Hanno Böck commited on 2007-10-04 15:37:12
Zeige 13 geänderte Dateien mit 1179 Einfügungen und 0 Löschungen.
... | ... |
@@ -0,0 +1,48 @@ |
1 |
+AUX syslog-ng-anon-2.0.4.diff 16854 RMD160 602aa45f8cd01415b202d2210d6765cc2352e720 SHA1 cd9f009a7f835045692eaf73d69d464a39a0b2b2 SHA256 ecc05be8fdcf1128ee0ccaea7290027609042ae966dd35e86310c29009cbe380 |
|
2 |
+MD5 660726d013b2a3b122e5c9ea66580011 files/syslog-ng-anon-2.0.4.diff 16854 |
|
3 |
+RMD160 602aa45f8cd01415b202d2210d6765cc2352e720 files/syslog-ng-anon-2.0.4.diff 16854 |
|
4 |
+SHA256 ecc05be8fdcf1128ee0ccaea7290027609042ae966dd35e86310c29009cbe380 files/syslog-ng-anon-2.0.4.diff 16854 |
|
5 |
+AUX syslog-ng.conf.debian 5445 RMD160 c3c2f319d437bb2548226f4f78db96cd6210c7cc SHA1 80256f810a5b87adf5b39320eb4b5758ba3003a0 SHA256 74943e12a92b415306e2fca27056a839fa7ce443ccd08fdafcfac9bcba08a1c3 |
|
6 |
+MD5 b9cf104e2020c2d8c5fa164b6f54de5c files/syslog-ng.conf.debian 5445 |
|
7 |
+RMD160 c3c2f319d437bb2548226f4f78db96cd6210c7cc files/syslog-ng.conf.debian 5445 |
|
8 |
+SHA256 74943e12a92b415306e2fca27056a839fa7ce443ccd08fdafcfac9bcba08a1c3 files/syslog-ng.conf.debian 5445 |
|
9 |
+AUX syslog-ng.conf.gentoo 1100 RMD160 02b1b6230d509369a86ac9e26c374f7972fbed9f SHA1 a27db752c611786062ac8e0d2e902c038d6323b2 SHA256 fbe8e8f7143748212d0726ad3ee6eed7479018eef788cdeee6796ae78cbdc96a |
|
10 |
+MD5 9df476673c4f296fed44e21ca3cbd136 files/syslog-ng.conf.gentoo 1100 |
|
11 |
+RMD160 02b1b6230d509369a86ac9e26c374f7972fbed9f files/syslog-ng.conf.gentoo 1100 |
|
12 |
+SHA256 fbe8e8f7143748212d0726ad3ee6eed7479018eef788cdeee6796ae78cbdc96a files/syslog-ng.conf.gentoo 1100 |
|
13 |
+AUX syslog-ng.conf.gentoo.fbsd 702 RMD160 2fb49bab8ccc7ce763156ef14dbff858d7e6b416 SHA1 1a6bd708009fd6d18516d66a34bd9cb9ec7c3eed SHA256 ab54cc3e5595fad1b362039932ee8a7d7e852ebda3f08bb20ecc19c1be830751 |
|
14 |
+MD5 37af1755a1b1003fa49b4fd7197e268e files/syslog-ng.conf.gentoo.fbsd 702 |
|
15 |
+RMD160 2fb49bab8ccc7ce763156ef14dbff858d7e6b416 files/syslog-ng.conf.gentoo.fbsd 702 |
|
16 |
+SHA256 ab54cc3e5595fad1b362039932ee8a7d7e852ebda3f08bb20ecc19c1be830751 files/syslog-ng.conf.gentoo.fbsd 702 |
|
17 |
+AUX syslog-ng.conf.gentoo.hardened 4346 RMD160 18932d56ce748454941859dc04c417791184a84d SHA1 8773391798882c4120af039a073d670be5bb9d86 SHA256 110478ff3805ee917488b874fbdbb4b48f9f2b02840f83a0a1d967925ebe3552 |
|
18 |
+MD5 f33373c704c59b3141123ef16fc3e85d files/syslog-ng.conf.gentoo.hardened 4346 |
|
19 |
+RMD160 18932d56ce748454941859dc04c417791184a84d files/syslog-ng.conf.gentoo.hardened 4346 |
|
20 |
+SHA256 110478ff3805ee917488b874fbdbb4b48f9f2b02840f83a0a1d967925ebe3552 files/syslog-ng.conf.gentoo.hardened 4346 |
|
21 |
+AUX syslog-ng.confd 150 RMD160 b5ab31e1c285fdd2f41324abc2c6b39bce59038d SHA1 c5df6ef1eca2a169fb3073816d4a06b7c85c0b0c SHA256 8319ca8e39a5dab5ddc82eede088e1f58ff25deef330804648000359cb736a3f |
|
22 |
+MD5 252ddaf4e3475b15b715b62f6c149fc1 files/syslog-ng.confd 150 |
|
23 |
+RMD160 b5ab31e1c285fdd2f41324abc2c6b39bce59038d files/syslog-ng.confd 150 |
|
24 |
+SHA256 8319ca8e39a5dab5ddc82eede088e1f58ff25deef330804648000359cb736a3f files/syslog-ng.confd 150 |
|
25 |
+AUX syslog-ng.logrotate 342 RMD160 ef72b796f96af38c421f2acc04ac3bed4c42de0e SHA1 77de0e56d3afb784d92b6e79f94a368952172eff SHA256 5a8a52e3832333eba51969d41cb6ae18e0a80d1e1ada39595dbc5f5075f91375 |
|
26 |
+MD5 fe66a527c7f36a560197b4187ad6d9db files/syslog-ng.logrotate 342 |
|
27 |
+RMD160 ef72b796f96af38c421f2acc04ac3bed4c42de0e files/syslog-ng.logrotate 342 |
|
28 |
+SHA256 5a8a52e3832333eba51969d41cb6ae18e0a80d1e1ada39595dbc5f5075f91375 files/syslog-ng.logrotate 342 |
|
29 |
+AUX syslog-ng.logrotate.hardened 1696 RMD160 9f22685778cf6d9c54ab899e586650e356a66498 SHA1 2c40af7591dac343047ac7a517c4ee8a5cb5f0a7 SHA256 e4530dab9b9d3c1a78bc1349e4ae647a6747b0aba7b3d5192f029281d71c89bf |
|
30 |
+MD5 2adc9517b1dc66ebb76a40848178b937 files/syslog-ng.logrotate.hardened 1696 |
|
31 |
+RMD160 9f22685778cf6d9c54ab899e586650e356a66498 files/syslog-ng.logrotate.hardened 1696 |
|
32 |
+SHA256 e4530dab9b9d3c1a78bc1349e4ae647a6747b0aba7b3d5192f029281d71c89bf files/syslog-ng.logrotate.hardened 1696 |
|
33 |
+AUX syslog-ng.rc6 1615 RMD160 8cb414bc09c48fdb591320203947035f9c32e968 SHA1 3752874ee7d35cfb9ca92664f19caf5f187d6d5d SHA256 d4e574597148ae1b7009a9bc14df97c0b7b05e54f61619607e532984b5903b73 |
|
34 |
+MD5 b74c976f08eb333cd29db85f69ba5c36 files/syslog-ng.rc6 1615 |
|
35 |
+RMD160 8cb414bc09c48fdb591320203947035f9c32e968 files/syslog-ng.rc6 1615 |
|
36 |
+SHA256 d4e574597148ae1b7009a9bc14df97c0b7b05e54f61619607e532984b5903b73 files/syslog-ng.rc6 1615 |
|
37 |
+AUX syslog-ng.rc6-r1 1879 RMD160 846e8019a15887f3b95939cae25a04139a9697cf SHA1 a8c2c35ac85c65586d3d647698b4a24367d0840f SHA256 b894e6c5f860d81942467fa1449a3e9bf70779fe8ac288fa77b0feab811d4343 |
|
38 |
+MD5 3e699d770cbccadf59d1630426be3947 files/syslog-ng.rc6-r1 1879 |
|
39 |
+RMD160 846e8019a15887f3b95939cae25a04139a9697cf files/syslog-ng.rc6-r1 1879 |
|
40 |
+SHA256 b894e6c5f860d81942467fa1449a3e9bf70779fe8ac288fa77b0feab811d4343 files/syslog-ng.rc6-r1 1879 |
|
41 |
+DIST syslog-ng-2.0.5.tar.gz 363064 RMD160 feb568ca325259301ed320e53d09a7be0b6edf41 SHA1 f514e2d2ae7831298e71d6fa9cc1817f7038431c SHA256 34862f87d9d404ad4874d95ee871334f5bc2acad65420f672ad2ee286ab660a1 |
|
42 |
+EBUILD syslog-ng-2.0.5-r1.ebuild 2559 RMD160 54f4fde6a40d048487e3e42595f0c640e2399757 SHA1 e35436d2a3d28f6eeb06287e868291bd2c23f344 SHA256 ee2f06d4beba22ab3f2cc8ea92bb82de89faf99aa34ca6a2d85e77df4636f309 |
|
43 |
+MD5 c46b646a2d9a42a8f2ce25d0401db81f syslog-ng-2.0.5-r1.ebuild 2559 |
|
44 |
+RMD160 54f4fde6a40d048487e3e42595f0c640e2399757 syslog-ng-2.0.5-r1.ebuild 2559 |
|
45 |
+SHA256 ee2f06d4beba22ab3f2cc8ea92bb82de89faf99aa34ca6a2d85e77df4636f309 syslog-ng-2.0.5-r1.ebuild 2559 |
|
46 |
+MD5 cefbf1bbbac4106cecbdd48967e70bd7 files/digest-syslog-ng-2.0.5-r1 247 |
|
47 |
+RMD160 d37b1f38accd90e59e5b5fbee9d74382a4987a97 files/digest-syslog-ng-2.0.5-r1 247 |
|
48 |
+SHA256 4d5aae112aa2c494fa93fc4ea74360d6d072436d394d25bd5ca3d71ccdb88858 files/digest-syslog-ng-2.0.5-r1 247 |
... | ... |
@@ -0,0 +1,536 @@ |
1 |
+diff -urN syslog-ng-2.0.4.orig/doc/examples/syslog-ng-anon.conf syslog-ng-2.0.4/doc/examples/syslog-ng-anon.conf |
|
2 |
+--- syslog-ng-2.0.4.orig/doc/examples/syslog-ng-anon.conf 1969-12-31 18:00:00.000000000 -0600 |
|
3 |
++++ syslog-ng-2.0.4/doc/examples/syslog-ng-anon.conf 2007-07-08 23:32:28.000000000 -0500 |
|
4 |
+@@ -0,0 +1,243 @@ |
|
5 |
++# |
|
6 |
++# Configuration file for syslog-ng under Debian. |
|
7 |
++# Customized for riseup.net using syslog-ng-anon patch |
|
8 |
++# (http://dev.riseup.net/patches/syslog-ng/) |
|
9 |
++# |
|
10 |
++# see http://www.campin.net/syslog-ng/expanded-syslog-ng.conf |
|
11 |
++# for examples. |
|
12 |
++# |
|
13 |
++# levels: emerg alert crit err warning notice info debug |
|
14 |
++# |
|
15 |
++ |
|
16 |
++############################################################ |
|
17 |
++## global options |
|
18 |
++ |
|
19 |
++options { |
|
20 |
++ chain_hostnames(0); |
|
21 |
++ time_reopen(10); |
|
22 |
++ time_reap(360); |
|
23 |
++ sync(0); |
|
24 |
++ log_fifo_size(2048); |
|
25 |
++ create_dirs(yes); |
|
26 |
++ group(adm); |
|
27 |
++ perm(0640); |
|
28 |
++ dir_perm(0755); |
|
29 |
++ use_dns(no); |
|
30 |
++}; |
|
31 |
++ |
|
32 |
++############################################################ |
|
33 |
++## universal source |
|
34 |
++ |
|
35 |
++source s_all { |
|
36 |
++ internal(); |
|
37 |
++ unix-stream("/dev/log"); |
|
38 |
++ file("/proc/kmsg" log_prefix("kernel: ")); |
|
39 |
++}; |
|
40 |
++ |
|
41 |
++############################################################ |
|
42 |
++## generic destinations |
|
43 |
++ |
|
44 |
++destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; |
|
45 |
++destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; |
|
46 |
++destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; |
|
47 |
++destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; |
|
48 |
++destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; |
|
49 |
++ |
|
50 |
++############################################################ |
|
51 |
++## generic filters |
|
52 |
++ |
|
53 |
++filter f_strip { strip(ips); }; |
|
54 |
++filter f_at_least_info { level(info..emerg); }; |
|
55 |
++filter f_at_least_notice { level(notice..emerg); }; |
|
56 |
++filter f_at_least_warn { level(warn..emerg); }; |
|
57 |
++filter f_at_least_err { level(err..emerg); }; |
|
58 |
++filter f_at_least_crit { level(crit..emerg); }; |
|
59 |
++ |
|
60 |
++############################################################ |
|
61 |
++## auth.log |
|
62 |
++ |
|
63 |
++filter f_auth { facility(auth, authpriv); }; |
|
64 |
++destination df_auth { file("/var/log/auth.log"); }; |
|
65 |
++log { |
|
66 |
++ source(s_all); |
|
67 |
++ filter(f_auth); |
|
68 |
++ destination(df_auth); |
|
69 |
++}; |
|
70 |
++ |
|
71 |
++############################################################ |
|
72 |
++## daemon.log |
|
73 |
++ |
|
74 |
++filter f_daemon { facility(daemon); }; |
|
75 |
++destination df_daemon { file("/var/log/daemon.log"); }; |
|
76 |
++log { |
|
77 |
++ source(s_all); |
|
78 |
++ filter(f_daemon); |
|
79 |
++ destination(df_daemon); |
|
80 |
++}; |
|
81 |
++ |
|
82 |
++############################################################ |
|
83 |
++## kern.log |
|
84 |
++ |
|
85 |
++filter f_kern { facility(kern); }; |
|
86 |
++destination df_kern { file("/var/log/kern.log"); }; |
|
87 |
++log { |
|
88 |
++ source(s_all); |
|
89 |
++ filter(f_kern); |
|
90 |
++ destination(df_kern); |
|
91 |
++}; |
|
92 |
++ |
|
93 |
++############################################################ |
|
94 |
++## user.log |
|
95 |
++ |
|
96 |
++filter f_user { facility(user); }; |
|
97 |
++destination df_user { file("/var/log/user.log"); }; |
|
98 |
++log { |
|
99 |
++ source(s_all); |
|
100 |
++ filter(f_user); |
|
101 |
++ destination(df_user); |
|
102 |
++}; |
|
103 |
++ |
|
104 |
++############################################################ |
|
105 |
++## sympa.log |
|
106 |
++ |
|
107 |
++filter f_sympa { program("^(sympa|bounced|archived|task_manager)"); }; |
|
108 |
++destination d_sympa { file("/var/log/sympa.log"); }; |
|
109 |
++log { |
|
110 |
++ source(s_all); |
|
111 |
++ filter(f_sympa); |
|
112 |
++ destination(d_sympa); |
|
113 |
++ flags(final); |
|
114 |
++}; |
|
115 |
++ |
|
116 |
++############################################################ |
|
117 |
++## wwsympa.log |
|
118 |
++ |
|
119 |
++filter f_wwsympa { program("^wwsympa"); }; |
|
120 |
++destination d_wwsympa { file("/var/log/wwsympa.log"); }; |
|
121 |
++log { |
|
122 |
++ source(s_all); |
|
123 |
++ filter(f_wwsympa); |
|
124 |
++ filter(f_strip); |
|
125 |
++ destination(d_wwsympa); |
|
126 |
++ flags(final); |
|
127 |
++}; |
|
128 |
++ |
|
129 |
++############################################################ |
|
130 |
++## ldap.log |
|
131 |
++ |
|
132 |
++filter f_ldap { program("slapd"); }; |
|
133 |
++destination d_ldap { file("/var/log/ldap.log"); }; |
|
134 |
++log { |
|
135 |
++ source(s_all); |
|
136 |
++ filter(f_ldap); |
|
137 |
++ destination(d_ldap); |
|
138 |
++ flags(final); |
|
139 |
++}; |
|
140 |
++ |
|
141 |
++############################################################ |
|
142 |
++## postfix.log |
|
143 |
++ |
|
144 |
++# special source because of chroot jail |
|
145 |
++#source s_postfix { unix-stream("/var/spool/postfix/dev/log" keep-alive(yes)); }; |
|
146 |
++filter f_postfix { program("^postfix/"); }; |
|
147 |
++destination d_postfix { file("/var/log/postfix.log"); }; |
|
148 |
++log { |
|
149 |
++ source(s_all); |
|
150 |
++ filter(f_postfix); |
|
151 |
++ filter(f_strip); |
|
152 |
++ destination(d_postfix); |
|
153 |
++ flags(final); |
|
154 |
++}; |
|
155 |
++ |
|
156 |
++############################################################ |
|
157 |
++## courier.log |
|
158 |
++ |
|
159 |
++filter f_courier { program("courier|imap|pop"); }; |
|
160 |
++destination d_courier { file("/var/log/courier.log"); }; |
|
161 |
++log { |
|
162 |
++ source(s_all); |
|
163 |
++ filter(f_courier); |
|
164 |
++ filter(f_strip); |
|
165 |
++ destination(d_courier); |
|
166 |
++ flags(final); |
|
167 |
++}; |
|
168 |
++ |
|
169 |
++############################################################ |
|
170 |
++## maildrop.log |
|
171 |
++ |
|
172 |
++filter f_maildrop { program("^maildrop"); }; |
|
173 |
++destination d_maildrop { file("/var/log/maildrop.log"); }; |
|
174 |
++log { |
|
175 |
++ source(s_all); |
|
176 |
++ filter(f_maildrop); |
|
177 |
++ destination(d_courier); |
|
178 |
++ flags(final); |
|
179 |
++}; |
|
180 |
++ |
|
181 |
++############################################################ |
|
182 |
++## mail.log |
|
183 |
++ |
|
184 |
++filter f_mail { facility(mail); }; |
|
185 |
++destination df_mail { file("/var/log/mail.log"); }; |
|
186 |
++ |
|
187 |
++log { |
|
188 |
++ source(s_all); |
|
189 |
++ filter(f_mail); |
|
190 |
++ destination(df_mail); |
|
191 |
++}; |
|
192 |
++ |
|
193 |
++############################################################ |
|
194 |
++## messages.log |
|
195 |
++ |
|
196 |
++filter f_messages { |
|
197 |
++ level(debug,info,notice) |
|
198 |
++ and not facility(auth,authpriv,daemon,mail,user,kern); |
|
199 |
++}; |
|
200 |
++destination df_messages { file("/var/log/messages.log"); }; |
|
201 |
++log { |
|
202 |
++ source(s_all); |
|
203 |
++ filter(f_messages); |
|
204 |
++ destination(df_messages); |
|
205 |
++}; |
|
206 |
++ |
|
207 |
++############################################################ |
|
208 |
++## errors.log |
|
209 |
++ |
|
210 |
++filter f_errors { |
|
211 |
++ level(warn,err,crit,alert,emerg) |
|
212 |
++ and not facility(auth,authpriv,daemon,mail,user,kern); |
|
213 |
++}; |
|
214 |
++destination df_errors { file("/var/log/errors.log"); }; |
|
215 |
++log { |
|
216 |
++ source(s_all); |
|
217 |
++ filter(f_errors); |
|
218 |
++ destination(df_errors); |
|
219 |
++}; |
|
220 |
++ |
|
221 |
++############################################################ |
|
222 |
++## emergencies |
|
223 |
++ |
|
224 |
++filter f_emerg { level(emerg); }; |
|
225 |
++destination du_all { usertty("*"); }; |
|
226 |
++log { |
|
227 |
++ source(s_all); |
|
228 |
++ filter(f_emerg); |
|
229 |
++ destination(du_all); |
|
230 |
++}; |
|
231 |
++ |
|
232 |
++############################################################ |
|
233 |
++## console messages |
|
234 |
++ |
|
235 |
++filter f_xconsole { |
|
236 |
++ facility(daemon,mail) |
|
237 |
++ or level(debug,info,notice,warn) |
|
238 |
++ or (facility(news) |
|
239 |
++ and level(crit,err,notice)); |
|
240 |
++}; |
|
241 |
++destination dp_xconsole { pipe("/dev/xconsole"); }; |
|
242 |
++log { |
|
243 |
++ source(s_all); |
|
244 |
++ filter(f_xconsole); |
|
245 |
++ destination(dp_xconsole); |
|
246 |
++}; |
|
247 |
++ |
|
248 |
+diff -urN syslog-ng-2.0.4.orig/doc/Makefile.am syslog-ng-2.0.4/doc/Makefile.am |
|
249 |
+--- syslog-ng-2.0.4.orig/doc/Makefile.am 2007-04-19 14:37:16.000000000 -0500 |
|
250 |
++++ syslog-ng-2.0.4/doc/Makefile.am 2007-07-08 23:34:14.000000000 -0500 |
|
251 |
+@@ -6,8 +6,10 @@ |
|
252 |
+ reference/syslog-ng.xml \ |
|
253 |
+ reference/syslog-ng.txt \ |
|
254 |
+ reference/syslog-ng.xsl \ |
|
255 |
++ reference/README.syslog-ng-anon \ |
|
256 |
+ examples/syslog-ng.conf.sample \ |
|
257 |
+- examples/syslog-ng.conf.solaris |
|
258 |
++ examples/syslog-ng.conf.solaris \ |
|
259 |
++ examples/syslog-ng-anon.conf |
|
260 |
+ |
|
261 |
+ man_MANS = man/syslog-ng.8 man/syslog-ng.conf.5 |
|
262 |
+ |
|
263 |
+diff -urN syslog-ng-2.0.4.orig/doc/Makefile.in syslog-ng-2.0.4/doc/Makefile.in |
|
264 |
+--- syslog-ng-2.0.4.orig/doc/Makefile.in 2007-05-15 09:40:53.000000000 -0500 |
|
265 |
++++ syslog-ng-2.0.4/doc/Makefile.in 2007-07-08 23:35:39.000000000 -0500 |
|
266 |
+@@ -135,8 +135,10 @@ |
|
267 |
+ reference/syslog-ng.xml \ |
|
268 |
+ reference/syslog-ng.txt \ |
|
269 |
+ reference/syslog-ng.xsl \ |
|
270 |
++ reference/README.syslog-ng-anon \ |
|
271 |
+ examples/syslog-ng.conf.sample \ |
|
272 |
+- examples/syslog-ng.conf.solaris |
|
273 |
++ examples/syslog-ng.conf.solaris \ |
|
274 |
++ examples/syslog-ng-anon.conf |
|
275 |
+ |
|
276 |
+ |
|
277 |
+ man_MANS = man/syslog-ng.8 man/syslog-ng.conf.5 |
|
278 |
+diff -urN syslog-ng-2.0.4.orig/doc/reference/README.syslog-ng-anon syslog-ng-2.0.4/doc/reference/README.syslog-ng-anon |
|
279 |
+--- syslog-ng-2.0.4.orig/doc/reference/README.syslog-ng-anon 1969-12-31 18:00:00.000000000 -0600 |
|
280 |
++++ syslog-ng-2.0.4/doc/reference/README.syslog-ng-anon 2007-07-08 23:32:09.000000000 -0500 |
|
281 |
+@@ -0,0 +1,93 @@ |
|
282 |
++syslog-ng-anon |
|
283 |
++ |
|
284 |
++ This patch adds the capability to syslog-ng that allows you to strip |
|
285 |
++ out any given regexp or all IP addresses from log messages before |
|
286 |
++ they are written to disk. The goal is to give the system administrator |
|
287 |
++ the means to implement site logging policies, by allowing them easy |
|
288 |
++ control over exactly what data they retain in their logfiles, |
|
289 |
++ regardless of what a particular daemon might think is best. |
|
290 |
++ |
|
291 |
++Background: |
|
292 |
++ |
|
293 |
++ Data retention has become a hot legal topic for ISPs and other Online |
|
294 |
++ Service Providers (OSPs). There are many instances where it is preferable |
|
295 |
++ to keep less information on users than is collected by default on many |
|
296 |
++ systems. In the United States it is not currently required to retain |
|
297 |
++ data on users of a server, but you may be required to provide all data |
|
298 |
++ on a user which you have retained. OSPs can protect themselves from legal |
|
299 |
++ hassles and added work by choosing what data they wish to retain. |
|
300 |
++ |
|
301 |
++ From "Best Practices for Online Service Providers" |
|
302 |
++ (http://www.eff.org/osp): |
|
303 |
++ |
|
304 |
++ As an intermediary, the OSP [Online Service Provider] finds itself in |
|
305 |
++ a position to collect and store detailed information about its users |
|
306 |
++ and their online activities that may be of great interest to third |
|
307 |
++ parties. The USA PATRIOT Act also provides the government with |
|
308 |
++ expanded powers to request this information. As a result, OSP owners |
|
309 |
++ must deal with requests from law enforcement and lawyers to hand over |
|
310 |
++ private user information and logs. Yet, compliance with these demands |
|
311 |
++ takes away from an OSP's goal of providing users with reliable, |
|
312 |
++ secure network services. In this paper, EFF offers some suggestions, |
|
313 |
++ both legal and technical, for best practices that balance the needs |
|
314 |
++ of OSPs and their users' privacy and civil liberties. |
|
315 |
++ |
|
316 |
++ Rather than scrubbing the information you don't want in logs, this patch |
|
317 |
++ ensures that the information is never written to disk. Also, for those |
|
318 |
++ daemons which log through syslog facilities, this patch provides a |
|
319 |
++ convenient single configuration to limit what you wish to log. |
|
320 |
++ |
|
321 |
++ Here are some related links: |
|
322 |
++ |
|
323 |
++ Best Practices for Online Service Providers |
|
324 |
++ http://www.eff.org/osp |
|
325 |
++ http://www.eff.org/osp/20040819_OSPBestPractices.pdf |
|
326 |
++ |
|
327 |
++ EPIC International Data Retention Page |
|
328 |
++ http://www.epic.org/privacy/intl/data_retention.html |
|
329 |
++ |
|
330 |
++ Working Paper on Usage Log Data Management (from Computer, Freedom, and |
|
331 |
++ Privacy conference) http://cryptome.org/usage-logs.htm |
|
332 |
++ |
|
333 |
++ |
|
334 |
++Installing syslog-ng-anon |
|
335 |
++ |
|
336 |
++ Applying the patch |
|
337 |
++ |
|
338 |
++ This patch has been tested against the following versions of syslog-ng: |
|
339 |
++ . version 1.6.7 |
|
340 |
++ . Debian package syslog-ng_1.6.7-2 |
|
341 |
++ |
|
342 |
++ |
|
343 |
++ To use this patch, obtain the source for syslog-ng |
|
344 |
++ (http://www.balabit.com/downloads/syslog-ng/1.6/src/) and the latest |
|
345 |
++ syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/). |
|
346 |
++ Uncompress the syslog-ng source and then apply the patch: |
|
347 |
++ |
|
348 |
++ % tar -zxvf syslog-ng.tar.gz |
|
349 |
++ % cd syslog-ng |
|
350 |
++ % patch -p1 < syslog-ng-anon.diff |
|
351 |
++ |
|
352 |
++ Then compile and install syslog-ng as normal. |
|
353 |
++ |
|
354 |
++ Debian package |
|
355 |
++ |
|
356 |
++ Alternately, you can install syslog-ng-anon from this repository: |
|
357 |
++ deb http://deb.riseup.net/debian unstable main |
|
358 |
++ |
|
359 |
++ How to use it |
|
360 |
++ |
|
361 |
++ This patch adds the filter "strip". For example: |
|
362 |
++ |
|
363 |
++ filter f_strip {strip(<regexp>);}; |
|
364 |
++ |
|
365 |
++ This will strip out all matches of the regular expression on logs to |
|
366 |
++ which the filter is applied and replaces all matches with the fixed length |
|
367 |
++ four dashes ("----"). |
|
368 |
++ |
|
369 |
++ In place of a regular expression, you can put "ips", which will replace all |
|
370 |
++ internet addresses with 0.0.0.0. For example: |
|
371 |
++ |
|
372 |
++ filter f_strip {strip(ips);}; |
|
373 |
++ |
|
374 |
++ You can alter what the replacement strings are by using replace: |
|
375 |
+diff -urN syslog-ng-2.0.4.orig/src/cfg-grammar.y syslog-ng-2.0.4/src/cfg-grammar.y |
|
376 |
+--- syslog-ng-2.0.4.orig/src/cfg-grammar.y 2007-04-20 15:24:08.000000000 -0500 |
|
377 |
++++ syslog-ng-2.0.4/src/cfg-grammar.y 2007-07-08 23:38:07.000000000 -0500 |
|
378 |
+@@ -107,7 +107,7 @@ |
|
379 |
+ %token KW_USE_TIME_RECVD |
|
380 |
+ |
|
381 |
+ /* filter items*/ |
|
382 |
+-%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK |
|
383 |
++%token KW_FACILITY KW_LEVEL KW_HOST KW_MATCH KW_NETMASK KW_STRIP KW_REPLACE |
|
384 |
+ |
|
385 |
+ /* yes/no switches */ |
|
386 |
+ %token KW_YES KW_NO |
|
387 |
+@@ -803,6 +803,8 @@ |
|
388 |
+ | KW_PROGRAM '(' string ')' { $$ = filter_prog_new($3); free($3); } |
|
389 |
+ | KW_HOST '(' string ')' { $$ = filter_host_new($3); free($3); } |
|
390 |
+ | KW_MATCH '(' string ')' { $$ = filter_match_new($3); free($3); } |
|
391 |
++ | KW_STRIP '(' string ')' { $$ = filter_strip_new($3); free($3); } |
|
392 |
++ | KW_REPLACE '(' string string ')' { $$ = filter_replace_new($3, $4); free($3); free($4); } |
|
393 |
+ | KW_FILTER '(' string ')' { $$ = filter_call_new($3, configuration); free($3); } |
|
394 |
+ | KW_NETMASK '(' string ')' { $$ = filter_netmask_new($3); free($3); } |
|
395 |
+ ; |
|
396 |
+@@ -908,4 +910,4 @@ |
|
397 |
+ last_reader_options = NULL; |
|
398 |
+ last_writer_options = NULL; |
|
399 |
+ last_template = NULL; |
|
400 |
+-} |
|
401 |
+\ No newline at end of file |
|
402 |
++} |
|
403 |
+diff -urN syslog-ng-2.0.4.orig/src/cfg-lex.l syslog-ng-2.0.4/src/cfg-lex.l |
|
404 |
+--- syslog-ng-2.0.4.orig/src/cfg-lex.l 2007-04-19 14:37:16.000000000 -0500 |
|
405 |
++++ syslog-ng-2.0.4/src/cfg-lex.l 2007-07-08 23:38:51.000000000 -0500 |
|
406 |
+@@ -165,6 +165,8 @@ |
|
407 |
+ { "host", KW_HOST }, |
|
408 |
+ { "match", KW_MATCH }, |
|
409 |
+ { "netmask", KW_NETMASK }, |
|
410 |
++ { "strip", KW_STRIP }, |
|
411 |
++ { "replace", KW_REPLACE }, |
|
412 |
+ |
|
413 |
+ /* on/off switches */ |
|
414 |
+ { "yes", KW_YES }, |
|
415 |
+diff -urN syslog-ng-2.0.4.orig/src/filter.c syslog-ng-2.0.4/src/filter.c |
|
416 |
+--- syslog-ng-2.0.4.orig/src/filter.c 2007-04-29 11:59:54.000000000 -0500 |
|
417 |
++++ syslog-ng-2.0.4/src/filter.c 2007-07-09 00:29:40.000000000 -0500 |
|
418 |
+@@ -226,6 +226,7 @@ |
|
419 |
+ typedef struct _FilterRE |
|
420 |
+ { |
|
421 |
+ FilterExprNode super; |
|
422 |
++ GString *replace; |
|
423 |
+ regex_t regex; |
|
424 |
+ } FilterRE; |
|
425 |
+ |
|
426 |
+@@ -310,6 +311,9 @@ |
|
427 |
+ filter_re_free(FilterExprNode *s) |
|
428 |
+ { |
|
429 |
+ FilterRE *self = (FilterRE *) s; |
|
430 |
++ |
|
431 |
++ if (self->replace != NULL) |
|
432 |
++ g_string_free(self->replace, TRUE); |
|
433 |
+ |
|
434 |
+ regfree(&self->regex); |
|
435 |
+ g_free(s); |
|
436 |
+@@ -494,3 +498,88 @@ |
|
437 |
+ self->super.eval = filter_netmask_eval; |
|
438 |
+ return &self->super; |
|
439 |
+ } |
|
440 |
++ |
|
441 |
++FilterExprNode * |
|
442 |
++filter_strip_new(const gchar *re) |
|
443 |
++{ |
|
444 |
++ if (g_ascii_strcasecmp(re, "ips") == 0) |
|
445 |
++ return filter_replace_new(re, "0.0.0.0"); |
|
446 |
++ |
|
447 |
++ return filter_replace_new(re, "----"); |
|
448 |
++} |
|
449 |
++ |
|
450 |
++#define FMIN(a, b) (a) < (b) ? (a) : (b) |
|
451 |
++#define NEW_MSG_SIZE 2048 |
|
452 |
++ |
|
453 |
++static gboolean |
|
454 |
++filter_replace_eval(FilterExprNode *s, LogMessage *log) |
|
455 |
++{ |
|
456 |
++ FilterRE *self = (FilterRE *) s; |
|
457 |
++ gchar *buffer = log->msg.str; |
|
458 |
++ gint snippet_size; |
|
459 |
++ regmatch_t pmatch; |
|
460 |
++ gchar new_msg[NEW_MSG_SIZE]; |
|
461 |
++ gchar *new_msg_max = new_msg + NEW_MSG_SIZE; |
|
462 |
++ gchar *new_msg_ptr = new_msg; |
|
463 |
++ gint replace_length = self->replace->len; |
|
464 |
++ gint error; |
|
465 |
++ |
|
466 |
++ error = regexec(&self->regex, buffer, 1, &pmatch, 0); |
|
467 |
++ if (error) |
|
468 |
++ return TRUE; |
|
469 |
++ while (!error) |
|
470 |
++ { |
|
471 |
++ /* copy string snippet which preceeds matched text */ |
|
472 |
++ snippet_size = FMIN(pmatch.rm_so, new_msg_max - new_msg_ptr); |
|
473 |
++ memcpy(new_msg_ptr, buffer, snippet_size); |
|
474 |
++ new_msg_ptr += snippet_size; |
|
475 |
++ |
|
476 |
++ /* copy replacement */ |
|
477 |
++ snippet_size = FMIN(replace_length, new_msg_max - new_msg_ptr); |
|
478 |
++ memcpy(new_msg_ptr, self->replace->str, snippet_size); |
|
479 |
++ new_msg_ptr += snippet_size; |
|
480 |
++ |
|
481 |
++ /* search for next match */ |
|
482 |
++ buffer += pmatch.rm_eo; |
|
483 |
++ error = regexec(&self->regex, buffer, 1, &pmatch, REG_NOTBOL); |
|
484 |
++ } |
|
485 |
++ |
|
486 |
++ /* copy the rest of the old message */ |
|
487 |
++ snippet_size = FMIN(log->msg.len, new_msg_max - new_msg_ptr); |
|
488 |
++ memcpy(new_msg_ptr, buffer, snippet_size); |
|
489 |
++ new_msg_ptr += snippet_size; |
|
490 |
++ |
|
491 |
++ g_string_erase(&log->msg, 0, -1); |
|
492 |
++ g_string_append(&log->msg, new_msg); |
|
493 |
++ |
|
494 |
++ return TRUE; |
|
495 |
++} |
|
496 |
++ |
|
497 |
++FilterExprNode * |
|
498 |
++filter_replace_new(const gchar *re, const gchar *replacement) |
|
499 |
++{ |
|
500 |
++ FilterRE *self = g_new0(FilterRE, 1); |
|
501 |
++ gint regerr; |
|
502 |
++ |
|
503 |
++ if (!g_ascii_strcasecmp(re, "ips")) |
|
504 |
++ re = "25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}"; |
|
505 |
++ |
|
506 |
++ regerr = regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED); |
|
507 |
++ if (regerr) |
|
508 |
++ { |
|
509 |
++ gchar errorbuf[256]; |
|
510 |
++ regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf)); |
|
511 |
++ msg_error("Error compiling regular expression:", |
|
512 |
++ evt_tag_str("re", re), |
|
513 |
++ evt_tag_str("error", errorbuf), |
|
514 |
++ NULL); |
|
515 |
++ g_free(self); |
|
516 |
++ return NULL; |
|
517 |
++ } |
|
518 |
++ |
|
519 |
++ self->replace = g_string_new(replacement); |
|
520 |
++ self->super.eval = filter_replace_eval; |
|
521 |
++ self->super.free_fn = filter_re_free; |
|
522 |
++ |
|
523 |
++ return &self->super; |
|
524 |
++} |
|
525 |
+diff -urN syslog-ng-2.0.4.orig/src/filter.h syslog-ng-2.0.4/src/filter.h |
|
526 |
+--- syslog-ng-2.0.4.orig/src/filter.h 2007-04-19 14:37:16.000000000 -0500 |
|
527 |
++++ syslog-ng-2.0.4/src/filter.h 2007-07-09 00:10:57.000000000 -0500 |
|
528 |
+@@ -54,6 +54,8 @@ |
|
529 |
+ FilterExprNode *filter_match_new(gchar *re); |
|
530 |
+ FilterExprNode *filter_call_new(gchar *rule, struct _GlobalConfig *cfg); |
|
531 |
+ FilterExprNode *filter_netmask_new(gchar *cidr); |
|
532 |
++FilterExprNode *filter_strip_new(const gchar *re); |
|
533 |
++FilterExprNode *filter_replace_new(const gchar *re, const gchar *replacement); |
|
534 |
+ |
|
535 |
+ typedef struct _LogFilterRule |
|
536 |
+ { |
... | ... |
@@ -0,0 +1,149 @@ |
1 |
+# |
|
2 |
+# Syslog-ng configuration file, compatible with default Debian syslogd |
|
3 |
+# installation. Originally written by anonymous (I can't find his name) |
|
4 |
+# Revised, and rewrited by me (SZALAY Attila <sasa@debian.org>) |
|
5 |
+ |
|
6 |
+# First, set some global options. |
|
7 |
+options { chain_hostnames(off); sync(0); use_dns(no); |
|
8 |
+ owner("root"); group("adm"); perm(0640); |
|
9 |
+}; |
|
10 |
+ |
|
11 |
+######################## |
|
12 |
+# Sources |
|
13 |
+######################## |
|
14 |
+# This is the default behavior of sysklogd package |
|
15 |
+# Logs may come from unix stream, but not from another machine. |
|
16 |
+# |
|
17 |
+source src { unix-dgram("/dev/log"); internal(); |
|
18 |
+ file("/proc/kmsg" log_prefix("kernel: ")); |
|
19 |
+}; |
|
20 |
+ |
|
21 |
+# If you wish to get logs from remote machine you should uncomment |
|
22 |
+# this and comment the above source line. |
|
23 |
+# |
|
24 |
+#source net { tcp(ip(127.0.0.1) port(1000) authentication(required) encrypt(allow)); }; |
|
25 |
+ |
|
26 |
+######################## |
|
27 |
+# Destinations |
|
28 |
+######################## |
|
29 |
+# First some standard logfile |
|
30 |
+# |
|
31 |
+destination auth { file("/var/log/auth.log"); }; |
|
32 |
+destination cron { file("/var/log/cron.log"); }; |
|
33 |
+destination daemon { file("/var/log/daemon.log"); }; |
|
34 |
+destination kern { file("/var/log/kern.log"); }; |
|
35 |
+destination lpr { file("/var/log/lpr.log"); }; |
|
36 |
+destination mail { file("/var/log/mail.log"); }; |
|
37 |
+destination syslog { file("/var/log/syslog.log"); }; |
|
38 |
+destination user { file("/var/log/user.log"); }; |
|
39 |
+destination uucp { file("/var/log/uucp.log"); }; |
|
40 |
+ |
|
41 |
+# This files are the log come from the mail subsystem. |
|
42 |
+# |
|
43 |
+destination mailinfo { file("/var/log/mail/mail.info"); }; |
|
44 |
+destination mailwarn { file("/var/log/mail/mail.warn"); }; |
|
45 |
+destination mailerr { file("/var/log/mail/mail.err"); }; |
|
46 |
+ |
|
47 |
+# Logging for INN news system |
|
48 |
+# |
|
49 |
+destination newscrit { file("/var/log/news/news.crit"); }; |
|
50 |
+destination newserr { file("/var/log/news/news.err"); }; |
|
51 |
+destination newsnotice { file("/var/log/news/news.notice"); }; |
|
52 |
+ |
|
53 |
+# Some `catch-all' logfiles. |
|
54 |
+# |
|
55 |
+destination debug { file("/var/log/debug"); }; |
|
56 |
+destination error { file("/var/log/error"); }; |
|
57 |
+ |
|
58 |
+# The root's console. |
|
59 |
+# |
|
60 |
+destination console { usertty("root"); }; |
|
61 |
+ |
|
62 |
+# Virtual console. |
|
63 |
+# |
|
64 |
+destination console_all { file("/dev/vc/10"); }; |
|
65 |
+ |
|
66 |
+# The named pipe /dev/xconsole is for the nsole' utility. To use it, |
|
67 |
+# you must invoke nsole' with the -file' option: |
|
68 |
+# |
|
69 |
+# $ xconsole -file /dev/xconsole [...] |
|
70 |
+# |
|
71 |
+destination xconsole { pipe("/dev/xconsole"); }; |
|
72 |
+ |
|
73 |
+# Send the messages to an other host |
|
74 |
+# |
|
75 |
+#destination net { tcp("127.0.0.1" port(1000) authentication(on) encrypt(on) log_fifo_size(1000)); }; |
|
76 |
+ |
|
77 |
+# Debian only |
|
78 |
+destination ppp { file("/var/log/ppp.log"); }; |
|
79 |
+ |
|
80 |
+######################## |
|
81 |
+# Filters |
|
82 |
+######################## |
|
83 |
+# Here's come the filter options. With this rules, we can set which |
|
84 |
+# message go where. |
|
85 |
+ |
|
86 |
+filter dbg { level(debug); }; |
|
87 |
+filter info { level(info); }; |
|
88 |
+filter notice { level(notice); }; |
|
89 |
+filter warn { level(warn); }; |
|
90 |
+filter err { level(err); }; |
|
91 |
+filter crit { level(crit .. emerg); }; |
|
92 |
+ |
|
93 |
+filter debug { level(debug) and not facility(auth, authpriv, news, mail); }; |
|
94 |
+filter error { level(err .. emerg) ; }; |
|
95 |
+ |
|
96 |
+filter auth { facility(auth, authpriv) and not filter(debug); }; |
|
97 |
+filter cron { facility(cron) and not filter(debug); }; |
|
98 |
+filter daemon { facility(daemon) and not filter(debug); }; |
|
99 |
+filter kern { facility(kern) and not filter(debug); }; |
|
100 |
+filter lpr { facility(lpr) and not filter(debug); }; |
|
101 |
+filter local { facility(local0, local1, local3, local4, local5, |
|
102 |
+ local6, local7) and not filter(debug); }; |
|
103 |
+filter mail { facility(mail) and not filter(debug); }; |
|
104 |
+filter news { facility(news) and not filter(debug); }; |
|
105 |
+filter syslog { facility(syslog) and not filter(debug); }; |
|
106 |
+filter user { facility(user) and not filter(debug); }; |
|
107 |
+filter uucp { facility(uucp) and not filter(debug); }; |
|
108 |
+ |
|
109 |
+filter cnews { level(notice, err, crit) and facility(news); }; |
|
110 |
+filter cother { level(debug, info, notice, warn) or facility(daemon, mail); }; |
|
111 |
+ |
|
112 |
+filter ppp { facility(local2) and not filter(debug); }; |
|
113 |
+filter console { level(warn .. emerg); }; |
|
114 |
+ |
|
115 |
+######################## |
|
116 |
+# Log paths |
|
117 |
+######################## |
|
118 |
+log { source(src); filter(auth); destination(auth); }; |
|
119 |
+log { source(src); filter(cron); destination(cron); }; |
|
120 |
+log { source(src); filter(daemon); destination(daemon); }; |
|
121 |
+log { source(src); filter(kern); destination(kern); }; |
|
122 |
+log { source(src); filter(lpr); destination(lpr); }; |
|
123 |
+log { source(src); filter(syslog); destination(syslog); }; |
|
124 |
+log { source(src); filter(user); destination(user); }; |
|
125 |
+log { source(src); filter(uucp); destination(uucp); }; |
|
126 |
+ |
|
127 |
+log { source(src); filter(mail); destination(mail); }; |
|
128 |
+#log { source(src); filter(mail); filter(info); destination(mailinfo); }; |
|
129 |
+#log { source(src); filter(mail); filter(warn); destination(mailwarn); }; |
|
130 |
+#log { source(src); filter(mail); filter(err); destination(mailerr); }; |
|
131 |
+ |
|
132 |
+log { source(src); filter(news); filter(crit); destination(newscrit); }; |
|
133 |
+log { source(src); filter(news); filter(err); destination(newserr); }; |
|
134 |
+log { source(src); filter(news); filter(notice); destination(newsnotice); }; |
|
135 |
+#log { source(src); filter(cnews); destination(console_all); }; |
|
136 |
+#log { source(src); filter(cother); destination(console_all); }; |
|
137 |
+ |
|
138 |
+#log { source(src); filter(ppp); destination(ppp); }; |
|
139 |
+ |
|
140 |
+log { source(src); filter(debug); destination(debug); }; |
|
141 |
+log { source(src); filter(error); destination(error); }; |
|
142 |
+ |
|
143 |
+log { source(src); filter(console); destination(console_all); |
|
144 |
+ destination(xconsole); }; |
|
145 |
+log { source(src); filter(crit); destination(console); }; |
|
146 |
+ |
|
147 |
+# All messages send to a remote site |
|
148 |
+# |
|
149 |
+#log { source(src); destination(net); }; |
... | ... |
@@ -0,0 +1,33 @@ |
1 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $ |
|
2 |
+# |
|
3 |
+# Syslog-ng default configuration file for Gentoo Linux |
|
4 |
+# contributed by Michael Sterrett |
|
5 |
+ |
|
6 |
+options { |
|
7 |
+ chain_hostnames(off); |
|
8 |
+ sync(0); |
|
9 |
+ |
|
10 |
+ # The default action of syslog-ng 1.6.0 is to log a STATS line |
|
11 |
+ # to the file every 10 minutes. That's pretty ugly after a while. |
|
12 |
+ # Change it to every 12 hours so you get a nice daily update of |
|
13 |
+ # how many messages syslog-ng missed (0). |
|
14 |
+ stats(43200); |
|
15 |
+}; |
|
16 |
+ |
|
17 |
+source src { |
|
18 |
+ unix-stream("/dev/log" max-connections(256)); |
|
19 |
+ internal(); |
|
20 |
+ file("/proc/kmsg"); |
|
21 |
+}; |
|
22 |
+ |
|
23 |
+destination messages { file("/var/log/messages"); }; |
|
24 |
+ |
|
25 |
+# By default messages are logged to tty12... |
|
26 |
+destination console_all { file("/dev/tty12"); }; |
|
27 |
+# ...if you intend to use /dev/console for programs like xconsole |
|
28 |
+# you can comment out the destination line above that references /dev/tty12 |
|
29 |
+# and uncomment the line below. |
|
30 |
+#destination console_all { file("/dev/console"); }; |
|
31 |
+ |
|
32 |
+log { source(src); destination(messages); }; |
|
33 |
+log { source(src); destination(console_all); }; |
... | ... |
@@ -0,0 +1,20 @@ |
1 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd,v 1.1 2007/03/27 07:38:41 mr_bones_ Exp $ |
|
2 |
+# |
|
3 |
+# Syslog-ng default configuration file for Gentoo FreeBSD |
|
4 |
+# contributed by Tiziano Mülle |
|
5 |
+options { |
|
6 |
+ chain_hostnames(off); |
|
7 |
+ sync(0); |
|
8 |
+ |
|
9 |
+ # The default action of syslog-ng 1.6.0 is to log a STATS line |
|
10 |
+ # to the file every 10 minutes. That's pretty ugly after a while. |
|
11 |
+ # Change it to every 12 hours so you get a nice daily update of |
|
12 |
+ # how many messages syslog-ng missed (0). |
|
13 |
+ stats(43200); |
|
14 |
+}; |
|
15 |
+ |
|
16 |
+source src { unix-dgram("/var/run/log"); file("/dev/klog"); internal(); }; |
|
17 |
+ |
|
18 |
+destination messages { file("/var/log/messages"); }; |
|
19 |
+ |
|
20 |
+log { source(src); destination(messages); }; |
... | ... |
@@ -0,0 +1,102 @@ |
1 |
+# Copyright 2005 Gentoo Foundation |
|
2 |
+# Distributed under the terms of the GNU General Public License v2 |
|
3 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.4 2006/07/12 23:59:59 solar Exp $ |
|
4 |
+ |
|
5 |
+# |
|
6 |
+# Syslog-ng configuration file, compatible with default hardened installations. |
|
7 |
+# |
|
8 |
+ |
|
9 |
+options { chain_hostnames(off); sync(0); }; |
|
10 |
+ |
|
11 |
+source src { unix-stream("/dev/log"); internal(); }; |
|
12 |
+source kernsrc { file("/proc/kmsg"); }; |
|
13 |
+#source net { udp(); }; |
|
14 |
+ |
|
15 |
+destination authlog { file("/var/log/auth.log"); }; |
|
16 |
+destination syslog { file("/var/log/syslog"); }; |
|
17 |
+destination cron { file("/var/log/cron.log"); }; |
|
18 |
+destination daemon { file("/var/log/daemon.log"); }; |
|
19 |
+destination kern { file("/var/log/kern.log"); file("/dev/tty12"); }; |
|
20 |
+destination lpr { file("/var/log/lpr.log"); }; |
|
21 |
+destination user { file("/var/log/user.log"); }; |
|
22 |
+destination uucp { file("/var/log/uucp.log"); }; |
|
23 |
+#destination ppp { file("/var/log/ppp.log"); }; |
|
24 |
+destination mail { file("/var/log/mail.log"); }; |
|
25 |
+ |
|
26 |
+destination avc { file("/var/log/avc.log"); }; |
|
27 |
+destination audit { file("/var/log/audit.log"); }; |
|
28 |
+destination pax { file("/var/log/pax.log"); }; |
|
29 |
+destination grsec { file("/var/log/grsec.log"); }; |
|
30 |
+ |
|
31 |
+destination mailinfo { file("/var/log/mail.info"); }; |
|
32 |
+destination mailwarn { file("/var/log/mail.warn"); }; |
|
33 |
+destination mailerr { file("/var/log/mail.err"); }; |
|
34 |
+ |
|
35 |
+destination newscrit { file("/var/log/news/news.crit"); }; |
|
36 |
+destination newserr { file("/var/log/news/news.err"); }; |
|
37 |
+destination newsnotice { file("/var/log/news/news.notice"); }; |
|
38 |
+ |
|
39 |
+destination debug { file("/var/log/debug"); }; |
|
40 |
+destination messages { file("/var/log/messages"); }; |
|
41 |
+destination console { usertty("root"); }; |
|
42 |
+destination console_all { file("/dev/tty12"); }; |
|
43 |
+#destination loghost { udp("loghost" port(999)); }; |
|
44 |
+ |
|
45 |
+destination xconsole { pipe("/dev/xconsole"); }; |
|
46 |
+ |
|
47 |
+filter f_auth { facility(auth); }; |
|
48 |
+filter f_authpriv { facility(auth, authpriv); }; |
|
49 |
+filter f_syslog { not facility(authpriv, mail); }; |
|
50 |
+filter f_cron { facility(cron); }; |
|
51 |
+filter f_daemon { facility(daemon); }; |
|
52 |
+filter f_kern { facility(kern); }; |
|
53 |
+filter f_lpr { facility(lpr); }; |
|
54 |
+filter f_mail { facility(mail); }; |
|
55 |
+filter f_user { facility(user); }; |
|
56 |
+filter f_uucp { facility(uucp); }; |
|
57 |
+#filter f_ppp { facility(ppp); }; |
|
58 |
+filter f_news { facility(news); }; |
|
59 |
+filter f_debug { not facility(auth, authpriv, news, mail); }; |
|
60 |
+filter f_messages { level(info..warn) |
|
61 |
+ and not facility(auth, authpriv, mail, news); }; |
|
62 |
+filter f_emergency { level(emerg); }; |
|
63 |
+ |
|
64 |
+filter f_info { level(info); }; |
|
65 |
+ |
|
66 |
+filter f_notice { level(notice); }; |
|
67 |
+filter f_warn { level(warn); }; |
|
68 |
+filter f_crit { level(crit); }; |
|
69 |
+filter f_err { level(err); }; |
|
70 |
+ |
|
71 |
+filter f_avc { match(".*avc: .*"); }; |
|
72 |
+filter f_audit { match("^audit.*") and not match(".*avc: .*"); }; |
|
73 |
+filter f_pax { match("^PAX:.*"); }; |
|
74 |
+filter f_grsec { match("^grsec:.*"); }; |
|
75 |
+ |
|
76 |
+log { source(src); filter(f_authpriv); destination(authlog); }; |
|
77 |
+log { source(src); filter(f_syslog); destination(syslog); }; |
|
78 |
+log { source(src); filter(f_cron); destination(cron); }; |
|
79 |
+log { source(src); filter(f_daemon); destination(daemon); }; |
|
80 |
+log { source(kernsrc); filter(f_kern); destination(kern); }; |
|
81 |
+log { source(src); filter(f_lpr); destination(lpr); }; |
|
82 |
+log { source(src); filter(f_mail); destination(mail); }; |
|
83 |
+log { source(src); filter(f_user); destination(user); }; |
|
84 |
+log { source(src); filter(f_uucp); destination(uucp); }; |
|
85 |
+log { source(kernsrc); filter(f_pax); destination(pax); }; |
|
86 |
+log { source(kernsrc); filter(f_grsec); destination(grsec); }; |
|
87 |
+log { source(kernsrc); filter(f_audit); destination(audit); }; |
|
88 |
+log { source(kernsrc); filter(f_avc); destination(avc); }; |
|
89 |
+log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; |
|
90 |
+log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; |
|
91 |
+log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; |
|
92 |
+log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; |
|
93 |
+log { source(src); filter(f_news); filter(f_err); destination(newserr); }; |
|
94 |
+log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; |
|
95 |
+log { source(src); filter(f_debug); destination(debug); }; |
|
96 |
+log { source(src); filter(f_messages); destination(messages); }; |
|
97 |
+log { source(src); filter(f_emergency); destination(console); }; |
|
98 |
+#log { source(src); filter(f_ppp); destination(ppp); }; |
|
99 |
+log { source(src); destination(console_all); }; |
|
100 |
+ |
|
101 |
+ |
|
102 |
+ |
... | ... |
@@ -0,0 +1,12 @@ |
1 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate,v 1.2 2004/07/18 02:25:02 dragonheart Exp $ |
|
2 |
+# |
|
3 |
+# Syslog-ng logrotate snippet for Gentoo Linux |
|
4 |
+# contributed by Michael Sterrett |
|
5 |
+# |
|
6 |
+ |
|
7 |
+/var/log/messages { |
|
8 |
+ sharedscripts |
|
9 |
+ postrotate |
|
10 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
11 |
+ endscript |
|
12 |
+} |
... | ... |
@@ -0,0 +1,73 @@ |
1 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.2 2007/07/26 20:58:01 mr_bones_ Exp $ |
|
2 |
+# |
|
3 |
+# Syslog-ng logrotate snippet for Hardened Gentoo Linux |
|
4 |
+# contributed by Maciej Grela |
|
5 |
+# |
|
6 |
+ |
|
7 |
+# Generic |
|
8 |
+/var/log/debug /var/log/syslog /var/log/kern.log { |
|
9 |
+ sharedscripts |
|
10 |
+ postrotate |
|
11 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
12 |
+ endscript |
|
13 |
+} |
|
14 |
+ |
|
15 |
+# System services |
|
16 |
+/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log { |
|
17 |
+ sharedscripts |
|
18 |
+ missingok |
|
19 |
+ postrotate |
|
20 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
21 |
+ endscript |
|
22 |
+} |
|
23 |
+ |
|
24 |
+# User log |
|
25 |
+/var/log/user.log { |
|
26 |
+ sharedscripts |
|
27 |
+ postrotate |
|
28 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
29 |
+ endscript |
|
30 |
+} |
|
31 |
+ |
|
32 |
+# News system |
|
33 |
+/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice { |
|
34 |
+ sharedscripts |
|
35 |
+ missingok |
|
36 |
+ postrotate |
|
37 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
38 |
+ endscript |
|
39 |
+} |
|
40 |
+ |
|
41 |
+# Mail system |
|
42 |
+/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn { |
|
43 |
+ sharedscripts |
|
44 |
+ missingok |
|
45 |
+ postrotate |
|
46 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
47 |
+ endscript |
|
48 |
+} |
|
49 |
+ |
|
50 |
+# Hardened logs |
|
51 |
+/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log { |
|
52 |
+ sharedscripts |
|
53 |
+ missingok |
|
54 |
+ postrotate |
|
55 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
56 |
+ endscript |
|
57 |
+} |
|
58 |
+ |
|
59 |
+# Authentication |
|
60 |
+/var/log/auth.log { |
|
61 |
+ sharedscripts |
|
62 |
+ postrotate |
|
63 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
64 |
+ endscript |
|
65 |
+} |
|
66 |
+ |
|
67 |
+# the rest |
|
68 |
+/var/log/messages { |
|
69 |
+ sharedscripts |
|
70 |
+ postrotate |
|
71 |
+ /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true |
|
72 |
+ endscript |
|
73 |
+} |
... | ... |
@@ -0,0 +1,53 @@ |
1 |
+#!/sbin/runscript |
|
2 |
+# Copyright 1999-2004 Gentoo Foundation |
|
3 |
+# Distributed under the terms of the GNU General Public License v2 |
|
4 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6,v 1.18 2006/11/02 20:51:37 mr_bones_ Exp $ |
|
5 |
+ |
|
6 |
+opts="depend checkconfig start stop reload" |
|
7 |
+ |
|
8 |
+depend() { |
|
9 |
+ # Make networking dependency conditional on configuration |
|
10 |
+ case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in |
|
11 |
+ *source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*) |
|
12 |
+ need net ;; |
|
13 |
+ esac |
|
14 |
+ |
|
15 |
+ need clock hostname |
|
16 |
+ provide logger |
|
17 |
+} |
|
18 |
+ |
|
19 |
+checkconfig() { |
|
20 |
+ if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then |
|
21 |
+ eerror "You need to create /etc/syslog-ng/syslog-ng.conf first." |
|
22 |
+ eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample" |
|
23 |
+ return 1 |
|
24 |
+ fi |
|
25 |
+ syslog-ng -s /etc/syslog-ng/syslog-ng.conf |
|
26 |
+ eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)" |
|
27 |
+} |
|
28 |
+ |
|
29 |
+start() { |
|
30 |
+ checkconfig || return 1 |
|
31 |
+ ebegin "Starting syslog-ng" |
|
32 |
+ [[ -n ${SYSLOG_NG_OPTS} ]] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}" |
|
33 |
+ start-stop-daemon --start --quiet --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS} |
|
34 |
+ eend $? "Failed to start syslog-ng" |
|
35 |
+} |
|
36 |
+ |
|
37 |
+stop() { |
|
38 |
+ ebegin "Stopping syslog-ng" |
|
39 |
+ start-stop-daemon --stop --quiet --pidfile /var/run/syslog-ng.pid |
|
40 |
+ eend $? "Failed to stop syslog-ng" |
|
41 |
+ sleep 1 # needed for syslog-ng to stop in case we're restarting |
|
42 |
+} |
|
43 |
+ |
|
44 |
+reload() { |
|
45 |
+ if [ ! -f /var/run/syslog-ng.pid ]; then |
|
46 |
+ eerror "syslog-ng isn't running" |
|
47 |
+ return 1 |
|
48 |
+ fi |
|
49 |
+ checkconfig || return 1 |
|
50 |
+ ebegin "Reloading configuration and re-opening log files" |
|
51 |
+ kill -HUP `cat /var/run/syslog-ng.pid` &>/dev/null |
|
52 |
+ eend $? |
|
53 |
+} |
... | ... |
@@ -0,0 +1,59 @@ |
1 |
+#!/sbin/runscript |
|
2 |
+# Copyright 1999-2004 Gentoo Foundation |
|
3 |
+# Distributed under the terms of the GNU General Public License v2 |
|
4 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6-r1,v 1.6 2007/10/02 23:01:00 mr_bones_ Exp $ |
|
5 |
+ |
|
6 |
+opts="checkconfig reload" |
|
7 |
+ |
|
8 |
+depend() { |
|
9 |
+ # Make networking dependency conditional on configuration |
|
10 |
+ case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in |
|
11 |
+ *source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*) |
|
12 |
+ need net ;; |
|
13 |
+ esac |
|
14 |
+ |
|
15 |
+ # kludge for baselayout-1 compatibility |
|
16 |
+ [ -z "${svclib}" ] && config /etc/syslog-ng/syslog-ng.conf |
|
17 |
+ need clock hostname localmount |
|
18 |
+ provide logger |
|
19 |
+} |
|
20 |
+ |
|
21 |
+checkconfig() { |
|
22 |
+ if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then |
|
23 |
+ eerror "You need to create /etc/syslog-ng/syslog-ng.conf first." |
|
24 |
+ eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample" |
|
25 |
+ return 1 |
|
26 |
+ fi |
|
27 |
+ syslog-ng -s /etc/syslog-ng/syslog-ng.conf |
|
28 |
+ |
|
29 |
+ # the start and reload functions have their own eends so |
|
30 |
+ # avoid calling this twice when there are no problems |
|
31 |
+ [ $? -eq 0 ] || eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)" |
|
32 |
+} |
|
33 |
+ |
|
34 |
+start() { |
|
35 |
+ checkconfig || return 1 |
|
36 |
+ ebegin "Starting syslog-ng" |
|
37 |
+ [ -n "${SYSLOG_NG_OPTS}" ] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}" |
|
38 |
+ start-stop-daemon --start --quiet --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS} |
|
39 |
+ eend $? "Failed to start syslog-ng" |
|
40 |
+} |
|
41 |
+ |
|
42 |
+stop() { |
|
43 |
+ ebegin "Stopping syslog-ng" |
|
44 |
+ start-stop-daemon --stop --quiet --pidfile /var/run/syslog-ng.pid |
|
45 |
+ eend $? "Failed to stop syslog-ng" |
|
46 |
+ sleep 1 # needed for syslog-ng to stop in case we're restarting |
|
47 |
+} |
|
48 |
+ |
|
49 |
+reload() { |
|
50 |
+ if [ ! -f /var/run/syslog-ng.pid ]; then |
|
51 |
+ eerror "syslog-ng isn't running" |
|
52 |
+ return 1 |
|
53 |
+ fi |
|
54 |
+ checkconfig || return 1 |
|
55 |
+ ebegin "Reloading configuration and re-opening log files" |
|
56 |
+ start-stop-daemon --stop --oknodo --signal HUP \ |
|
57 |
+ --pidfile /var/run/syslog-ng.pid |
|
58 |
+ eend $? |
|
59 |
+} |
... | ... |
@@ -0,0 +1,85 @@ |
1 |
+# Copyright 1999-2007 Gentoo Foundation |
|
2 |
+# Distributed under the terms of the GNU General Public License v2 |
|
3 |
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/syslog-ng-2.0.5.ebuild,v 1.1 2007/07/25 03:58:38 mr_bones_ Exp $ |
|
4 |
+ |
|
5 |
+inherit fixheadtails |
|
6 |
+ |
|
7 |
+MY_PV=${PV/_/} |
|
8 |
+DESCRIPTION="syslog replacement with advanced filtering features" |
|
9 |
+HOMEPAGE="http://www.balabit.com/products/syslog_ng/" |
|
10 |
+SRC_URI="http://www.balabit.com/downloads/files/syslog-ng/sources/2.0/src/${P}.tar.gz" |
|
11 |
+ |
|
12 |
+LICENSE="GPL-2" |
|
13 |
+SLOT="0" |
|
14 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" |
|
15 |
+IUSE="hardened ipv6 selinux spoof-source static tcpd" |
|
16 |
+ |
|
17 |
+RDEPEND=">=dev-libs/eventlog-0.2 |
|
18 |
+ spoof-source? ( net-libs/libnet ) |
|
19 |
+ tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) |
|
20 |
+ >=dev-libs/glib-2.2" |
|
21 |
+DEPEND="${RDEPEND} |
|
22 |
+ sys-devel/flex" |
|
23 |
+PROVIDE="virtual/logger" |
|
24 |
+ |
|
25 |
+src_unpack() { |
|
26 |
+ unpack ${A} |
|
27 |
+ cd "${S}" |
|
28 |
+ epatch "${FILESDIR}/syslog-ng-anon-2.0.4.diff" |
|
29 |
+ ht_fix_file configure |
|
30 |
+ cd "${S}/doc/reference" |
|
31 |
+ tar xzf syslog-ng.html.tar.gz || die "tar failed" |
|
32 |
+} |
|
33 |
+ |
|
34 |
+src_compile() { |
|
35 |
+ econf \ |
|
36 |
+ --sysconfdir=/etc/syslog-ng \ |
|
37 |
+ --disable-dependency-tracking \ |
|
38 |
+ $(use_enable ipv6) \ |
|
39 |
+ $(use_enable !static dynamic-linking) \ |
|
40 |
+ $(use_enable static static-linking) \ |
|
41 |
+ $(use_enable spoof-source) \ |
|
42 |
+ $(use_enable tcpd tcp-wrapper) \ |
|
43 |
+ || die |
|
44 |
+ emake || die "emake failed" |
|
45 |
+} |
|
46 |
+ |
|
47 |
+src_install() { |
|
48 |
+ emake DESTDIR="${D}" install || die "emake install failed" |
|
49 |
+ |
|
50 |
+ dodoc AUTHORS ChangeLog NEWS README \ |
|
51 |
+ doc/examples/{syslog-ng.conf.sample,syslog-ng.conf.solaris} \ |
|
52 |
+ contrib/syslog-ng.conf* \ |
|
53 |
+ doc/reference/syslog-ng.txt \ |
|
54 |
+ contrib/syslog2ng "${FILESDIR}/syslog-ng.conf."* |
|
55 |
+ dohtml doc/reference/syslog-ng.html/* |
|
56 |
+ |
|
57 |
+ # Install default configuration |
|
58 |
+ insinto /etc/syslog-ng |
|
59 |
+ if use hardened || use selinux ; then |
|
60 |
+ newins "${FILESDIR}/syslog-ng.conf.gentoo.hardened" syslog-ng.conf |
|
61 |
+ elif use userland_BSD ; then |
|
62 |
+ newins "${FILESDIR}/syslog-ng.conf.gentoo.fbsd" syslog-ng.conf |
|
63 |
+ else |
|
64 |
+ newins "${FILESDIR}/syslog-ng.conf.gentoo" syslog-ng.conf |
|
65 |
+ fi |
|
66 |
+ |
|
67 |
+ insinto /etc/logrotate.d |
|
68 |
+ # Install snippet for logrotate, which may or may not be installed |
|
69 |
+ if use hardened || use selinux ; then |
|
70 |
+ newins "${FILESDIR}/syslog-ng.logrotate.hardened" syslog-ng |
|
71 |
+ else |
|
72 |
+ newins "${FILESDIR}/syslog-ng.logrotate" syslog-ng |
|
73 |
+ fi |
|
74 |
+ |
|
75 |
+ newinitd "${FILESDIR}/syslog-ng.rc6-r1" syslog-ng |
|
76 |
+ newconfd "${FILESDIR}/syslog-ng.confd" syslog-ng |
|
77 |
+} |
|
78 |
+ |
|
79 |
+pkg_postinst() { |
|
80 |
+ echo |
|
81 |
+ elog "It is highly recommended that app-admin/logrotate be emerged to" |
|
82 |
+ elog "manage the log files. ${PN} installs a file in /etc/logrotate.d" |
|
83 |
+ elog "for logrotate to use." |
|
84 |
+ echo |
|
85 |
+} |
|
0 | 86 |