firestarter's hit list is filled with this pattern: "*kernel: IN=* OUT=* SRC=*" but with syslog-ng, "kernel:" isn't necessarily in the messages from the kernel so firestarter never sees any hits even though they appear in the log file. Additionally, firestarter 0.9.0 is hard-coded to look at /var/log/messages but the sample config file that comes with syslog-ng logs kernel messags to /var/log/kern.log. What to do? First, upgrade to firestarter 0.9.1 which has many usability fixes and allows the setting of the log file to watch. Next, upgrade to at least 1.5.3 (latest is currently 1.5.25) of syslog-ng which supports the ability to customize log messages on a per-destination basis. Marked this bug as "major" because if people are depending on the gui to monitor their firewall, they're not seeing any hits even though they could be getting probed all the time.
Okay, firestarter 0.9.1 has been marked stable, that leaves syslog-ng to worry about. Is there any issue to marking 1.5.26-r1 stable? If not, I can go ahead and do it during the package upgrades phase (now).
1.5 shouldn't be marked stable as I believe it is a devel version. In fact, I wonder why the 1.5 versions are even in portage. However, 1.6 is out and the web site (http://www.balabit.com/products/syslog-ng/upgrades.bbq) says that 1.6 should be the version "deployed in production environments".
Okay, I'm working on a 1.6 ebuild now
Okay, I've added the 1.6.0_rc1 ebuild. Please give it a try. Also, if you can provide a simple, secure, default configuration, I could add that to a -r1 ebuild.
Here you go: # # $Header: /home/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.sample,v 1.4 2002/10/12 07:26:42 blocke Exp $ # # Syslog-ng configuration file # options { long_hostnames(off); sync(0); }; source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); }; destination messages { file("/var/log/messages"); }; destination console_all { file("/dev/tty12"); }; log { source(src); destination(messages); }; log { source(src); destination(console_all); };
Okay, syslog-ng-1.6.0_rc1-r1 is in cvs now, with a default configuration and logrotate.d snippet. It is marked stable on x86 and alpha where I can test. I believe this bug can be closed now... Thanks!