Re: Socklog on OpenBSD -current
On 2016-03-30, Predrag Punosevac wrote: > On 3/29/16 5:42 PM, Stuart Henderson wrote: >> On 2016-03-29, Jeff Ross wrote: >>> Greetings all! >>> >>> I've been away from OpenBSD for a while and for sure I've missed more >>> than a few things. Just updated a firewall in anticipation of > upgrading >>> my server but there are things that have changed. >>> >>> What has me puzzled now is the change to syslogd. For literally > years >>> I've run socklog from ports to replace the stock syslog with no > problems >>> but now it simply doesn't work on 5.9 -current. >>> >>> My former installations of socklog all listen to /dev/log but when I >>> couldn't get anything to work listening there I switched to listening > to >>> 0.0.0.0:514 but still no joy. >>> >>> If anyone out there is using socklog, or possibly any alternative to >>> syslog, I'd sure appreciate a clue by four to get socklog running > again. >> OpenBSD's syslog functions now use sendsyslog(2) which doesn't use >> /dev/log sockets any more. >> >> Here is where syslogd was modified to do things this way: >> > http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 >> - it's probably not all that complex to convert other logging daemons, >> but afaik nobody has yet felt the need to do this for any of the >> alternative log daemons in ports. >> >> If you don't want to write code and want to stick with socklog, >> the easiest way is probably a minimal syslogd(8) setup that >> forwards everything via UDP. >> > Hi Stuart, > > Could you please clarify something to me? I am running a centralized > logging server using syslog-ng from the ports. The way I read your > e-mail is that I will no longer be able to log messages using syslog-ng > from the local host but the port will continue to work as expected. Yes, this isn't particularly new though, it changed in 5.6. > Would I be able to run syslogd for the local host and syslog-ng for > remote hosts simultaneously? IIRC I saw people posting on misc who were > doing that in the past but I think when I played with it syslog-ng > didn't want to start until I turned off syslogd. You can run two simultaneously but you'll need to get one of them to bind to a specific IP address. > How suitable is syslogd > from the base as a centralized logging server. I know that it supports > TCP and TLS now but does it play well with rsyslog or syslog-ng? I have > bunch of Linux servers to log. If you can get them to feed it syslog messages using either the usual UDP-based syslog protocol or using a TCP/TLS protocol then that should work fine (IIRC the TLS code was developed against one of these, possibly rsyslog?). syslogd(8) / syslog.conf(5) gained +host/++host matching that allows you to separate logs between different hosts into different files which can be useful on a centralised log host. There are lots of options of how to set this all up.
Re: Socklog on OpenBSD -current
On 3/29/16 5:42 PM, Stuart Henderson wrote: > On 2016-03-29, Jeff Ross wrote: >> Greetings all! >> >> I've been away from OpenBSD for a while and for sure I've missed more >> than a few things. Just updated a firewall in anticipation of upgrading >> my server but there are things that have changed. >> >> What has me puzzled now is the change to syslogd. For literally years >> I've run socklog from ports to replace the stock syslog with no problems >> but now it simply doesn't work on 5.9 -current. >> >> My former installations of socklog all listen to /dev/log but when I >> couldn't get anything to work listening there I switched to listening to >> 0.0.0.0:514 but still no joy. >> >> If anyone out there is using socklog, or possibly any alternative to >> syslog, I'd sure appreciate a clue by four to get socklog running again. > OpenBSD's syslog functions now use sendsyslog(2) which doesn't use > /dev/log sockets any more. > > Here is where syslogd was modified to do things this way: > http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 > - it's probably not all that complex to convert other logging daemons, > but afaik nobody has yet felt the need to do this for any of the > alternative log daemons in ports. > > If you don't want to write code and want to stick with socklog, > the easiest way is probably a minimal syslogd(8) setup that > forwards everything via UDP. > Hi Stuart, Could you please clarify something to me? I am running a centralized logging server using syslog-ng from the ports. The way I read your e-mail is that I will no longer be able to log messages using syslog-ng from the local host but the port will continue to work as expected. Would I be able to run syslogd for the local host and syslog-ng for remote hosts simultaneously? IIRC I saw people posting on misc who were doing that in the past but I think when I played with it syslog-ng didn't want to start until I turned off syslogd. How suitable is syslogd from the base as a centralized logging server. I know that it supports TCP and TLS now but does it play well with rsyslog or syslog-ng? I have bunch of Linux servers to log. Thanks, Predrag
Re: Socklog on OpenBSD -current
On 3/29/16 5:42 PM, Stuart Henderson wrote: On 2016-03-29, Jeff Ross wrote: Greetings all! I've been away from OpenBSD for a while and for sure I've missed more than a few things. Just updated a firewall in anticipation of upgrading my server but there are things that have changed. What has me puzzled now is the change to syslogd. For literally years I've run socklog from ports to replace the stock syslog with no problems but now it simply doesn't work on 5.9 -current. My former installations of socklog all listen to /dev/log but when I couldn't get anything to work listening there I switched to listening to 0.0.0.0:514 but still no joy. If anyone out there is using socklog, or possibly any alternative to syslog, I'd sure appreciate a clue by four to get socklog running again. OpenBSD's syslog functions now use sendsyslog(2) which doesn't use /dev/log sockets any more. Here is where syslogd was modified to do things this way: http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 - it's probably not all that complex to convert other logging daemons, but afaik nobody has yet felt the need to do this for any of the alternative log daemons in ports. If you don't want to write code and want to stick with socklog, the easiest way is probably a minimal syslogd(8) setup that forwards everything via UDP. Thank you, Stuart! As always, you've been very helpful. For now I'll stick to forwarding and play with the code as time permits. Jeff
Re: Socklog on OpenBSD -current
On 2016-03-29, Jeff Ross wrote: > Greetings all! > > I've been away from OpenBSD for a while and for sure I've missed more > than a few things. Just updated a firewall in anticipation of upgrading > my server but there are things that have changed. > > What has me puzzled now is the change to syslogd. For literally years > I've run socklog from ports to replace the stock syslog with no problems > but now it simply doesn't work on 5.9 -current. > > My former installations of socklog all listen to /dev/log but when I > couldn't get anything to work listening there I switched to listening to > 0.0.0.0:514 but still no joy. > > If anyone out there is using socklog, or possibly any alternative to > syslog, I'd sure appreciate a clue by four to get socklog running again. OpenBSD's syslog functions now use sendsyslog(2) which doesn't use /dev/log sockets any more. Here is where syslogd was modified to do things this way: http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 - it's probably not all that complex to convert other logging daemons, but afaik nobody has yet felt the need to do this for any of the alternative log daemons in ports. If you don't want to write code and want to stick with socklog, the easiest way is probably a minimal syslogd(8) setup that forwards everything via UDP.
Socklog on OpenBSD -current
Greetings all!
I've been away from OpenBSD for a while and for sure I've missed more
than a few things. Just updated a firewall in anticipation of upgrading
my server but there are things that have changed.
What has me puzzled now is the change to syslogd. For literally years
I've run socklog from ports to replace the stock syslog with no problems
but now it simply doesn't work on 5.9 -current.
My former installations of socklog all listen to /dev/log but when I
couldn't get anything to work listening there I switched to listening to
0.0.0.0:514 but still no joy.
If anyone out there is using socklog, or possibly any alternative to
syslog, I'd sure appreciate a clue by four to get socklog running again.
Thanks!
Jeff
dmesg;
OpenBSD 5.9-current (GENERIC.MP) #1682: Tue Mar 29 12:08:00 MDT 2016
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class)
1.84 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
real mem = 1040486400 (992MB)
avail mem = 1008070656 (961MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe (38 entries)
bios0: vendor Apple Inc. version "MM21.88Z.009A.B00.0706281359" date
06/28/07
bios0: Apple Inc. Macmini2,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
acpi0: wakeup devices PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3)
USB4(S3) USB7(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class)
1.84 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (PCIB)
acpicpu0 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS
acpicpu1 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS
acpibtn0 at acpi0: PWRB
"PNP0A08" at acpi0 not configured
"PNP0C02" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"PNP0C0F" at acpi0 not configured
"APP0001" at acpi0 not configured
"PNP0C09" at acpi0 not configured
"PNP0200" at acpi0 not configured
"INT0800" at acpi0 not configured
"PNP0103" at acpi0 not configured
"PNP" at acpi0 not configured
"PNP0C04" at acpi0 not configured
"PNP0C02" at acpi0 not configured
"PNP0B00" at acpi0 not configured
"PNP0100" at acpi0 not configured
acpivideo0 at acpi0: GFX0
bios0: ROM list: 0xc/0xe600!
cpu0: Enhanced SpeedStep 1834 MHz: speeds: 1833, 1667, 1500, 1333, 1000 MHz
memory map conflict 0xe00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict 0xfffb/0x3
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0: apic 1 int 16
inteldrm0: 1600x900
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and
Frequency, rev 0x03) at pci0 dev 7 function 0 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
azalia0: codecs: Sigmatel STAC9220/1
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 17
pci1 at ppb0 bus 1
mskc0 at pci1 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x22, Yukon-2
EC rev. A3 (0x2): apic 1 int 16
msk0 at mskc0 port A: address 00:1f:f3:44:ee:6f
eephy0 at msk0 phy 0: 88E Gigabit PHY, rev. 2
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 16
pci2 at ppb1 bus 2
ath0 at pci2 dev 0 function 0 "Atheros AR5424" rev 0x01: apic 1 int 17
ath0: AR5424 10.3 phy 6.1 rf 10.2 eeprom 5.3, WOR5_ETSIC, address
00:1f:f3:fa:8d:3e
uhci0
