hallo leute,
ihr kennt bestimmt die aus linux bekannten logfiles des startvorganges
"boot.msg"
genau so eine datei brauche ich für meinen bsd-server.
(ist halt praktisch, da kein monitor und so)
in der unten stehenden conf für syslog-ng habe ich mit diesen settings
das maximale herausbekommen. allerdings sind die boot-meldungen alle
auf console.log, user.log und security.log aufgesplittet.
(jetzt könnte ich auch ein script schreiben, daß diese dateien zusammen wurschtelt), aber es muß doch irgendwo eine kerneloption oder so geben, bei der so eine logdatei angelegt wird?
/usr/local/etc/syslog-ng/syslog-ng.conf
#
# This sample configuration file is essentially equilivent to the stock
# FreeBSD /etc/syslog.conf file.
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# options
options
{
long_hostnames(off);
sync(0);
log_fifo_size(1000);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# sources
source src
{
unix-dgram("/var/run/log");
udp( ip(0.0.0.0) port(514) );
internal();
file("/dev/klog");
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# destinations
destination authlog { file("/var/log/auth.log"); };
destination messages { file("/var/log/messages.log"); };
destination security { file("/var/log/security.log"); };
destination debug { file("/var/log/debug.log"); };
destination alert { file("/var/log/alert.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination cron { file("/var/log/cron.log"); };
destination all { file("/var/log/all.log"); };
destination firewall { file("/var/log/ipfw.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination lpd { file("/var/log/lpd-errs.log"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail-info.log"); };
destination mailwarn { file("/var/log/mail-warn.log"); };
destination mailerr { file("/var/log/mail-err.log"); };
destination newscrit { file("/var/log/news/news-crit.log"); };
destination newserr { file("/var/log/news/news-err.log"); };
destination newsnotice { file("/var/log/news/news-notice.log"); };
#destination consolelog { file("/var/log/console.log"); };
destination consolelog { file("/var/log/console.log"); };
#destination console { file("/dev/console"); };
#destination console { file("/dev/ttyv9"); };
destination console { file("/var/log/console.log"); };
#destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
destination boot { file("/var/log/boot.log"); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# log facility filters
filter f_authpriv { facility(auth, authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security) and not match("ipfw"); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#filter f_debug { facility(debug); };
filter f_ppp { facility(local2); };
filter f_messages { level(info..emerg) and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_ipfw { match("ipfw"); };
filter f_kern_net { match("closed") or
match("port") or
match("from") or
match("to") or
match("response") or
match("attempt") or
match("Connection") or
match("flags") or
match("IP") or
match("UDP") or
match("TCP") or
match("ICMP");
};
filter f_boot { facility(kern, user, security, daemon, uucp) and not
facility(auth, authpriv, console, cron, ftp, lpr, mail,
news, local0, local1, local2, local3, local4,
local5, local6, local7);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# log level filters
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
#filter f_notice { level(notice..emerg); };
filter f_notice_kern { level(notice..emerg) and not filter(f_kern_net) and not facility(cron); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
#filter f_boot_kern { level(debug..emerg) and not
filter f_debug_kern { level(debug..emerg) and not filter(f_kern_net) and not facility(cron); };
filter f_debug_net { level(debug..emerg) and not filter(f_ipfw) and not facility(cron); };
filter f_only_debug { level(debug) and not filter(f_ipfw) and not filter(f_kern_net) and not facility(cron); };
filter f_only_info { level(notice); };
filter f_only_notice { level(notice); };
filter f_only_warn { level(warning); };
filter f_only_err { level(err); };
filter f_only_crit { level(crit); };
filter f_only_alert { level(alert); };
filter f_only_emerg { level(emerg); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# program filters
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
filter f_ipfw { program("ipfw"); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# *.err;kern.debug;auth.notice;mail.crit /dev/console
log
{
source(src);
filter(f_err);
filter(f_debug_kern);
destination(console);
};
log
{
source(src);
filter(f_kern);
filter(f_debug_kern);
destination(console);
};
# *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
log
{
source(src);
filter(f_notice_kern);
filter(f_messages);
destination(messages);
};
log
{
source(src);
filter(f_kern);
filter(f_debug_net);
filter(f_kern_net);
destination(security);
};
log
{
source(src);
filter(f_debug_net);
filter(f_kern_net);
destination(security);
};
# security.* /var/log/security
log
{
source(src);
filter(f_security);
destination(security);
};
# *.emerg *
#log
#{
# source(src);
# filter(f_emerg);
# destination(allusers);
#};
# uncomment this to log all writes to /dev/console to /var/log/console.log
# console.info /var/log/console.log
log
{
source(src);
filter(f_console);
filter(f_info);
destination(consolelog);
};
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
# *.* /var/log/all.log
#log
#{
# source(src);
# destination(all);
#};
#
# uncomment this to enable logging to a remote loghost named loghost
# *.* @loghost
#log
#{
# source(src);
# destination(loghost);
#};
# boot
# /var/log/boot.log
log
{
source(src);
filter(f_console);
filter(f_info);
filter(f_user);
destination(boot);
};
# daemons
# /var/log/daemons.log
log
{
source(src);
filter(f_daemon);
# filter(f_debug);
destination(daemon);
};
# authpriv
# /var/log/authpriv.log
log
{
source(src);
filter(f_authpriv);
destination(authlog);
};
# user
# /var/log/user.log
log
{
source(src);
filter(f_user);
destination(user);
};
# uucp
# /var/log/uucp.log
log
{
source(src);
filter(f_uucp);
destination(uucp);
};
# kernel
# /var/log/kernel.log
log
{
source(src);
filter(f_kern);
filter(f_debug_kern);
destination(kernel);
};
# lpr
# /var/log/lpr-errs.log
log
{
source(src);
filter(f_lpr);
filter(f_info);
destination(lpd);
};
# mail
# /var/log/mail.log
log
{
source(src);
filter(f_mail);
destination(mail);
};
#
# mail-info
# /var/log/mail-info.log
log
{
source(src);
filter(f_mail);
filter(f_only_info);
destination(mailinfo);
};
# mail-warn
# /var/log/mail-warn.log
log
{
source(src);
filter(f_mail);
filter(f_only_warn);
destination(mailwarn);
};
# mail-err
# /var/log/mail-err.log
log
{
source(src);
filter(f_mail);
filter(f_err);
destination(mailerr);
};
# news-notice
# /var/log/news-notice.log
log
{
source(src);
filter(f_news);
filter(f_only_notice);
destination(newsnotice);
};
# news-err
# /var/log/news-err.log
log
{
source(src);
filter(f_news);
filter(f_only_err);
destination(newserr);
};
# news-crit
# /var/log/news-crit.log
log
{
source(src);
filter(f_news);
filter(f_only_crit);
destination(newscrit);
};
# debug
# /var/log/debug.log
log
{
source(src);
filter(f_only_debug);
filter(f_kern_net);
destination(debug);
};
# cron
# /var/log/cron.log
log
{
source(src);
filter(f_cron);
destination(cron);
};
# startslip
# /var/log/slip.log
log
{
source(src);
filter(f_slip);
destination(slip);
};
# ppp
# /var/log/ppp.log
log
{
source(src);
filter(f_ppp);
destination(ppp);
};
# ipfw
# /var/log/ipfw.log
log
{
source(src);
filter(f_ipfw);
destination(firewall);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#eof
ihr kennt bestimmt die aus linux bekannten logfiles des startvorganges
"boot.msg"
genau so eine datei brauche ich für meinen bsd-server.
(ist halt praktisch, da kein monitor und so)
in der unten stehenden conf für syslog-ng habe ich mit diesen settings
das maximale herausbekommen. allerdings sind die boot-meldungen alle
auf console.log, user.log und security.log aufgesplittet.
(jetzt könnte ich auch ein script schreiben, daß diese dateien zusammen wurschtelt), aber es muß doch irgendwo eine kerneloption oder so geben, bei der so eine logdatei angelegt wird?
/usr/local/etc/syslog-ng/syslog-ng.conf
#
# This sample configuration file is essentially equilivent to the stock
# FreeBSD /etc/syslog.conf file.
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# options
options
{
long_hostnames(off);
sync(0);
log_fifo_size(1000);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# sources
source src
{
unix-dgram("/var/run/log");
udp( ip(0.0.0.0) port(514) );
internal();
file("/dev/klog");
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# destinations
destination authlog { file("/var/log/auth.log"); };
destination messages { file("/var/log/messages.log"); };
destination security { file("/var/log/security.log"); };
destination debug { file("/var/log/debug.log"); };
destination alert { file("/var/log/alert.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination cron { file("/var/log/cron.log"); };
destination all { file("/var/log/all.log"); };
destination firewall { file("/var/log/ipfw.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination lpd { file("/var/log/lpd-errs.log"); };
destination slip { file("/var/log/slip.log"); };
destination ppp { file("/var/log/ppp.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail-info.log"); };
destination mailwarn { file("/var/log/mail-warn.log"); };
destination mailerr { file("/var/log/mail-err.log"); };
destination newscrit { file("/var/log/news/news-crit.log"); };
destination newserr { file("/var/log/news/news-err.log"); };
destination newsnotice { file("/var/log/news/news-notice.log"); };
#destination consolelog { file("/var/log/console.log"); };
destination consolelog { file("/var/log/console.log"); };
#destination console { file("/dev/console"); };
#destination console { file("/dev/ttyv9"); };
destination console { file("/var/log/console.log"); };
#destination allusers { usertty("*"); };
#destination loghost { udp("loghost" port(514)); };
destination boot { file("/var/log/boot.log"); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# log facility filters
filter f_authpriv { facility(auth, authpriv); };
filter f_console { facility(console); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security) and not match("ipfw"); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
#filter f_debug { facility(debug); };
filter f_ppp { facility(local2); };
filter f_messages { level(info..emerg) and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_ipfw { match("ipfw"); };
filter f_kern_net { match("closed") or
match("port") or
match("from") or
match("to") or
match("response") or
match("attempt") or
match("Connection") or
match("flags") or
match("IP") or
match("UDP") or
match("TCP") or
match("ICMP");
};
filter f_boot { facility(kern, user, security, daemon, uucp) and not
facility(auth, authpriv, console, cron, ftp, lpr, mail,
news, local0, local1, local2, local3, local4,
local5, local6, local7);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# log level filters
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
#filter f_notice { level(notice..emerg); };
filter f_notice_kern { level(notice..emerg) and not filter(f_kern_net) and not facility(cron); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
#filter f_boot_kern { level(debug..emerg) and not
filter f_debug_kern { level(debug..emerg) and not filter(f_kern_net) and not facility(cron); };
filter f_debug_net { level(debug..emerg) and not filter(f_ipfw) and not facility(cron); };
filter f_only_debug { level(debug) and not filter(f_ipfw) and not filter(f_kern_net) and not facility(cron); };
filter f_only_info { level(notice); };
filter f_only_notice { level(notice); };
filter f_only_warn { level(warning); };
filter f_only_err { level(err); };
filter f_only_crit { level(crit); };
filter f_only_alert { level(alert); };
filter f_only_emerg { level(emerg); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# program filters
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
filter f_ipfw { program("ipfw"); };
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# *.err;kern.debug;auth.notice;mail.crit /dev/console
log
{
source(src);
filter(f_err);
filter(f_debug_kern);
destination(console);
};
log
{
source(src);
filter(f_kern);
filter(f_debug_kern);
destination(console);
};
# *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
log
{
source(src);
filter(f_notice_kern);
filter(f_messages);
destination(messages);
};
log
{
source(src);
filter(f_kern);
filter(f_debug_net);
filter(f_kern_net);
destination(security);
};
log
{
source(src);
filter(f_debug_net);
filter(f_kern_net);
destination(security);
};
# security.* /var/log/security
log
{
source(src);
filter(f_security);
destination(security);
};
# *.emerg *
#log
#{
# source(src);
# filter(f_emerg);
# destination(allusers);
#};
# uncomment this to log all writes to /dev/console to /var/log/console.log
# console.info /var/log/console.log
log
{
source(src);
filter(f_console);
filter(f_info);
destination(consolelog);
};
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
# *.* /var/log/all.log
#log
#{
# source(src);
# destination(all);
#};
#
# uncomment this to enable logging to a remote loghost named loghost
# *.* @loghost
#log
#{
# source(src);
# destination(loghost);
#};
# boot
# /var/log/boot.log
log
{
source(src);
filter(f_console);
filter(f_info);
filter(f_user);
destination(boot);
};
# daemons
# /var/log/daemons.log
log
{
source(src);
filter(f_daemon);
# filter(f_debug);
destination(daemon);
};
# authpriv
# /var/log/authpriv.log
log
{
source(src);
filter(f_authpriv);
destination(authlog);
};
# user
# /var/log/user.log
log
{
source(src);
filter(f_user);
destination(user);
};
# uucp
# /var/log/uucp.log
log
{
source(src);
filter(f_uucp);
destination(uucp);
};
# kernel
# /var/log/kernel.log
log
{
source(src);
filter(f_kern);
filter(f_debug_kern);
destination(kernel);
};
# lpr
# /var/log/lpr-errs.log
log
{
source(src);
filter(f_lpr);
filter(f_info);
destination(lpd);
};
# /var/log/mail.log
log
{
source(src);
filter(f_mail);
destination(mail);
};
#
# mail-info
# /var/log/mail-info.log
log
{
source(src);
filter(f_mail);
filter(f_only_info);
destination(mailinfo);
};
# mail-warn
# /var/log/mail-warn.log
log
{
source(src);
filter(f_mail);
filter(f_only_warn);
destination(mailwarn);
};
# mail-err
# /var/log/mail-err.log
log
{
source(src);
filter(f_mail);
filter(f_err);
destination(mailerr);
};
# news-notice
# /var/log/news-notice.log
log
{
source(src);
filter(f_news);
filter(f_only_notice);
destination(newsnotice);
};
# news-err
# /var/log/news-err.log
log
{
source(src);
filter(f_news);
filter(f_only_err);
destination(newserr);
};
# news-crit
# /var/log/news-crit.log
log
{
source(src);
filter(f_news);
filter(f_only_crit);
destination(newscrit);
};
# debug
# /var/log/debug.log
log
{
source(src);
filter(f_only_debug);
filter(f_kern_net);
destination(debug);
};
# cron
# /var/log/cron.log
log
{
source(src);
filter(f_cron);
destination(cron);
};
# startslip
# /var/log/slip.log
log
{
source(src);
filter(f_slip);
destination(slip);
};
# ppp
# /var/log/ppp.log
log
{
source(src);
filter(f_ppp);
destination(ppp);
};
# ipfw
# /var/log/ipfw.log
log
{
source(src);
filter(f_ipfw);
destination(firewall);
};
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#eof
