From 63bcc5c4ef689dc81024391b0ceaf39de0707b21 Mon Sep 17 00:00:00 2001 From: mario Date: Wed, 7 Jul 2010 03:54:48 -0500 Subject: system/syslog-ng: Added (syslogd replacment) Signed-off-by: Robby Workman --- system/syslog-ng/README | 14 ++++ system/syslog-ng/README.SLACKWARE | 20 ++++++ system/syslog-ng/doinst.sh | 28 ++++++++ system/syslog-ng/rc.syslog-ng | 53 +++++++++++++++ system/syslog-ng/slack-desc | 19 ++++++ system/syslog-ng/syslog-ng.SlackBuild | 117 ++++++++++++++++++++++++++++++++++ system/syslog-ng/syslog-ng.conf | 90 ++++++++++++++++++++++++++ system/syslog-ng/syslog-ng.info | 10 +++ system/syslog-ng/syslog-ng.logrotate | 6 ++ 9 files changed, 357 insertions(+) create mode 100644 system/syslog-ng/README create mode 100644 system/syslog-ng/README.SLACKWARE create mode 100644 system/syslog-ng/doinst.sh create mode 100644 system/syslog-ng/rc.syslog-ng create mode 100644 system/syslog-ng/slack-desc create mode 100644 system/syslog-ng/syslog-ng.SlackBuild create mode 100644 system/syslog-ng/syslog-ng.conf create mode 100644 system/syslog-ng/syslog-ng.info create mode 100644 system/syslog-ng/syslog-ng.logrotate diff --git a/system/syslog-ng/README b/system/syslog-ng/README new file mode 100644 index 0000000000..a90681d738 --- /dev/null +++ b/system/syslog-ng/README @@ -0,0 +1,14 @@ +The syslog-ng application is a flexible and highly scalable system logging +application that is ideal for creating centralized and trusted logging +solutions. This free, open-source version is an extremely well-developed, +high performance, stable system being the Linux/Unix world's most frequently +used alternative central logging system. The application can operate in +server or agent mode, and - apart from UDP - supports the reliable TCP and +the encrypted TLS protocols. That way syslog-ng can be used to create +flexible and reliable logging infrastructure even in heterogeneous +environments. + +This requires eventlog. For SQL support, you also need libdbi. + +For more information on how to install and run syslog-ng, see README.SLACKWARE +that came with this package (which is also installed with the docs). diff --git a/system/syslog-ng/README.SLACKWARE b/system/syslog-ng/README.SLACKWARE new file mode 100644 index 0000000000..2373bbae2c --- /dev/null +++ b/system/syslog-ng/README.SLACKWARE @@ -0,0 +1,20 @@ +Since syslog-ng basically supersedes klogd/syslogd daemons, stock Slackware +sysklogd package should be removed, and leftovers cleaned up, so here are +some things you need to do: + +Remove useless logrotate configuration: + + rm /etc/logrotate.d/syslog + +Make syslog-ng start automatically on boot, without modifications to rc.M: + + cd /etc/rc.d && ln -sf rc.syslog-ng rc.syslog + cd /usr/sbin && ln -sf syslog-ng syslogd + +To make transition even easier, i converted syslog.conf from sysklogd +package to syslog-ng.conf format. You can find it in /etc/syslog-ng. + +Another thing worth mentioning here is rc.syslog-ng, wich is written to +also emulate syslogd. On a successful start/stop it will copy/remove +syslog-ng.pid to /var/run/syslogd.pid so that rc.inet1 doesn't atempt +running rc.syslog for a second time. diff --git a/system/syslog-ng/doinst.sh b/system/syslog-ng/doinst.sh new file mode 100644 index 0000000000..7664e6748b --- /dev/null +++ b/system/syslog-ng/doinst.sh @@ -0,0 +1,28 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.syslog-ng.new +config etc/syslog-ng/syslog-ng.conf.new +config etc/logrotate.d/syslog-ng.new + diff --git a/system/syslog-ng/rc.syslog-ng b/system/syslog-ng/rc.syslog-ng new file mode 100644 index 0000000000..1d5511b648 --- /dev/null +++ b/system/syslog-ng/rc.syslog-ng @@ -0,0 +1,53 @@ +#!/bin/sh +# Start/stop/restart the syslog-ng daemon. +# Specially tailored to emulate Slackware's stock syslogd/klogd. +# +# Written by mario . + +syslog_start() { + if [ -x /usr/sbin/syslog-ng ]; then + if [ -f /var/run/syslog-ng.pid ] && kill -0 $(cat /var/run/syslog-ng.pid) 2> /dev/null; then + echo "syslog-ng daemon already running!" + return + fi + + echo "Starting syslog-ng daemon: /usr/sbin/syslog-ng" + /usr/sbin/syslog-ng -R /var/lib/syslog-ng/syslog-ng.persist + + # Create a fake syslogd.pid file for rc.M + if [ -f /var/run/syslog-ng.pid ] && kill -0 $(cat /var/run/syslog-ng.pid) 2> /dev/null; then + cp -a /var/run/syslog-ng.pid /var/run/syslogd.pid + fi + fi +} + +syslog_stop() { + if [ -f /var/run/syslog-ng.pid ]; then + echo "Stopping syslog-ng daemon" + kill $(cat /var/run/syslog-ng.pid) 2> /dev/null && rm -f /var/run/syslog-ng.pid + # Remove a fake pid file + rm -f /var/run/syslogd.pid + fi + killall syslog-ng 2> /dev/null +} + +syslog_restart() { + syslog_stop + sleep 1 + syslog_start +} + +case "$1" in +'start') + syslog_start + ;; +'stop') + syslog_stop + ;; +'restart') + syslog_restart + ;; +*) + echo "usage $0 start|stop|restart" +esac + diff --git a/system/syslog-ng/slack-desc b/system/syslog-ng/slack-desc new file mode 100644 index 0000000000..65278284ff --- /dev/null +++ b/system/syslog-ng/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +syslog-ng: syslog-ng (System logging application) +syslog-ng: +syslog-ng: The syslog-ng application is a flexible and highly scalable system +syslog-ng: logging application that is ideal for creating centralized and +syslog-ng: trusted logging solutions. +syslog-ng: This free, open-source version is an extremely well-developed, high +syslog-ng: performance, stable system being the Linux/Unix world's most +syslog-ng: frequently used alternative central logging system. +syslog-ng: +syslog-ng: Homepage: http://www.balabit.com/ +syslog-ng: diff --git a/system/syslog-ng/syslog-ng.SlackBuild b/system/syslog-ng/syslog-ng.SlackBuild new file mode 100644 index 0000000000..0bf97650ae --- /dev/null +++ b/system/syslog-ng/syslog-ng.SlackBuild @@ -0,0 +1,117 @@ +#!/bin/sh + +# Slackware build script for syslog-ng + +# Copyright 2010, mario +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=syslog-ng +VERSION=${VERSION:-3.0.7} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/${PRGNAM}_$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc/syslog-ng \ + --localstatedir=/var \ + --with-pidfile-dir=/var/run \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --enable-dynamic-linking \ + --build=$ARCH-slackware-linux + +make +make install DESTDIR=$PKG + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +# Copy init script +install -D -m0755 -oroot -groot $CWD/rc.syslog-ng $PKG/etc/rc.d/rc.syslog-ng.new + +# Copy sample configuration and logrotate script +install -D -m0644 -oroot -groot $CWD/syslog-ng.conf $PKG/etc/syslog-ng/syslog-ng.conf.new +install -D -m0644 -oroot -groot $CWD/syslog-ng.logrotate $PKG/etc/logrotate.d/syslog-ng.new + +# Remove empty directory +rm -rf $PKG/usr/libexec + +# This is for syslog-ng.persist file, we don't want it in /var +mkdir -p $PKG/var/lib/syslog-ng + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a AUTHORS COPYING ChangeLog INSTALL NEWS README $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/syslog-ng/syslog-ng.conf b/system/syslog-ng/syslog-ng.conf new file mode 100644 index 0000000000..d5744c43e0 --- /dev/null +++ b/system/syslog-ng/syslog-ng.conf @@ -0,0 +1,90 @@ +@version: 3.0 + +# Default syslog-ng configuration for Slackware +# For info about the format of this file, see "man syslog-ng.conf" +# Converted from sysklogd (syslog.conf) by mario@slackverse.org + +options { + flush_lines (0); + time_reopen (10); + log_fifo_size (2048); + log_msg_size (8192); + long_hostnames (no); + use_dns (no); + use_fqdn (no); + create_dirs (no); + keep_hostname (yes); + owner("root"); + group("root"); + perm(0640); + stats_freq (0); + check_hostname (yes); + dns_cache (yes); +}; + +source system { + unix-dgram("/dev/log"); + file("/proc/kmsg" program_override("kernel")); + internal(); +}; + +filter f_messages { level(info,notice) and not facility(authpriv,cron,mail,news); }; +filter f_syslog { level(warn..emerg) and not facility(authpriv,cron,mail,news); }; +filter f_debug { level(debug); }; +filter f_authpriv { facility(authpriv); }; +filter f_cron { facility(cron); }; +filter f_mail { facility(mail); }; +filter f_emerg { level(emerg); }; +filter f_uucp { facility(uucp); }; + +destination d_messages { file("/var/log/messages"); }; +destination d_syslog { file("/var/log/syslog"); }; +destination d_debug { file("/var/log/debug"); }; +destination d_secure { file("/var/log/secure"); }; +destination d_cron { file("/var/log/cron"); }; +destination d_maillog { file("/var/log/maillog"); }; +destination d_usertty { usertty("*"); }; +destination d_spooler { file("/var/log/spooler"); }; + +# Log anything 'info' or higher, but lower than 'warn'. +# Exclude authpriv, cron, mail, and news. These are logged elsewhere. +log { source(system); filter(f_messages); destination(d_messages); }; + +# Log anything 'warn' or higher. +# Exclude authpriv, cron, mail, and news. These are logged elsewhere. +log { source(system); filter(f_syslog); destination(d_syslog); }; + +# Debugging information is logged here. +log { source(system); filter(f_debug); destination(d_debug); }; + +# Private authentication message logging: +log { source(system); filter(f_authpriv); destination(d_secure); }; + +# Cron related logs: +log { source(system); filter(f_cron); destination(d_cron); }; + +# Mail related logs: +log { source(system); filter(f_mail); destination(d_maillog); }; + +# Emergency level messages go to all users: +log { source(system); filter(f_emerg); destination(d_usertty); }; + +# This log is for news and uucp errors: +log { source(system); filter(f_uucp); destination(d_spooler); }; + +# Uncomment this to see kernel messages on the console. +#filter f_kern { facility(kern); }; +#destination d_console { file("/dev/console"); }; +#log { source(system); filter(f_kern); destination(d_console); }; + +# Uncomment these if you'd like INN to keep logs on everything. +# You won't need this if you don't run INN (the InterNetNews daemon). +#filter f_news_crit { facility(news) and level(crit); }; +#filter f_news_err { facility(news) and level(err); }; +#filter f_news_notice { facility(news) and level(notice); }; +#destination d_news_crit { file("/var/log/news/news.crit"); }; +#destination d_news_err { file("/var/log/news/news.err"); }; +#destination d_news_notice { file("/var/log/news/news.notice"); }; +#log { source(system); filter(f_news_crit); destination(d_news_crit); }; +#log { source(system); filter(f_news_err); destination(d_news_err); }; +#log { source(system); filter(f_news_notice); destination(f_news_notice); }; diff --git a/system/syslog-ng/syslog-ng.info b/system/syslog-ng/syslog-ng.info new file mode 100644 index 0000000000..6831db881d --- /dev/null +++ b/system/syslog-ng/syslog-ng.info @@ -0,0 +1,10 @@ +PRGNAM="syslog-ng" +VERSION="3.0.7" +HOMEPAGE="http://www.balabit.com/" +DOWNLOAD="http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.7/source/syslog-ng_3.0.7.tar.gz" +MD5SUM="f0a8cdee76e7c4ff7ad6e53da799d3a7" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="mario" +EMAIL="mario@slackverse.org" +APPROVED="rworkman" diff --git a/system/syslog-ng/syslog-ng.logrotate b/system/syslog-ng/syslog-ng.logrotate new file mode 100644 index 0000000000..0305fc1f11 --- /dev/null +++ b/system/syslog-ng/syslog-ng.logrotate @@ -0,0 +1,6 @@ +/var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog { + sharedscripts + postrotate + /bin/kill -HUP $(cat /var/run/syslog-ng.pid 2>/dev/null) 2>/dev/null || true + endscript +} -- cgit v1.2.3