keks-overlay.git

@@ -0,0 +1,48 @@

+AUX syslog-ng-anon-2.0.4.diff 16854 RMD160 602aa45f8cd01415b202d2210d6765cc2352e720 SHA1 cd9f009a7f835045692eaf73d69d464a39a0b2b2 SHA256 ecc05be8fdcf1128ee0ccaea7290027609042ae966dd35e86310c29009cbe380

+MD5 660726d013b2a3b122e5c9ea66580011 files/syslog-ng-anon-2.0.4.diff 16854

+RMD160 602aa45f8cd01415b202d2210d6765cc2352e720 files/syslog-ng-anon-2.0.4.diff 16854

+SHA256 ecc05be8fdcf1128ee0ccaea7290027609042ae966dd35e86310c29009cbe380 files/syslog-ng-anon-2.0.4.diff 16854

+AUX syslog-ng.conf.debian 5445 RMD160 c3c2f319d437bb2548226f4f78db96cd6210c7cc SHA1 80256f810a5b87adf5b39320eb4b5758ba3003a0 SHA256 74943e12a92b415306e2fca27056a839fa7ce443ccd08fdafcfac9bcba08a1c3

+MD5 b9cf104e2020c2d8c5fa164b6f54de5c files/syslog-ng.conf.debian 5445

+RMD160 c3c2f319d437bb2548226f4f78db96cd6210c7cc files/syslog-ng.conf.debian 5445

+SHA256 74943e12a92b415306e2fca27056a839fa7ce443ccd08fdafcfac9bcba08a1c3 files/syslog-ng.conf.debian 5445

+AUX syslog-ng.conf.gentoo 1100 RMD160 02b1b6230d509369a86ac9e26c374f7972fbed9f SHA1 a27db752c611786062ac8e0d2e902c038d6323b2 SHA256 fbe8e8f7143748212d0726ad3ee6eed7479018eef788cdeee6796ae78cbdc96a

+MD5 9df476673c4f296fed44e21ca3cbd136 files/syslog-ng.conf.gentoo 1100

+RMD160 02b1b6230d509369a86ac9e26c374f7972fbed9f files/syslog-ng.conf.gentoo 1100

+SHA256 fbe8e8f7143748212d0726ad3ee6eed7479018eef788cdeee6796ae78cbdc96a files/syslog-ng.conf.gentoo 1100

+AUX syslog-ng.conf.gentoo.fbsd 702 RMD160 2fb49bab8ccc7ce763156ef14dbff858d7e6b416 SHA1 1a6bd708009fd6d18516d66a34bd9cb9ec7c3eed SHA256 ab54cc3e5595fad1b362039932ee8a7d7e852ebda3f08bb20ecc19c1be830751

+MD5 37af1755a1b1003fa49b4fd7197e268e files/syslog-ng.conf.gentoo.fbsd 702

+RMD160 2fb49bab8ccc7ce763156ef14dbff858d7e6b416 files/syslog-ng.conf.gentoo.fbsd 702

+SHA256 ab54cc3e5595fad1b362039932ee8a7d7e852ebda3f08bb20ecc19c1be830751 files/syslog-ng.conf.gentoo.fbsd 702

+AUX syslog-ng.conf.gentoo.hardened 4346 RMD160 18932d56ce748454941859dc04c417791184a84d SHA1 8773391798882c4120af039a073d670be5bb9d86 SHA256 110478ff3805ee917488b874fbdbb4b48f9f2b02840f83a0a1d967925ebe3552

+MD5 f33373c704c59b3141123ef16fc3e85d files/syslog-ng.conf.gentoo.hardened 4346

+RMD160 18932d56ce748454941859dc04c417791184a84d files/syslog-ng.conf.gentoo.hardened 4346

+SHA256 110478ff3805ee917488b874fbdbb4b48f9f2b02840f83a0a1d967925ebe3552 files/syslog-ng.conf.gentoo.hardened 4346

+AUX syslog-ng.confd 150 RMD160 b5ab31e1c285fdd2f41324abc2c6b39bce59038d SHA1 c5df6ef1eca2a169fb3073816d4a06b7c85c0b0c SHA256 8319ca8e39a5dab5ddc82eede088e1f58ff25deef330804648000359cb736a3f

+MD5 252ddaf4e3475b15b715b62f6c149fc1 files/syslog-ng.confd 150

+RMD160 b5ab31e1c285fdd2f41324abc2c6b39bce59038d files/syslog-ng.confd 150

+SHA256 8319ca8e39a5dab5ddc82eede088e1f58ff25deef330804648000359cb736a3f files/syslog-ng.confd 150

+AUX syslog-ng.logrotate 342 RMD160 ef72b796f96af38c421f2acc04ac3bed4c42de0e SHA1 77de0e56d3afb784d92b6e79f94a368952172eff SHA256 5a8a52e3832333eba51969d41cb6ae18e0a80d1e1ada39595dbc5f5075f91375

+MD5 fe66a527c7f36a560197b4187ad6d9db files/syslog-ng.logrotate 342

+RMD160 ef72b796f96af38c421f2acc04ac3bed4c42de0e files/syslog-ng.logrotate 342

+SHA256 5a8a52e3832333eba51969d41cb6ae18e0a80d1e1ada39595dbc5f5075f91375 files/syslog-ng.logrotate 342

+AUX syslog-ng.logrotate.hardened 1696 RMD160 9f22685778cf6d9c54ab899e586650e356a66498 SHA1 2c40af7591dac343047ac7a517c4ee8a5cb5f0a7 SHA256 e4530dab9b9d3c1a78bc1349e4ae647a6747b0aba7b3d5192f029281d71c89bf

+MD5 2adc9517b1dc66ebb76a40848178b937 files/syslog-ng.logrotate.hardened 1696

+RMD160 9f22685778cf6d9c54ab899e586650e356a66498 files/syslog-ng.logrotate.hardened 1696

+SHA256 e4530dab9b9d3c1a78bc1349e4ae647a6747b0aba7b3d5192f029281d71c89bf files/syslog-ng.logrotate.hardened 1696

+AUX syslog-ng.rc6 1615 RMD160 8cb414bc09c48fdb591320203947035f9c32e968 SHA1 3752874ee7d35cfb9ca92664f19caf5f187d6d5d SHA256 d4e574597148ae1b7009a9bc14df97c0b7b05e54f61619607e532984b5903b73

+MD5 b74c976f08eb333cd29db85f69ba5c36 files/syslog-ng.rc6 1615

+RMD160 8cb414bc09c48fdb591320203947035f9c32e968 files/syslog-ng.rc6 1615

+SHA256 d4e574597148ae1b7009a9bc14df97c0b7b05e54f61619607e532984b5903b73 files/syslog-ng.rc6 1615

+AUX syslog-ng.rc6-r1 1879 RMD160 846e8019a15887f3b95939cae25a04139a9697cf SHA1 a8c2c35ac85c65586d3d647698b4a24367d0840f SHA256 b894e6c5f860d81942467fa1449a3e9bf70779fe8ac288fa77b0feab811d4343

+MD5 3e699d770cbccadf59d1630426be3947 files/syslog-ng.rc6-r1 1879

+RMD160 846e8019a15887f3b95939cae25a04139a9697cf files/syslog-ng.rc6-r1 1879

+SHA256 b894e6c5f860d81942467fa1449a3e9bf70779fe8ac288fa77b0feab811d4343 files/syslog-ng.rc6-r1 1879

+DIST syslog-ng-2.0.5.tar.gz 363064 RMD160 feb568ca325259301ed320e53d09a7be0b6edf41 SHA1 f514e2d2ae7831298e71d6fa9cc1817f7038431c SHA256 34862f87d9d404ad4874d95ee871334f5bc2acad65420f672ad2ee286ab660a1

+EBUILD syslog-ng-2.0.5-r1.ebuild 2559 RMD160 54f4fde6a40d048487e3e42595f0c640e2399757 SHA1 e35436d2a3d28f6eeb06287e868291bd2c23f344 SHA256 ee2f06d4beba22ab3f2cc8ea92bb82de89faf99aa34ca6a2d85e77df4636f309

+MD5 c46b646a2d9a42a8f2ce25d0401db81f syslog-ng-2.0.5-r1.ebuild 2559

+RMD160 54f4fde6a40d048487e3e42595f0c640e2399757 syslog-ng-2.0.5-r1.ebuild 2559

+SHA256 ee2f06d4beba22ab3f2cc8ea92bb82de89faf99aa34ca6a2d85e77df4636f309 syslog-ng-2.0.5-r1.ebuild 2559

+MD5 cefbf1bbbac4106cecbdd48967e70bd7 files/digest-syslog-ng-2.0.5-r1 247

+RMD160 d37b1f38accd90e59e5b5fbee9d74382a4987a97 files/digest-syslog-ng-2.0.5-r1 247

+SHA256 4d5aae112aa2c494fa93fc4ea74360d6d072436d394d25bd5ca3d71ccdb88858 files/digest-syslog-ng-2.0.5-r1 247

@@ -0,0 +1,3 @@

+MD5 c161eefc450fabc246c1a10997c6c6a5 syslog-ng-2.0.5.tar.gz 363064

+RMD160 feb568ca325259301ed320e53d09a7be0b6edf41 syslog-ng-2.0.5.tar.gz 363064

+SHA256 34862f87d9d404ad4874d95ee871334f5bc2acad65420f672ad2ee286ab660a1 syslog-ng-2.0.5.tar.gz 363064

@@ -0,0 +1,536 @@

+diff -urN syslog-ng-2.0.4.orig/doc/examples/syslog-ng-anon.conf syslog-ng-2.0.4/doc/examples/syslog-ng-anon.conf

+--- syslog-ng-2.0.4.orig/doc/examples/syslog-ng-anon.conf	1969-12-31 18:00:00.000000000 -0600

++++ syslog-ng-2.0.4/doc/examples/syslog-ng-anon.conf	2007-07-08 23:32:28.000000000 -0500

+@@ -0,0 +1,243 @@

++#

++# Configuration file for syslog-ng under Debian.

++# Customized for riseup.net using syslog-ng-anon patch

++# (http://dev.riseup.net/patches/syslog-ng/)

++#

++# see http://www.campin.net/syslog-ng/expanded-syslog-ng.conf

++# for examples.

++#

++# levels: emerg alert crit err warning notice info debug

++#

++

++############################################################

++## global options

++

++options {

++    chain_hostnames(0);

++    time_reopen(10);

++    time_reap(360);

++    sync(0);

++    log_fifo_size(2048);

++    create_dirs(yes);

++    group(adm);

++    perm(0640);

++    dir_perm(0755);

++    use_dns(no);

++};

++

++############################################################

++## universal source

++

++source s_all {

++    internal();

++    unix-stream("/dev/log");

++    file("/proc/kmsg" log_prefix("kernel: "));

++};

++

++############################################################

++## generic destinations

++

++destination df_facility_dot_info   { file("/var/log/$FACILITY.info");   };

++destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };

++destination df_facility_dot_warn   { file("/var/log/$FACILITY.warn");   };

++destination df_facility_dot_err    { file("/var/log/$FACILITY.err");    };

++destination df_facility_dot_crit   { file("/var/log/$FACILITY.crit");   };

++

++############################################################

++## generic filters

++

++filter f_strip { strip(ips); };

++filter f_at_least_info   { level(info..emerg);   };

++filter f_at_least_notice { level(notice..emerg); };

++filter f_at_least_warn   { level(warn..emerg);   };

++filter f_at_least_err    { level(err..emerg);    };

++filter f_at_least_crit   { level(crit..emerg);   };

++

++############################################################

++## auth.log

++

++filter f_auth { facility(auth, authpriv); };

++destination df_auth { file("/var/log/auth.log"); };

++log {

++    source(s_all);

++    filter(f_auth);

++    destination(df_auth);

++};

++

++############################################################

++## daemon.log

++

++filter f_daemon { facility(daemon); };

++destination df_daemon { file("/var/log/daemon.log"); };

++log {

++    source(s_all);

++    filter(f_daemon);

++    destination(df_daemon);

++};

++

++############################################################

++## kern.log

++

++filter f_kern { facility(kern); };

++destination df_kern { file("/var/log/kern.log"); };

++log {

++    source(s_all);

++    filter(f_kern);

++    destination(df_kern);

++};

++

++############################################################

++## user.log

++

++filter f_user { facility(user); };

++destination df_user { file("/var/log/user.log"); };

++log {

++    source(s_all);

++    filter(f_user);

++    destination(df_user);

++};

++

++############################################################

++## sympa.log

++

++filter f_sympa { program("^(sympa|bounced|archived|task_manager)"); };

++destination d_sympa { file("/var/log/sympa.log"); };

++log {

++	source(s_all);

++	filter(f_sympa);

++	destination(d_sympa);

++	flags(final);

++};

++

++############################################################

++## wwsympa.log

++

++filter f_wwsympa { program("^wwsympa"); };

++destination d_wwsympa { file("/var/log/wwsympa.log"); };

++log {

++	source(s_all);

++	filter(f_wwsympa);

++	filter(f_strip);

++	destination(d_wwsympa);

++	flags(final);

++};

++

++############################################################

++## ldap.log

++

++filter f_ldap { program("slapd"); };

++destination d_ldap { file("/var/log/ldap.log"); };

++log {

++	source(s_all);

++	filter(f_ldap);

++	destination(d_ldap);

++	flags(final);

++};

++

++############################################################

++## postfix.log

++

++# special source because of chroot jail

++#source s_postfix { unix-stream("/var/spool/postfix/dev/log" keep-alive(yes)); }; 

++filter f_postfix { program("^postfix/"); };

++destination d_postfix { file("/var/log/postfix.log"); };

++log {

++	source(s_all);

++	filter(f_postfix);

++	filter(f_strip);

++	destination(d_postfix);

++	flags(final);

++};

++

++############################################################

++## courier.log

++

++filter f_courier { program("courier|imap|pop"); };

++destination d_courier { file("/var/log/courier.log"); };

++log {

++	source(s_all);

++	filter(f_courier);

++	filter(f_strip);

++	destination(d_courier);

++	flags(final);

++};

++

++############################################################

++## maildrop.log

++

++filter f_maildrop { program("^maildrop"); };

++destination d_maildrop { file("/var/log/maildrop.log"); };

++log {

++	source(s_all);

++	filter(f_maildrop);

++	destination(d_courier);

++	flags(final);

++};

++

++############################################################

++## mail.log

++

++filter f_mail { facility(mail); };

++destination df_mail { file("/var/log/mail.log"); };

++

++log {

++    source(s_all);

++    filter(f_mail);

++    destination(df_mail);

++};

++

++############################################################

++## messages.log

++

++filter f_messages {

++	level(debug,info,notice)

++	and not facility(auth,authpriv,daemon,mail,user,kern);

++};

++destination df_messages { file("/var/log/messages.log"); };

++log {

++    source(s_all);

++    filter(f_messages);

++    destination(df_messages);

++};

++

++############################################################

++## errors.log

++

++filter f_errors {

++	level(warn,err,crit,alert,emerg)

++	and not facility(auth,authpriv,daemon,mail,user,kern);

++};

++destination df_errors { file("/var/log/errors.log"); };

++log {

++	source(s_all);

++	filter(f_errors);

++	destination(df_errors);

++};

++

++############################################################

++## emergencies

++

++filter f_emerg { level(emerg); };

++destination du_all { usertty("*"); };

++log {

++	source(s_all);

++	filter(f_emerg);

++	destination(du_all);

++};

++

++############################################################

++## console messages

++

++filter f_xconsole {

++    facility(daemon,mail)

++    or level(debug,info,notice,warn)

++    or (facility(news)

++    and level(crit,err,notice));

++};

++destination dp_xconsole { pipe("/dev/xconsole"); };

++log {

++    source(s_all);

++    filter(f_xconsole);

++    destination(dp_xconsole);

++};

++

+diff -urN syslog-ng-2.0.4.orig/doc/Makefile.am syslog-ng-2.0.4/doc/Makefile.am

+--- syslog-ng-2.0.4.orig/doc/Makefile.am	2007-04-19 14:37:16.000000000 -0500

++++ syslog-ng-2.0.4/doc/Makefile.am	2007-07-08 23:34:14.000000000 -0500

+@@ -6,8 +6,10 @@

+ 	reference/syslog-ng.xml \

+ 	reference/syslog-ng.txt \

+ 	reference/syslog-ng.xsl \

++	reference/README.syslog-ng-anon \

+ 	examples/syslog-ng.conf.sample \

+-	examples/syslog-ng.conf.solaris

++	examples/syslog-ng.conf.solaris \

++	examples/syslog-ng-anon.conf

+ 

+ man_MANS = man/syslog-ng.8 man/syslog-ng.conf.5

+ 

+diff -urN syslog-ng-2.0.4.orig/doc/Makefile.in syslog-ng-2.0.4/doc/Makefile.in

+--- syslog-ng-2.0.4.orig/doc/Makefile.in	2007-05-15 09:40:53.000000000 -0500

++++ syslog-ng-2.0.4/doc/Makefile.in	2007-07-08 23:35:39.000000000 -0500

+@@ -135,8 +135,10 @@

+ 	reference/syslog-ng.xml \

+ 	reference/syslog-ng.txt \

+ 	reference/syslog-ng.xsl \

++	reference/README.syslog-ng-anon \

+ 	examples/syslog-ng.conf.sample \

+-	examples/syslog-ng.conf.solaris

++	examples/syslog-ng.conf.solaris \

++	examples/syslog-ng-anon.conf

+ 

+ 

+ man_MANS = man/syslog-ng.8 man/syslog-ng.conf.5

+diff -urN syslog-ng-2.0.4.orig/doc/reference/README.syslog-ng-anon syslog-ng-2.0.4/doc/reference/README.syslog-ng-anon

+--- syslog-ng-2.0.4.orig/doc/reference/README.syslog-ng-anon	1969-12-31 18:00:00.000000000 -0600

++++ syslog-ng-2.0.4/doc/reference/README.syslog-ng-anon	2007-07-08 23:32:09.000000000 -0500

+@@ -0,0 +1,93 @@

++syslog-ng-anon

++

++ This patch adds the capability to syslog-ng that allows you to strip

++ out any given regexp or all IP addresses from log messages before

++ they are written to disk. The goal is to give the system administrator

++ the means to implement site logging policies, by allowing them easy

++ control over exactly what data they retain in their logfiles,

++ regardless of what a particular daemon might think is best.

++

++Background:

++

++ Data retention has become a hot legal topic for ISPs and other Online

++ Service Providers (OSPs). There are many instances where it is preferable

++ to keep less information on users than is collected by default on many

++ systems. In the United States it is not currently required to retain

++ data on users of a server, but you may be required to provide all data

++ on a user which you have retained. OSPs can protect themselves from legal

++ hassles and added work by choosing what data they wish to retain.

++

++ From "Best Practices for Online Service Providers"

++ (http://www.eff.org/osp):

++

++  As an intermediary, the OSP [Online Service Provider] finds itself in

++  a position to collect and store detailed information about its users

++  and their online activities that may be of great interest to third

++  parties. The USA PATRIOT Act also provides the government with

++  expanded powers to request this information. As a result, OSP owners

++  must deal with requests from law enforcement and lawyers to hand over

++  private user information and logs. Yet, compliance with these demands

++  takes away from an OSP's goal of providing users with reliable,

++  secure network services. In this paper, EFF offers some suggestions,

++  both legal and technical, for best practices that balance the needs

++  of OSPs and their users' privacy and civil liberties.

++ 

++  Rather than scrubbing the information you don't want in logs, this patch

++  ensures that the information is never written to disk. Also, for those 

++  daemons which log through syslog facilities, this patch provides a 

++  convenient single configuration to limit what you wish to log.

++  

++  Here are some related links:

++  

++  Best Practices for Online Service Providers

++  http://www.eff.org/osp

++  http://www.eff.org/osp/20040819_OSPBestPractices.pdf

++  

++  EPIC International Data Retention Page

++  http://www.epic.org/privacy/intl/data_retention.html

++  

++  Working Paper on Usage Log Data Management (from Computer, Freedom, and 

++  Privacy conference) http://cryptome.org/usage-logs.htm

++  

++

++Installing syslog-ng-anon 

++  

++ Applying the patch

++

++  This patch has been tested against the following versions of syslog-ng:

++ 	. version 1.6.7

++ 	. Debian package syslog-ng_1.6.7-2

++

++

++  To use this patch, obtain the source for syslog-ng 

++  (http://www.balabit.com/downloads/syslog-ng/1.6/src/) and the latest

++  syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/). 

++  Uncompress the syslog-ng source and then apply the patch:

++

++  % tar -zxvf syslog-ng.tar.gz

++  % cd syslog-ng

++  % patch -p1 < syslog-ng-anon.diff

++ 

++  Then compile and install syslog-ng as normal.

++

++ Debian package

++

++  Alternately, you can install syslog-ng-anon from this repository:

++  deb http://deb.riseup.net/debian unstable main

++

++ How to use it

++

++  This patch adds the filter "strip". For example:

++

++ 	filter f_strip {strip(<regexp>);};

++

++  This will strip out all matches of the regular expression on logs to

++  which the filter is applied and replaces all matches with the fixed length

++  four dashes ("----").

++

++  In place of a regular expression, you can put "ips", which will replace all

++  internet addresses with 0.0.0.0. For example:

++

++ 	filter f_strip {strip(ips);};

++

++  You can alter what the replacement strings are by using replace:

+diff -urN syslog-ng-2.0.4.orig/src/cfg-grammar.y syslog-ng-2.0.4/src/cfg-grammar.y

+--- syslog-ng-2.0.4.orig/src/cfg-grammar.y	2007-04-20 15:24:08.000000000 -0500

++++ syslog-ng-2.0.4/src/cfg-grammar.y	2007-07-08 23:38:07.000000000 -0500

+@@ -107,7 +107,7 @@

+ %token KW_USE_TIME_RECVD

+ 

+ /* filter items*/

+-%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK

++%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK KW_STRIP KW_REPLACE

+ 

+ /* yes/no switches */

+ %token KW_YES KW_NO

+@@ -803,6 +803,8 @@

+ 	| KW_PROGRAM '(' string ')'		{ $$ = filter_prog_new($3); free($3); }

+ 	| KW_HOST '(' string ')'		{ $$ = filter_host_new($3); free($3); }	

+ 	| KW_MATCH '(' string ')'		{ $$ = filter_match_new($3); free($3); }

++	| KW_STRIP '(' string ')'		{ $$ = filter_strip_new($3); free($3); }

++	| KW_REPLACE '(' string string ')'	{ $$ = filter_replace_new($3, $4); free($3); free($4); }

+ 	| KW_FILTER '(' string ')'		{ $$ = filter_call_new($3, configuration); free($3); }

+ 	| KW_NETMASK '(' string ')'		{ $$ = filter_netmask_new($3); free($3); }

+ 	;

+@@ -908,4 +910,4 @@

+   last_reader_options = NULL;

+   last_writer_options = NULL;

+   last_template = NULL;

+-}

+\ No newline at end of file

++}

+diff -urN syslog-ng-2.0.4.orig/src/cfg-lex.l syslog-ng-2.0.4/src/cfg-lex.l

+--- syslog-ng-2.0.4.orig/src/cfg-lex.l	2007-04-19 14:37:16.000000000 -0500

++++ syslog-ng-2.0.4/src/cfg-lex.l	2007-07-08 23:38:51.000000000 -0500

+@@ -165,6 +165,8 @@

+         { "host",               KW_HOST },

+         { "match",		KW_MATCH },

+         { "netmask",		KW_NETMASK },

++	{ "strip",		KW_STRIP },

++	{ "replace",		KW_REPLACE },

+ 

+ 	/* on/off switches */

+ 	{ "yes",		KW_YES },

+diff -urN syslog-ng-2.0.4.orig/src/filter.c syslog-ng-2.0.4/src/filter.c

+--- syslog-ng-2.0.4.orig/src/filter.c	2007-04-29 11:59:54.000000000 -0500

++++ syslog-ng-2.0.4/src/filter.c	2007-07-09 00:29:40.000000000 -0500

+@@ -226,6 +226,7 @@

+ typedef struct _FilterRE

+ {

+   FilterExprNode super;

++  GString *replace;

+   regex_t regex;

+ } FilterRE;

+ 

+@@ -310,6 +311,9 @@

+ filter_re_free(FilterExprNode *s)

+ {

+   FilterRE *self = (FilterRE *) s;

++

++  if (self->replace != NULL)

++    g_string_free(self->replace, TRUE);

+   

+   regfree(&self->regex);

+   g_free(s);

+@@ -494,3 +498,88 @@

+   self->super.eval = filter_netmask_eval;

+   return &self->super;

+ }

++

++FilterExprNode *

++filter_strip_new(const gchar *re)

++{

++  if (g_ascii_strcasecmp(re, "ips") == 0)

++    return filter_replace_new(re, "0.0.0.0");

++

++  return filter_replace_new(re, "----");

++}

++

++#define FMIN(a, b) (a) < (b) ? (a) : (b)

++#define NEW_MSG_SIZE 2048

++

++static gboolean

++filter_replace_eval(FilterExprNode *s, LogMessage *log)

++{

++  FilterRE *self = (FilterRE *) s;

++  gchar *buffer = log->msg.str;

++  gint snippet_size;

++  regmatch_t pmatch;

++  gchar new_msg[NEW_MSG_SIZE];

++  gchar *new_msg_max = new_msg + NEW_MSG_SIZE;

++  gchar *new_msg_ptr = new_msg;

++  gint replace_length = self->replace->len;

++  gint error;

++

++  error = regexec(&self->regex, buffer, 1, &pmatch, 0);

++  if (error)

++    return TRUE;

++  while (!error)

++    {

++      /* copy string snippet which preceeds matched text */

++      snippet_size = FMIN(pmatch.rm_so, new_msg_max - new_msg_ptr);

++      memcpy(new_msg_ptr, buffer, snippet_size);

++      new_msg_ptr += snippet_size;

++

++      /* copy replacement */

++      snippet_size = FMIN(replace_length, new_msg_max - new_msg_ptr);

++      memcpy(new_msg_ptr, self->replace->str, snippet_size);

++      new_msg_ptr += snippet_size;

++

++      /* search for next match */

++      buffer += pmatch.rm_eo;

++      error = regexec(&self->regex, buffer, 1, &pmatch, REG_NOTBOL);

++    }

++

++  /* copy the rest of the old message */

++  snippet_size = FMIN(log->msg.len, new_msg_max - new_msg_ptr);

++  memcpy(new_msg_ptr, buffer, snippet_size);

++  new_msg_ptr += snippet_size;

++

++  g_string_erase(&log->msg, 0, -1);

++  g_string_append(&log->msg, new_msg);

++

++  return TRUE;

++}

++

++FilterExprNode *

++filter_replace_new(const gchar *re, const gchar *replacement)

++{

++  FilterRE *self = g_new0(FilterRE, 1);

++  gint regerr;

++

++  if (!g_ascii_strcasecmp(re, "ips"))

++    re = "25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}";

++

++  regerr = regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED);

++  if (regerr)

++    {

++      gchar errorbuf[256];

++      regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf));

++      msg_error("Error compiling regular expression:",

++                evt_tag_str("re", re),

++                evt_tag_str("error", errorbuf),

++                NULL);

++      g_free(self);

++      return NULL;

++    }

++

++  self->replace = g_string_new(replacement);

++  self->super.eval = filter_replace_eval;

++  self->super.free_fn = filter_re_free;

++

++  return &self->super;

++}

+diff -urN syslog-ng-2.0.4.orig/src/filter.h syslog-ng-2.0.4/src/filter.h

+--- syslog-ng-2.0.4.orig/src/filter.h	2007-04-19 14:37:16.000000000 -0500

++++ syslog-ng-2.0.4/src/filter.h	2007-07-09 00:10:57.000000000 -0500

+@@ -54,6 +54,8 @@

+ FilterExprNode *filter_match_new(gchar *re);

+ FilterExprNode *filter_call_new(gchar *rule, struct _GlobalConfig *cfg);

+ FilterExprNode *filter_netmask_new(gchar *cidr);

++FilterExprNode *filter_strip_new(const gchar *re);

++FilterExprNode *filter_replace_new(const gchar *re, const gchar *replacement);

+ 

+ typedef struct _LogFilterRule

+ {

@@ -0,0 +1,149 @@

+#

+# Syslog-ng configuration file, compatible with default Debian syslogd

+# installation. Originally written by anonymous (I can't find his name)

+# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>)

+

+# First, set some global options.

+options { chain_hostnames(off); sync(0); use_dns(no);

+	  owner("root"); group("adm"); perm(0640);

+};

+

+########################

+# Sources

+########################

+# This is the default behavior of sysklogd package

+# Logs may come from unix stream, but not from another machine.

+#

+source src { unix-dgram("/dev/log"); internal();

+       	     file("/proc/kmsg" log_prefix("kernel: "));

+};

+

+# If you wish to get logs from remote machine you should uncomment

+# this and comment the above source line.

+#

+#source net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); };

+

+########################

+# Destinations

+########################

+# First some standard logfile

+#

+destination auth { file("/var/log/auth.log"); };

+destination cron { file("/var/log/cron.log"); };

+destination daemon { file("/var/log/daemon.log"); };

+destination kern { file("/var/log/kern.log"); };

+destination lpr { file("/var/log/lpr.log"); };

+destination mail { file("/var/log/mail.log"); };

+destination syslog { file("/var/log/syslog.log"); };

+destination user { file("/var/log/user.log"); };

+destination uucp { file("/var/log/uucp.log"); };

+

+# This files are the log come from the mail subsystem.

+#

+destination mailinfo { file("/var/log/mail/mail.info"); };

+destination mailwarn { file("/var/log/mail/mail.warn"); };

+destination mailerr { file("/var/log/mail/mail.err"); };

+

+# Logging for INN news system

+#

+destination newscrit { file("/var/log/news/news.crit"); };

+destination newserr { file("/var/log/news/news.err"); };

+destination newsnotice { file("/var/log/news/news.notice"); };

+

+# Some `catch-all' logfiles.

+#

+destination debug { file("/var/log/debug"); };

+destination error { file("/var/log/error"); };

+

+# The root's console.

+#

+destination console { usertty("root"); };

+

+# Virtual console.

+#

+destination console_all { file("/dev/vc/10"); };

+

+# The named pipe /dev/xconsole is for the nsole' utility.  To use it,

+# you must invoke nsole' with the -file' option:

+#

+#    $ xconsole -file /dev/xconsole [...]

+#

+destination xconsole { pipe("/dev/xconsole"); };

+

+# Send the messages to an other host

+#

+#destination net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); };

+

+# Debian only

+destination ppp { file("/var/log/ppp.log"); };

+

+########################

+# Filters

+########################

+# Here's come the filter options. With this rules, we can set which 

+# message go where.

+

+filter dbg { level(debug); };

+filter info { level(info); };

+filter notice { level(notice); };

+filter warn { level(warn); };

+filter err { level(err); };

+filter crit { level(crit .. emerg); };

+

+filter debug { level(debug) and not facility(auth, authpriv, news, mail); };

+filter error { level(err .. emerg) ; };

+

+filter auth { facility(auth, authpriv) and not filter(debug); };

+filter cron { facility(cron) and not filter(debug); };

+filter daemon { facility(daemon) and not filter(debug); };

+filter kern { facility(kern) and not filter(debug); };

+filter lpr { facility(lpr) and not filter(debug); };

+filter local { facility(local0, local1, local3, local4, local5,

+                        local6, local7) and not filter(debug); };

+filter mail { facility(mail) and not filter(debug); };

+filter news { facility(news) and not filter(debug); };

+filter syslog { facility(syslog) and not filter(debug); };

+filter user { facility(user) and not filter(debug); };

+filter uucp { facility(uucp) and not filter(debug); };

+

+filter cnews { level(notice, err, crit) and facility(news); };

+filter cother { level(debug, info, notice, warn) or facility(daemon, mail); };

+

+filter ppp { facility(local2) and not filter(debug); };

+filter console { level(warn .. emerg); };

+

+########################

+# Log paths

+########################

+log { source(src); filter(auth); destination(auth); };

+log { source(src); filter(cron); destination(cron); };

+log { source(src); filter(daemon); destination(daemon); };

+log { source(src); filter(kern); destination(kern); };

+log { source(src); filter(lpr); destination(lpr); };

+log { source(src); filter(syslog); destination(syslog); };

+log { source(src); filter(user); destination(user); };

+log { source(src); filter(uucp); destination(uucp); };

+

+log { source(src); filter(mail); destination(mail); };

+#log { source(src); filter(mail); filter(info); destination(mailinfo); };

+#log { source(src); filter(mail); filter(warn); destination(mailwarn); };

+#log { source(src); filter(mail); filter(err); destination(mailerr); };

+

+log { source(src); filter(news); filter(crit); destination(newscrit); };

+log { source(src); filter(news); filter(err); destination(newserr); };

+log { source(src); filter(news); filter(notice); destination(newsnotice); };

+#log { source(src); filter(cnews); destination(console_all); };

+#log { source(src); filter(cother); destination(console_all); };

+

+#log { source(src); filter(ppp); destination(ppp); };

+

+log { source(src); filter(debug); destination(debug); };

+log { source(src); filter(error); destination(error); };

+

+log { source(src); filter(console); destination(console_all);

+				    destination(xconsole); };

+log { source(src); filter(crit); destination(console); };

+

+# All messages send to a remote site

+#

+#log { source(src); destination(net); };

@@ -0,0 +1,33 @@

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $

+#

+# Syslog-ng default configuration file for Gentoo Linux

+# contributed by Michael Sterrett

+

+options { 

+	chain_hostnames(off); 

+	sync(0); 

+

+	# The default action of syslog-ng 1.6.0 is to log a STATS line

+	# to the file every 10 minutes.  That's pretty ugly after a while.

+	# Change it to every 12 hours so you get a nice daily update of

+	# how many messages syslog-ng missed (0).

+	stats(43200); 

+};

+

+source src {

+    unix-stream("/dev/log" max-connections(256));

+    internal();

+    file("/proc/kmsg");

+};

+

+destination messages { file("/var/log/messages"); };

+

+# By default messages are logged to tty12...

+destination console_all { file("/dev/tty12"); };

+# ...if you intend to use /dev/console for programs like xconsole

+# you can comment out the destination line above that references /dev/tty12

+# and uncomment the line below.

+#destination console_all { file("/dev/console"); };

+

+log { source(src); destination(messages); };

+log { source(src); destination(console_all); };

@@ -0,0 +1,20 @@

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd,v 1.1 2007/03/27 07:38:41 mr_bones_ Exp $

+#

+# Syslog-ng default configuration file for Gentoo FreeBSD

+# contributed by Tiziano Mülle

+options {

+	chain_hostnames(off);

+	sync(0);

+

+	# The default action of syslog-ng 1.6.0 is to log a STATS line

+	# to the file every 10 minutes.  That's pretty ugly after a while.

+	# Change it to every 12 hours so you get a nice daily update of

+	# how many messages syslog-ng missed (0).

+	stats(43200);

+};

+

+source src { unix-dgram("/var/run/log"); file("/dev/klog"); internal(); };

+

+destination messages { file("/var/log/messages"); };

+

+log { source(src); destination(messages); };

@@ -0,0 +1,102 @@

+# Copyright 2005 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.4 2006/07/12 23:59:59 solar Exp $

+

+#

+# Syslog-ng configuration file, compatible with default hardened installations.

+#

+

+options { chain_hostnames(off); sync(0); };

+

+source src { unix-stream("/dev/log"); internal(); };

+source kernsrc { file("/proc/kmsg"); };

+#source net { udp(); };

+

+destination authlog { file("/var/log/auth.log"); };

+destination syslog { file("/var/log/syslog"); };

+destination cron { file("/var/log/cron.log"); };

+destination daemon { file("/var/log/daemon.log"); };

+destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };

+destination lpr { file("/var/log/lpr.log"); };

+destination user { file("/var/log/user.log"); };

+destination uucp { file("/var/log/uucp.log"); };

+#destination ppp { file("/var/log/ppp.log"); };

+destination mail { file("/var/log/mail.log"); };

+

+destination avc { file("/var/log/avc.log"); };

+destination audit { file("/var/log/audit.log"); };

+destination pax { file("/var/log/pax.log"); };

+destination grsec { file("/var/log/grsec.log"); };

+

+destination mailinfo { file("/var/log/mail.info"); };

+destination mailwarn { file("/var/log/mail.warn"); };

+destination mailerr { file("/var/log/mail.err"); };

+

+destination newscrit { file("/var/log/news/news.crit"); };

+destination newserr { file("/var/log/news/news.err"); };

+destination newsnotice { file("/var/log/news/news.notice"); };

+

+destination debug { file("/var/log/debug"); };

+destination messages { file("/var/log/messages"); };

+destination console { usertty("root"); };

+destination console_all { file("/dev/tty12"); };

+#destination loghost { udp("loghost" port(999)); };

+

+destination xconsole { pipe("/dev/xconsole"); };

+

+filter f_auth { facility(auth); };

+filter f_authpriv { facility(auth, authpriv); };

+filter f_syslog { not facility(authpriv, mail); };

+filter f_cron { facility(cron); };

+filter f_daemon { facility(daemon); };

+filter f_kern { facility(kern); };

+filter f_lpr { facility(lpr); };

+filter f_mail { facility(mail); };

+filter f_user { facility(user); };

+filter f_uucp { facility(uucp); };

+#filter f_ppp { facility(ppp); };

+filter f_news { facility(news); };

+filter f_debug { not facility(auth, authpriv, news, mail); };

+filter f_messages { level(info..warn) 

+	and not facility(auth, authpriv, mail, news); };

+filter f_emergency { level(emerg); };

+

+filter f_info { level(info); };

+

+filter f_notice { level(notice); };

+filter f_warn { level(warn); };

+filter f_crit { level(crit); };

+filter f_err { level(err); };

+

+filter f_avc { match(".*avc: .*"); };

+filter f_audit { match("^audit.*") and not match(".*avc: .*"); };

+filter f_pax { match("^PAX:.*"); };

+filter f_grsec { match("^grsec:.*"); };

+

+log { source(src); filter(f_authpriv); destination(authlog); };

+log { source(src); filter(f_syslog); destination(syslog); };

+log { source(src); filter(f_cron); destination(cron); };

+log { source(src); filter(f_daemon); destination(daemon); };

+log { source(kernsrc); filter(f_kern); destination(kern); };

+log { source(src); filter(f_lpr); destination(lpr); };

+log { source(src); filter(f_mail); destination(mail); };

+log { source(src); filter(f_user); destination(user); };

+log { source(src); filter(f_uucp); destination(uucp); };

+log { source(kernsrc); filter(f_pax); destination(pax); };

+log { source(kernsrc); filter(f_grsec); destination(grsec); };

+log { source(kernsrc); filter(f_audit); destination(audit); };

+log { source(kernsrc); filter(f_avc); destination(avc); };

+log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

+log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

+log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

+log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };

+log { source(src); filter(f_news); filter(f_err); destination(newserr); };

+log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };

+log { source(src); filter(f_debug); destination(debug); };

+log { source(src); filter(f_messages); destination(messages); };

+log { source(src); filter(f_emergency); destination(console); };

+#log { source(src); filter(f_ppp); destination(ppp); };

+log { source(src); destination(console_all); };

+

+

+

@@ -0,0 +1,6 @@

+# Config file for /etc/init.d/syslog-ng

+

+# Put any additional options for syslog-ng here.

+# See syslog-ng(8) for more information.

+

+SYSLOG_NG_OPTS=""

@@ -0,0 +1,12 @@

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate,v 1.2 2004/07/18 02:25:02 dragonheart Exp $

+#

+# Syslog-ng logrotate snippet for Gentoo Linux

+# contributed by Michael Sterrett

+#

+

+/var/log/messages {

+    sharedscripts

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

@@ -0,0 +1,73 @@

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.2 2007/07/26 20:58:01 mr_bones_ Exp $

+#

+# Syslog-ng logrotate snippet for Hardened Gentoo Linux

+# contributed by Maciej Grela

+#

+

+# Generic

+/var/log/debug /var/log/syslog /var/log/kern.log {

+    sharedscripts

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# System services

+/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log {

+    sharedscripts

+    missingok

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# User log

+/var/log/user.log {

+    sharedscripts

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# News system

+/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {

+    sharedscripts

+    missingok

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# Mail system

+/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {

+    sharedscripts

+    missingok

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# Hardened logs

+/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log {

+    sharedscripts

+    missingok

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# Authentication

+/var/log/auth.log {

+    sharedscripts

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

+

+# the rest

+/var/log/messages {

+    sharedscripts

+    postrotate

+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true

+    endscript

+}

@@ -0,0 +1,53 @@

+#!/sbin/runscript

+# Copyright 1999-2004 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6,v 1.18 2006/11/02 20:51:37 mr_bones_ Exp $

+

+opts="depend checkconfig start stop reload"

+

+depend() {

+	# Make networking dependency conditional on configuration

+	case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in

+		*source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*)

+			need net ;;

+	esac

+

+	need clock hostname

+	provide logger

+}

+

+checkconfig() {

+	if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then

+		eerror "You need to create /etc/syslog-ng/syslog-ng.conf first."

+		eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample"

+		return 1

+	fi

+	syslog-ng -s /etc/syslog-ng/syslog-ng.conf

+	eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)"

+}

+

+start() {

+	checkconfig || return 1

+	ebegin "Starting syslog-ng"

+	[[ -n ${SYSLOG_NG_OPTS} ]] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}"

+	start-stop-daemon --start --quiet --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS}

+	eend $? "Failed to start syslog-ng"

+}

+

+stop() {

+	ebegin "Stopping syslog-ng"

+	start-stop-daemon --stop --quiet --pidfile /var/run/syslog-ng.pid

+	eend $? "Failed to stop syslog-ng"

+	sleep 1 # needed for syslog-ng to stop in case we're restarting

+}

+

+reload() {

+	if [ ! -f /var/run/syslog-ng.pid ]; then

+		eerror "syslog-ng isn't running"

+		return 1

+	fi

+	checkconfig || return 1

+	ebegin "Reloading configuration and re-opening log files"

+	kill -HUP `cat /var/run/syslog-ng.pid` &>/dev/null

+	eend $?

+}

@@ -0,0 +1,59 @@

+#!/sbin/runscript

+# Copyright 1999-2004 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6-r1,v 1.6 2007/10/02 23:01:00 mr_bones_ Exp $

+

+opts="checkconfig reload"

+

+depend() {

+	# Make networking dependency conditional on configuration

+	case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in

+		*source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*)

+			need net ;;

+	esac

+

+	# kludge for baselayout-1 compatibility

+	[ -z "${svclib}" ] && config /etc/syslog-ng/syslog-ng.conf

+	need clock hostname localmount

+	provide logger

+}

+

+checkconfig() {

+	if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then

+		eerror "You need to create /etc/syslog-ng/syslog-ng.conf first."

+		eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample"

+		return 1

+	fi

+	syslog-ng -s /etc/syslog-ng/syslog-ng.conf

+	

+	# the start and reload functions have their own eends so 

+	# avoid calling this twice when there are no problems

+	[ $? -eq 0 ] || eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)"

+}

+

+start() {

+	checkconfig || return 1

+	ebegin "Starting syslog-ng"

+	[ -n "${SYSLOG_NG_OPTS}" ] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}"

+	start-stop-daemon --start --quiet --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS}

+	eend $? "Failed to start syslog-ng"

+}

+

+stop() {

+	ebegin "Stopping syslog-ng"

+	start-stop-daemon --stop --quiet --pidfile /var/run/syslog-ng.pid

+	eend $? "Failed to stop syslog-ng"

+	sleep 1 # needed for syslog-ng to stop in case we're restarting

+}

+

+reload() {

+	if [ ! -f /var/run/syslog-ng.pid ]; then

+		eerror "syslog-ng isn't running"

+		return 1

+	fi

+	checkconfig || return 1

+	ebegin "Reloading configuration and re-opening log files"

+	start-stop-daemon --stop --oknodo --signal HUP \

+	    --pidfile /var/run/syslog-ng.pid

+	eend $?

+}

@@ -0,0 +1,85 @@

+# Copyright 1999-2007 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/syslog-ng-2.0.5.ebuild,v 1.1 2007/07/25 03:58:38 mr_bones_ Exp $

+