# syslog-ng.conf v3 and the Gentoo Security Handbook

## rpmohn

I've been using the recommended /etc/syslog-ng/syslog-ng.conf file from code listing 4.1 of the Gentoo Security Handbook, but that file no longer works since upgrading to syslog-ng v3.0.4. There are apparently several significant syntax changes to the conf file format. I know I could RTFM, but would somebody please throw me a bone on this one?  :Wink: 

Thanks in advance! -Ross

----------

## cookiecrusher

Posting some extracts of mine, maybe you're recognizing, what you need to change :>

(Hint: first line, destinations and statements)

```
[~]% cat /etc/syslog-ng/syslog-ng.conf

@version: 3.0

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.7 2007/08/02 04:52:18 mr_bones_ Exp $

#

# Syslog-ng default configuration file for Gentoo Linux

# contributed by Michael Sterrett

#################################################

#

## Some global options

#

options { 

   chain_hostnames(no); 

   flush_lines(0);

   stats_freq(43200); 

   mark_freq(43200);

  time_reopen (10);

  log_fifo_size (1000);

  long_hostnames(off);

  use_dns (no);

  use_fqdn (no);

  create_dirs (no);

  keep_hostname (yes);

  perm(0640);

};

#################################################

source src {

    unix-stream("/dev/log" max-connections(256));

    internal();

    file("/proc/kmsg");

};

#################################################

#

## Some destinations

#

destination d_authlog { file("/var/log/sys/auth.log"); };

destination d_syslog { file("/var/log/sys/syslog"); };

#

## This files are the log come from the mail subsystem.

#

destination d_mail { file("/var/log/mail/mail.log"); };

#

## Logging to tty12.

#

destination console_all { file("/dev/tty12"); };

#

## Some filter

#

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(auth, authpriv) and not facility(mail); };

filter f_mail { facility(mail); };

#################################################

#

## Log statements send logs somewhere, files, across the network, etc.

#

log { source(src); filter(f_authpriv); destination(d_authlog); };

log { source(src); destination(console_all); };
```

----------

## xtz

It is the config from the Gentoo Security Handbook, modified for syslog-ng 3.x. I have changed a few things, mainly about the e-mail logging, the rest is unchanged.

```
xtz@DeathStar ~ $ cat /etc/syslog-ng/syslog-ng.conf

@version: 3.0

# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.0,v 1.1 2009/05/25 20:07:21 mr_bones_ Exp $

#

# Syslog-ng customized configuration file for Gentoo Linux

options {

        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line

        # to the file every 10 minutes.  That's pretty ugly after a while.

        # Change it to every 12 hours so you get a nice daily update of

        # how many messages syslog-ng missed (0).

        stats_freq(43200);

};

source src {

    unix-stream("/dev/log" max-connections(256));

    internal();

};

source kernsrc { file("/proc/kmsg"); };

#define destinations

destination authlog { file("/var/log/auth.log"); };

destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); };

destination user { file("/var/log/user.log"); };

destination mail { file("/var/log/mail.log"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };

# By default messages are logged to tty12...

destination console_all { file("/dev/tty12"); };

# ...if you intend to use /dev/console for programs like xconsole

# you can comment out the destination line above that references /dev/tty12

# and uncomment the line below.

#destination console_all { file("/dev/console"); };

#create filters

filter f_authpriv { facility(auth, authpriv); };

filter f_cron { facility(cron); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_mail { facility(mail); };

filter f_user { facility(user); };

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn)

        and not facility(auth, authpriv, cron, mail, news); };

filter f_emergency { level(emerg); };

filter f_notice { level(notice); };

filter f_crit { level(crit); };

filter f_failed { message("failed"); };

filter f_denied { message("denied"); };

#connect filter and destination

log { source(src); filter(f_authpriv); destination(authlog); };

log { source(src); filter(f_cron); destination(cron); };

log { source(src); filter(f_daemon); destination(daemon); };

log { source(kernsrc); filter(f_kern); destination(kern); };

log { source(src); filter(f_mail); destination(mail); };

log { source(src); filter(f_user); destination(user); };

log { source(src); filter(f_debug); destination(debug); };

log { source(src); filter(f_messages); destination(messages); };

log { source(src); filter(f_emergency); destination(console); };

#default log

log { source(src); destination(console_all); };
```

----------

## rpmohn

Thanks much! Cheers -Ross

----------

## hoyanf

I'd think the site admin should update the site for current configs...

Regards,

hoyanf

----------

## mimosinnet

 *hoyanf wrote:*   

> I'd think the site admin should update the site for current configs...

 

I often look at the gentoo wiki after reading the official documentation in case there are any updates.

Cheers!

----------

## likewhoa

 *mimosinnet wrote:*   

>  *hoyanf wrote:*   I'd think the site admin should update the site for current configs... 
> 
> I often look at the gentoo wiki after reading the official documentation in case there are any updates.
> 
> Cheers!

 

the wiki is outdated since v3

----------

