On 3/29/16 5:42 PM, Stuart Henderson wrote: > On 2016-03-29, Jeff Ross <jr...@openvistas.net> wrote: >> Greetings all! >> >> I've been away from OpenBSD for a while and for sure I've missed more >> than a few things. Just updated a firewall in anticipation of upgrading >> my server but there are things that have changed. >> >> What has me puzzled now is the change to syslogd. For literally years >> I've run socklog from ports to replace the stock syslog with no problems >> but now it simply doesn't work on 5.9 -current. >> >> My former installations of socklog all listen to /dev/log but when I >> couldn't get anything to work listening there I switched to listening to >> 0.0.0.0:514 but still no joy. >> >> If anyone out there is using socklog, or possibly any alternative to >> syslog, I'd sure appreciate a clue by four to get socklog running again. > OpenBSD's syslog functions now use sendsyslog(2) which doesn't use > /dev/log sockets any more. > > Here is where syslogd was modified to do things this way: > http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 > - it's probably not all that complex to convert other logging daemons, > but afaik nobody has yet felt the need to do this for any of the > alternative log daemons in ports. > > If you don't want to write code and want to stick with socklog, > the easiest way is probably a minimal syslogd(8) setup that > forwards everything via UDP. > Hi Stuart,
Could you please clarify something to me? I am running a centralized logging server using syslog-ng from the ports. The way I read your e-mail is that I will no longer be able to log messages using syslog-ng from the local host but the port will continue to work as expected. Would I be able to run syslogd for the local host and syslog-ng for remote hosts simultaneously? IIRC I saw people posting on misc who were doing that in the past but I think when I played with it syslog-ng didn't want to start until I turned off syslogd. How suitable is syslogd from the base as a centralized logging server. I know that it supports TCP and TLS now but does it play well with rsyslog or syslog-ng? I have bunch of Linux servers to log. Thanks, Predrag