMP/$SRC_NAME" +CONF_OPTIONS=${CONF_OPTIONS:="--sysconfdir=/etc --enable-dynamic-linking"} +NUMJOBS=${NUMJOBS:=""} + +# Set system libraries' path and optmization flags based on $ARCH +LIBDIR="$PREFIX/lib" + +if [ "$ARCH" = "i386" ]; then + SLKCFLAGS="-O2 -march=i386 -mcpu=i686" +elif [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mcpu=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIR="$PREFIX/lib64" + LDFLAGS="-L/lib64 -L/usr/lib64" +fi + +# Set error codes (used by createpkg) +ERROR_WGET=31; ERROR_MAKE=32; ERROR_INSTALL=33 +ERROR_MD5=34; ERROR_CONF=35; ERROR_HELP=36 +ERROR_TAR=37; ERROR_MKPKG=38; ERROR_GPG=39 +ERROR_PATCH=40; ERROR_VCS=41; ERROR_MKDIR=42 + +# Clean up any leftovers of previous builds +rm -rf "$PKG_WORK" 2> /dev/null +rm -rf "$PKG" 2> /dev/null + +# Create directories if necessary +mkdir -p "$SRC_DIR" || exit $ERROR_MKDIR +mkdir -p "$PKG" || exit $ERROR_MKDIR +mkdir -p "$REPOS" || exit $ERROR_MKDIR +mkdir -p "$PKG_WORK" || exit $ERROR_MKDIR + +# Dowload source if necessary +SRC="$SRC_NAME-$VERSION.tar.gz" +URL="http://www.balabit.com/downloads/files/syslog-ng/sources/stable/src/$SRC" + +if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then + wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET +fi + +# Untar +cd "$PKG_WORK" +tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR +PKG_SRC="$PWD/`ls -l | awk '/^d/ { print $NF }'`" +cd "$PKG_SRC" + +# Patch source +patches="syslog-ng-anon-2.0.6.diff + $PKG_NAME.diff $PKG_NAME-$PKG_VERSION.diff + $PKG_NAME-$PKG_VERSION-$ARCH.diff $PKG_NAME-$ARCH.diff" +for patch in $patches; do + if [ -f "$CWD/$patch" ]; then + patch -Np1 < "$CWD/$patch" || exit $ERROR_PATCH + elif [ -f "$CWD/patches/$patch" ]; then + patch -Np1 < "$CWD/patches/$patch" || exit $ERROR_PATCH + elif [ -f "$CWD/$patch.gz" ]; then + gzip -dc "$CWD/$patch.gz" | patch -Np1 || exit $ERROR_PATCH + elif [ -f "$CWD/patches/$patch.gz" ]; then + gzip -dc "$CWD/patches/$patch.gz" | patch -Np1 || exit $ERROR_PATCH + fi +done + +if echo [[PATCH URLS]] | grep -q -v "PATCH URLS"; then + for patch_url in [[PATCH URLS]]; do + patch="`basename $patch_url`" + if [ ! -s "$SRC_DIR/$patch" ]; then + wget "$patch_url" -O "$SRC_DIR/$patch" || exit $ERROR_WGET + fi + if [ "`basename $patch .gz`" != "$patch" ]; then + gzip -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH + elif [ "`basename $patch .bz2`" != "$patch" ]; then + bzip2 -dc $SRC_DIR/$patch | patch -Np1 || exit $ERROR_PATCH + else + patch -Np1 < "$SRC_DIR/$patch" || exit $ERROR_PATCH + fi + done +fi + +# Configure +CFLAGS="$SLKCFLAGS" \ + CXXFLAGS="$SLKCFLAGS" \ + ./configure \ + --prefix="$PREFIX" --libdir="$LIBDIR" $CONF_OPTIONS || exit $ERROR_CONF + +# Compile +make $NUMJOBS || exit $ERROR_MAKE + +# Install +make install DESTDIR="$PKG" || exit $ERROR_INSTALL + +# Strip binaries +( cd "$PKG" + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null +) + +# Copy init scripts +mkdir -p $PKG/etc/rc.d +cp $CWD/rc.* $PKG/etc/rc.d/ + +# Copy config files +mkdir -p $PKG/etc +for conf in syslog-ng.conf.new logrotate.d/syslog-ng; do + mkdir -p $PKG/etc/`dirname $conf` + if [ -e "$CWD/conf/$conf" ]; then + cp -a $CWD/conf/$conf $PKG/etc/$conf + elif [ -e "$CWD/$conf" ]; then + cp -a $CWD/$conf $PKG/etc/$conf + elif [ -e "$conf" ]; then + cp -a $conf $PKG/etc/$conf + fi +done + +# Install documentation +DOCS="AUTHORS COPYING ChangeLog NEWS README VERSION" +mkdir -p "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" || exit $ERROR_MKDIR +for doc in $DOCS; do + if [ -f "$doc" ]; then + cp -a $doc "$PKG/usr/doc/$PKG_NAME-$PKG_VERSION" + fi +done + +# Add package description (slack-desc) +mkdir -p "$PKG/install" || exit $ERROR_MKDIR +cat << EODESC > "$PKG/install/slack-desc" +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler----------------------------------------------------| +syslog-ng: syslog-ng +syslog-ng: +syslog-ng: syslog-ng is a syslogd replacement supporting IPv6 and capable of +syslog-ng: transferring log messages reliably using TCP and filtering the +syslog-ng: content of messages using regular expressions. It has several +syslog-ng: macros that allow users to dynamically create target directories +syslog-ng: and files or reformat messages. +syslog-ng: +syslog-ng: +syslog-ng: +syslog-ng: +EODESC + +# Add a post-installation script (doinst.sh) +cat << EOSCRIPT > "$PKG/install/doinst.sh" +config() { + NEW="\$1" + OLD="\$(dirname \$NEW)/\$(basename \$NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r \$OLD ]; then + mv \$NEW \$OLD + elif [ "\$(cat \$OLD | md5sum)" = "\$(cat \$NEW | md5sum)" ]; then + # toss the redundant copy + rm \$NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +mkgroup() { + GROUP="\$1" + if ! grep -qe "^\$GROUP:" etc/group; then + echo Creating group \$GROUP... + chroot . /usr/sbin/groupadd \$GROUP + fi +} + +mkuser() { + USER="\$1" + if [ ! -z "\$2" ]; then + GROUP="\$2" + else + GROUP="\$USER" + fi + if ! grep -qe "^\$USER:" etc/passwd; then + echo Creating user \$USER... + chroot . /usr/sbin/useradd \$USER -g \$GROUP + fi +} + +config etc/rc.d/rc.syslog-ng.new ; config etc/syslog-ng.conf.new +EOSCRIPT + +# Build the package +cd "$PKG" +makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG + +# Delete source and build directories if requested +if [ "$CLEANUP" == "yes" ]; then + rm -rf "$PKG_WORK" "$PKG" +fi diff --git a/app/admin/syslog-ng/syslog-ng.conf.new b/app/admin/syslog-ng/syslog-ng.conf.new new file mode 100644 index 00000000..706a35a6 --- /dev/null +++ b/app/admin/syslog-ng/syslog-ng.conf.new @@ -0,0 +1,270 @@ +# +# Configuration file for syslog-ng under Debian. +# First customized for riseup.net and then to sarava.org. +# +# see http://www.campin.net/syslog-ng/expanded-syslog-ng.conf +# for examples. +# +# levels: emerg alert crit err warning notice info debug +# + +############################################################ +## global options + +options { + chain_hostnames(0); + time_reopen(10); + time_reap(360); + sync(0); + log_fifo_size(2048); + create_dirs(yes); + owner(root); + group(wheel); + perm(0640); + dir_perm(0755); + use_dns(no); +}; + +############################################################ +## universal source + +source s_all { + internal(); + unix-stream("/dev/log"); + file("/proc/kmsg" log_prefix("kernel: ")); +}; + +############################################################ +## generic destinations + +destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; +destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; +destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; +destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; +destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; + +############################################################ +## generic filters + +filter f_strip { strip(ips); }; +filter f_at_least_info { level(info..emerg); }; +filter f_at_least_notice { level(notice..emerg); }; +filter f_at_least_warn { level(warn..emerg); }; +filter f_at_least_err { level(err..emerg); }; +filter f_at_least_crit { level(crit..emerg); }; + +############################################################ +## secure + +filter f_auth { facility(auth, authpriv); }; +destination df_auth { file("/var/log/secure"); }; +log { + source(s_all); + filter(f_auth); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(df_auth); +}; + +############################################################ +## daemon log +# +#filter f_daemon { facility(daemon); }; +#destination df_daemon { file("/var/log/daemon.log"); }; +#log { +# source(s_all); +# filter(f_daemon); +# destination(df_daemon); +#}; + +############################################################ +## kern log +# +#filter f_kern { facility(kern); }; +#destination df_kern { file("/var/log/kernel"); }; +#log { +# source(s_all); +# filter(f_kern); +# destination(df_kern); +#}; + +############################################################ +## user log + +#filter f_user { facility(user); }; +#destination df_user { file("/var/log/user.log"); }; +#log { +# source(s_all); +# filter(f_user); +# destination(df_user); +#}; + +############################################################ +## sympa log + +filter f_sympa { program("^(sympa|bounced|archived|task_manager)"); }; +destination d_sympa { file("/var/log/sympa"); }; +log { + source(s_all); + filter(f_sympa); + destination(d_sympa); + flags(final); +}; + +############################################################ +## wwsympa log + +filter f_wwsympa { program("^wwsympa"); }; +destination d_wwsympa { file("/var/log/sympa"); }; +log { + source(s_all); + filter(f_wwsympa); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(d_wwsympa); + flags(final); +}; + +############################################################ +## ldap log +# +#filter f_ldap { program("slapd"); }; +#destination d_ldap { file("/var/log/ldap"); }; +#log { +# source(s_all); +# filter(f_ldap); +# destination(d_ldap); +# flags(final); +#}; + +############################################################ +## mail log + +filter f_postfix { + program("^postfix/") or + program("courier|imap|pop|dovecot") or + program("^maildrop") or + facility(mail); +}; +destination d_postfix { file("/var/log/maillog"); }; +log { + source(s_all); + filter(f_postfix); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(d_postfix); + flags(final); +}; + +############################################################ +## messages log + +filter f_messages { + facility(auth,authpriv,daemon,mail,user,kern,cron,news) or + level(info); +}; +destination df_messages { file("/var/log/messages"); }; +log { + source(s_all); + filter(f_messages); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(df_messages); +}; + +############################################################ +## system log + +filter f_system { + facility(auth,authpriv,daemon,mail,user,kern,cron,news) or + level(warn,err,crit,alert,emerg); +}; +destination df_system { file("/var/log/syslog"); }; +log { + source(s_all); + filter(f_system); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(df_system); +}; + +############################################################ +## cron log + +filter f_cron { facility(cron); }; +destination df_cron { file("/var/log/cron"); }; +log { + source(s_all); + filter(f_cron); + destination(df_cron); +}; + +############################################################ +## spooler log + +filter f_spooler { facility(uucp) and (facility(news) and level(crit)); }; +destination df_spooler { file("/var/log/spooler"); }; +log { + source(s_all); + filter(f_spooler); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(df_spooler); +}; + +############################################################ +## debug log + +filter f_debug { level(debug); }; +destination df_debug { file("/var/log/debug"); }; +log { + source(s_all); + filter(f_debug); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(df_debug); +}; + +############################################################ +## errors log +# +#filter f_errors { +# level(warn,err,crit,alert,emerg) +# and not facility(auth,authpriv,daemon,mail,user,kern); +#}; +#destination df_errors { file("/var/log/errors"); }; +#log { +# source(s_all); +# filter(f_errors); +# destination(df_errors); +#}; + +############################################################ +## emergencies + +filter f_emerg { level(emerg); }; +destination du_all { usertty("*"); }; +log { + source(s_all); + filter(f_emerg); + # comment the following line if you don't want to strip IPs + filter(f_strip); + destination(du_all); +}; + +############################################################ +## console messages + +#filter f_xconsole { +# facility(daemon,mail) +# or level(debug,info,notice,warn) +# or (facility(news) +# and level(crit,err,notice)); +#}; +#destination dp_xconsole { pipe("/dev/xconsole"); }; +#log { +# source(s_all); +# filter(f_xconsole); +# destination(dp_xconsole); +#}; + |