Configuration

轉換 syslog-ng 3.0?格式為 3.2 格式

  • December 11, 2010

剛剛將我的系統重新啟動到此警告

:: Starting Syslog-NG                                                                       [BUSY]
WARNING: Configuration file format is too old, please update it to use the 3.2 format as some constructs might operate inefficiently;
WARNING: the expected message format is being changed for unix-domain transports to improve syslogd compatibity with syslog-ng 3.2. If you are using custom applications which bypass the syslog() API, you might need the 'expect-hostname' flag to get the old behaviour back;

任何人都知道任何關於轉換格式的好資源?我syslog-ng.conf的主要來自Gentoo 安全手冊,因此簡單地使用該.pacnew文件是行不通的

這是我目前的 conf 文件

@version: 3.0
#
# /etc/syslog-ng.conf
#

options {
 stats_freq (0);
 flush_lines (0);
 time_reopen (10);
 log_fifo_size (1000);
 long_hostnames(off); 
 use_dns (no);
 use_fqdn (no);
 create_dirs (no);
 keep_hostname (yes);
 perm(0640);
 group("log");
};

source src {
 unix-stream("/dev/log");
 internal();
 file("/proc/kmsg");
};

destination d_authlog { file("/var/log/auth.log"); };
destination d_syslog { file("/var/log/syslog.log"); };
destination d_cron { file("/var/log/crond.log"); };
destination d_daemon { file("/var/log/daemon.log"); };
destination d_kernel { file("/var/log/kernel.log"); };
destination d_lpr { file("/var/log/lpr.log"); };
destination d_user { file("/var/log/user.log"); };
destination d_uucp { file("/var/log/uucp.log"); };
destination d_mail { file("/var/log/mail.log"); };
destination d_news { file("/var/log/news.log"); };
destination d_ppp { file("/var/log/ppp.log"); };
destination d_debug { file("/var/log/debug.log"); };
destination d_messages { file("/var/log/messages.log"); };
destination d_errors { file("/var/log/errors.log"); };
destination d_everything { file("/var/log/everything.log"); };
destination d_iptables { file("/var/log/iptables.log"); };
destination d_acpid { file("/var/log/acpid.log"); };
destination d_console { usertty("root"); };

# Log everything to tty12
destination console_all { file("/dev/tty12"); };
#destination knotifier { program('/usr/local/bin/knotifier'); };

filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };
filter f_acpid { program("acpid"); };

log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
log { source(src); filter(f_syslog); destination(d_syslog); };
log { source(src); filter(f_cron); destination(d_cron); };
log { source(src); filter(f_daemon); destination(d_daemon); };
log { source(src); filter(f_kernel); destination(d_kernel); };
log { source(src); filter(f_lpr); destination(d_lpr); };
log { source(src); filter(f_mail); destination(d_mail); };
log { source(src); filter(f_news); destination(d_news); };
log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
log { source(src); filter(f_everything); destination(d_everything); };
log { source(src); filter(f_iptables); destination(d_iptables); };

#log { source(src); filter(f_messages); destination(knotifier); };
# Log everything to tty12
log { source(src); destination(console_all); };

它可能與 3.2 中的這種變化有關:

  • syslog-ng 傳統上期望一個可選的主機名欄位,即使在本地傳輸(例如 /dev/log)上接收到 syslog 消息時也是如此。但是,已知沒有 UNIX 版本包含此欄位。當創建日誌消息的應用程序在其程序名稱欄位中有空格時,這會導致問題。如果配置版本為 3.2,則 unix-stream/unix-dgram/pipe 驅動程序的此行為已更改,並且可以通過使用特定源的顯式“expect-hostname”標誌來恢復。

您收到警告是因為您使用了 unix-stream("/dev/log"); 在你的來源。如果您的本地日誌沒有遇到任何問題,除了將第一行更改為 @version: 3.2 之外,別無他法

如果您的發行版將主機名添加到來自 /dev/log 的日誌消息(他們很少這樣做),則在源中包含 flags(expect-hostname)。

問候,

Robert Fekete syslog-ng 文件維護者

引用自:https://unix.stackexchange.com/questions/4757

相關問答

Linux

SyslogNG-如何優化過濾器和日誌語句?

  • October 9, 2018
檢視問答
Linux

在任何升級過程中,甚至升級我的 Linux 主要版本時,我應該回答:“替換配置文件”還是“保留它們”?

  • February 1, 2022
檢視問答
Configuration

OpenSSH 伺服器:在匹配塊中不允許指令“SyslogFacility”

  • January 16, 2020
檢視問答
Rhel

引入系統日誌事件時,如何將日誌拆分為每月、每日和每小時文件夾?

  • October 19, 2019
檢視問答
Rhel

如何在攝取 syslog 事件時編輯我的配置文件以創建兩個日誌文件?

  • October 16, 2019
檢視問答
Systemd

syslog-ng 無法啟動,因為錯誤綁定套接字權限被拒絕

  • October 2, 2018
檢視問答