Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 356349 - app-admin/bastille-3.0.9: syslog config breaks syslog-ng
Summary: app-admin/bastille-3.0.9: syslog config breaks syslog-ng
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: High major (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-24 22:10 UTC by upendra
Modified: 2017-11-24 04:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description upendra 2011-02-24 22:10:17 UTC
/etc/init.d/syslog-ng restart

 * Stopping bastille-firewall ...

WARNING: reverting to default settings (dropping firewall)
disabling IP forwarding... done.
unloading masquerading modules... done.
resetting default input rules to accept... done.
resetting default output rule to accept... done.
resetting default forward rule to accept... done.
flushing INPUT rules... done.
flushing OUTPUT rules... done.
flushing FORWARD rules... done.
removing user-defined chains... done.                                                                                                                 [ ok ]
 * Stopping psadwatchd ...                                                                                                                            [ ok ]
 * Stopping psad ...                                                                                                                                  [ ok ]
 * Stopping syslog-ng ...                                                                                                                             [ ok ]
syntax error in /etc/syslog-ng/syslog-ng.conf at line 40.

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
 * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf) 

Reproducible: Always

Steps to Reproduce:
1. Edit /etc/syslog-ng/syslog-ng.conf , comment out below lines,

destination syslog { file("/var/log/syslog"); };
filter f_syslog { facility(warn, err); };
log { source(src); filter(f_syslog); destination(syslog); };

2. /etc/init.d/syslog-ng restart works fine.

3. 

Actual Results:  
syslog-ng does not work with bastille configuration

Expected Results:  
syslog-ng should start properly

emerge --info
Portage 2.1.9.25 (default/linux/amd64/10.0, gcc-4.4.4, glibc-2.13-r1, 2.6.36-gentoo-r5 x86_64)
=================================================================
System uname: Linux-2.6.36-gentoo-r5-x86_64-Intel-R-_Core-TM-2_CPU_6400_@_2.13GHz-with-gentoo-1.12.14
Timestamp of tree: Thu, 24 Feb 2011 19:15:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python:     2.5.4-r4, 2.6.6-r1, 3.1.2-r4
dev-util/ccache:     2.4-r9
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.14-r1
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.4_p6, 1.9.6-r2, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       3.4.6-r2, 4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirror.mcs.anl.gov/pub/gentoo/ ftp://mirror.mcs.anl.gov/pub/gentoo/"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/nfs1/var/tmp/portage"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/sunrise /var/lib/layman/vmware /var/lib/layman/lxde /var/lib/layman/portage-backup /usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="X acl alsa amd64 aspell berkdb bzip2 cli consolekit cracklib crypt cups cxx dbus dri gdbm gnome gpm gstreamer gtk hal iconv jpeg ldap mmx modules mudflap multilib ncurses nls nptl nptlonly nsplugin openmp pam pcre perl pppd python readline session sse sse2 ssl svg sysfs tcpd unicode xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias cgi cgid" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


cat /etc/syslog-ng/syslog-ng.conf 
@version: 3.0
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

options { 
	chain_hostnames(no); 

	# The default action of syslog-ng is to log a STATS line
	# to the file every 10 minutes.  That's pretty ugly after a while.
	# Change it to every 12 hours so you get a nice daily update of
	# how many messages syslog-ng missed (0).
	stats_freq(43200); 
};

source src {
    unix-stream("/dev/log" max-connections(256));
    internal();
    file("/proc/kmsg");
};

destination messages { file("/var/log/messages"); };
destination debug { file("/var/log/debug"); };


# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
filter f_debug { not facility(auth, authpriv, news, mail); };
log { source(src); filter(f_debug); destination(debug); };

############ BASTILLE ADDITIONS BELOW : ################# 
# Log warning and errors to the new file /var/log/syslog
destination syslog { file("/var/log/syslog"); };
filter f_syslog { facility(warn, err); };
log { source(src); filter(f_syslog); destination(syslog); };

# Log all kernel messages to the new file /var/log/kernel
source kernsrc { file("/proc/kmsg"); };
destination kern { file("/var/log/kernel"); };
filter f_kern { facility(kern); };
log { source(kernsrc); filter(f_kern); destination(kern); };

# Log all logins to /var/log/loginlog
destination loginlog { file("/var/log/loginlog"); };
filter f_loginlog { facility(auth, user) and not facility(daemon); };
log { source(src); filter(f_loginlog); destination(loginlog); };

# Log additional data to the Alt-F7 and Alt-F8 screens (Pseudo TTY 7 and 8)

destination tty7 { file("/dev/tty7"); };
destination tty8 { file("/dev/tty8"); };
filter f_info { level(info) and not facility(mail, authpriv); };
filter f_authpriv { facility(authpriv); };
filter f_warnerr { level(warn, err); };
filter f_mail { facility(mail); };
log { source(src); filter(f_info); destination(tty7); };
log { source(src); filter(f_authpriv); destination(tty7); };
log { source(src); filter(f_warnerr); destination(tty7); };
log { source(kernsrc); filter(f_kern); destination(tty7); };
log { source(src); filter(f_mail); destination(tty8); };

########## BASTILLE ADDITIONS CONCLUDED : ###############
Comment 1 Ben Kohler gentoo-dev 2017-08-21 17:21:55 UTC
Is this still a problem?  Where does this bastille syslog-ng configuration section come from?