Your message dated Tue, 24 May 2005 06:32:14 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#303808: fixed in syslog-ng 1.6.7-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Apr 2005 21:34:53 +0000
>From [EMAIL PROTECTED] Fri Apr 08 14:34:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from buffy.riseup.net (mail.riseup.net) [69.90.134.155]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DK17s-0003YQ-00; Fri, 08 Apr 2005 14:34:52 -0700
Received: from localhost (localhost [127.0.0.1])
by mail.riseup.net (Postfix) with ESMTP id 9C038A2C4F;
Fri, 8 Apr 2005 14:34:16 -0700 (PDT)
Received: from mail.riseup.net ([127.0.0.1])
by localhost (buffy [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 21509-05; Fri, 8 Apr 2005 14:34:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.riseup.net (Postfix) with ESMTP id 79B07A2BBF;
Fri, 8 Apr 2005 14:34:13 -0700 (PDT)
Received: by pond (Postfix, from userid 1000)
id 571763A7A6; Fri, 8 Apr 2005 16:34:47 -0500 (CDT)
Content-Type: multipart/mixed; boundary="===============0669824790=="
MIME-Version: 1.0
From: Micah Anderson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Please include syslog-ng_anon; patch attached with extra bonus fixes
X-Mailer: reportbug 3.9
Date: Fri, 08 Apr 2005 16:34:47 -0500
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at riseup.net
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============0669824790==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: syslog-ng
Version: 1.6.5-2
Severity: wishlist
Tags: patch
Please consider adding the attached patch to the syslog-ng package, it
is very small, but does great things. The patch comes from
http://dev.riseup.net/patches/syslog-ng/ and what it does is provide a
simple filter to strip out unwanted regular expressions from logs, as
well as an IP alias that enables you to strip out IP addresses from
your logs.
>From the README:
This patch adds the capability to syslog-ng that allows you to strip
out any given regexp or all IP addresses from log messages before they
are written to disk. The goal is to give the system administrator the
means to implement site logging policies, by allowing them easy
control over exactly what data they retain in their logfiles,
regardless of what a particular daemon might think is best.
The attached patch adds this capability to the syslog-ng debian
package. Additionally, I have fixed a grammar error in debian/control,
also fixed two lintian errors (it is required to have a versioned
depends on util-linux and debian/changelog needs to be valid UTF-8),
those fixes are included with the attached patch.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-vs1.9.5
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages syslog-ng depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii util-linux 2.12p-4 Miscellaneous system utilities
-- no debconf information
--===============0669824790==
MIME-Version: 1.0
Content-Type: text/plain; charset="unknown"
Content-Disposition: attachment; filename="syslog-ng-anon_debian.diff"
Content-Transfer-Encoding: quoted-printable
diff -uNr /tmp/syslog-ng-1.6.5/debian/changelog /home/micah/debian/syslog=
-ng/syslog-ng-1.6.5/debian/changelog
--- /tmp/syslog-ng-1.6.5/debian/changelog 2005-04-08 15:21:08.866156088 -=
0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/changelog 2005-04=
-08 15:25:44.570242696 -0500
@@ -1,16 +1,28 @@
+syslog-ng (1.6.5-3) unstable; urgency=3Dlow
+
+ * Added syslog-ng-anon IP anonymizing patch, see
+ /usr/share/doc/README.syslog-ng-anon for more information
+ * Fixed grammar error in debian/control
+ * Changed debian/control to use a versioned depends on util-linux
+ to fix lintian error
+ * Converted debian/changelog to be valid UTF-8 by to fix lintian
+ error
+ =20
+ -- Micah Anderson <[EMAIL PROTECTED]> Fri, 8 Apr 2005 15:24:53 -0500
+
syslog-ng (1.6.5-2) unstable; urgency=3Dlow
=20
* Checks if UDP ends in NL or NUL. Closes: #282782
* Merged in _second_ version of Loic's syslog-ng.conf. Closes: #268686
* Made kernel logging parameters configureable through /etc/defaults/s=
yslog-ng. Closes: #283091
=20
- -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Sat, 11 Dec 2=
004 22:16:43 +0100
+ -- Magos=C3=83=C2=A1nyi =C3=83=C2=81rp=C3=83=C2=A1d (mag) <[EMAIL PROTECTED]
rg> Sat, 11 Dec 2004 22:16:43 +0100
=20
syslog-ng (1.6.5-1) unstable; urgency=3Dlow
=20
* New upstream version=20
=20
- -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Tue, 2 Nov 2=
004 01:53:53 +0100
+ -- Magos=C3=83=C2=A1nyi =C3=83=C2=81rp=C3=83=C2=A1d (mag) <[EMAIL PROTECTED]
rg> Tue, 2 Nov 2004 01:53:53 +0100
=20
syslog-ng (1.6.4-2) unstable; urgency=3Dlow
=20
@@ -21,13 +33,13 @@
* New syslog-ng.conf. Closes: #268686=20
* Added Nate Campi's FAQ. Closes: #268998
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Mon, 13 Sep 2004 17:19=
:50 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Mon, 13 Sep 2=
004 17:19:50 +0200
=20
syslog-ng (1.6.4-1) unstable; urgency=3Dlow
=20
* New upstream version
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Sat, 24 Jul 2004 17:45=
:51 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Sat, 24 Jul 2=
004 17:45:51 +0200
=20
syslog-ng (1.6.2-4) unstable; urgency=3Dlow
=20
@@ -35,20 +47,20 @@
* added Nate Campi's expanded syslog-ng.conf to docs. Closes: #241783=20
* fixed cut-and-paste errors in manpage of syslog-ng.conf. Closes: #26=
0845
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Sat, 12 Jun 2004 23:27=
:45 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Sat, 12 Jun 2=
004 23:27:45 +0200
=20
syslog-ng (1.6.2-3) unstable; urgency=3Dlow
=20
* changed manpage to better reflect -v. Closes: #228377
* fixed build-depends, hopefully correctly now:( Closes: #237668
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Sat, 13 Mar 2004 18:35=
:37 +0100
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Sat, 13 Mar 2=
004 18:35:37 +0100
=20
syslog-ng (1.6.2-2) unstable; urgency=3Dlow
=20
* Automake build-dependency added. Closes: #237668=20
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 21:44=
:56 +0100
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2=
004 21:44:56 +0100
=20
syslog-ng (1.6.2-1) unstable; urgency=3Dlow
=20
@@ -60,7 +72,7 @@
* (1.6.0rc4-2) removed logrotate configuration for ppp.log. Closes: #2=
07411
* (1.6.0rc4-2) corrected documentation of match in syslog-ng.conf(5) .=
Closes: #206819
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2004 15:04=
:15 +0100
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Fri, 12 Mar 2=
004 15:04:15 +0100
=20
syslog-ng (1.6.0rc4-4) unstable; urgency=3Dlow
=20
@@ -69,13 +81,13 @@
the changes were not.)
* Regenerating non-source documentation.
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Thu, 11 Dec 2003 23:05=
:11 +0100
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Thu, 11 Dec 2=
003 23:05:11 +0100
=20
syslog-ng (1.6.0rc4-3) unstable; urgency=3Dlow
=20
* debian/rules changes to utilize gnu arch (tla)=20
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Wed, 15 Oct 2003 17:05=
:20 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Wed, 15 Oct 2=
003 17:05:20 +0200
=20
syslog-ng (1.6.0rc4-2) unstable; urgency=3Dlow
=20
@@ -84,7 +96,7 @@
* corrected documentation of match in syslog-ng.conf(5) . Closes: #206=
819
* added documentation to faq about log ownership. closes: #65456
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 16:30=
:01 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2=
003 16:30:01 +0200
=20
syslog-ng (1.6.0rc4-1) unstable; urgency=3Dlow
=20
@@ -97,7 +109,7 @@
Closes: #171792
* cut reference to future features. Closes: #215197
=20
- -- Magos=E1nyi =C1rp=E1d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2003 13:30=
:34 +0200
+ -- Magos=C3=A1nyi =C3=81rp=C3=A1d (mag) <[EMAIL PROTECTED]> Tue, 14 Oct 2=
003 13:30:34 +0200
=20
syslog-ng (1.6.0rc1+20030310-2) unstable; urgency=3Dlow
=20
@@ -156,7 +168,7 @@
syslog-ng (1.5.19-3) unstable; urgency=3Dlow
=20
* Change to --compare-versions. Close: #156112, #156136
- * Include example written by from J=F6rg Sommer <[EMAIL PROTECTED]>.
+ * Include example written by from J=C3=B6rg Sommer <[EMAIL PROTECTED]
>.
Close: #156114
* Change the if statement from `timeout <=3D 0' to `timeout > 0' and
therefore log STATS message only if timeout > 0. Close: #156045
diff -uNr /tmp/syslog-ng-1.6.5/debian/control /home/micah/debian/syslog-n=
g/syslog-ng-1.6.5/debian/control
--- /tmp/syslog-ng-1.6.5/debian/control 2005-04-08 15:21:08.867155936 -05=
00
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/debian/control 2005-04-0=
8 15:27:05.086002440 -0500
@@ -8,12 +8,12 @@
=20
Package: syslog-ng
Architecture: any
-Depends: ${shlibs:Depends}, util-linux
+Depends: ${shlibs:Depends}, util-linux (>=3D2.12-10)
Recommends: logrotate
Provides: system-log-daemon, linux-kernel-log-daemon
Conflicts: system-log-daemon, sysklogd, linux-kernel-log-daemon
Description: Next generation logging daemon
- Syslog-ng tries to fill the gaps original syslogd's were lacking:
+ Syslog-ng fills the gaps the original syslogd's were lacking:
* powerful configurability
* filtering based on message content
* portability
diff -uNr /tmp/syslog-ng-1.6.5/doc/Makefile.am /home/micah/debian/syslog-=
ng/syslog-ng-1.6.5/doc/Makefile.am
--- /tmp/syslog-ng-1.6.5/doc/Makefile.am 1999-11-15 06:30:41.000000000
-0=
600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.am
2005-04-=
08 15:27:48.978329792 -0500
@@ -4,7 +4,8 @@
=20
EXTRA_DIST =3D $(man_MANS) stresstest.sh syslog-ng.old.txt \
syslog-ng.conf.demo syslog-ng.conf.sample \
- syslog-ng.conf.solaris
+ syslog-ng.conf.solaris README.syslog-ng-anon \
+ syslog-ng-anon.conf
=20
=20
=20
diff -uNr /tmp/syslog-ng-1.6.5/doc/Makefile.in /home/micah/debian/syslog-=
ng/syslog-ng-1.6.5/doc/Makefile.in
--- /tmp/syslog-ng-1.6.5/doc/Makefile.in 2004-08-05 06:53:44.000000000
-0=
500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/Makefile.in
2005-04-=
08 15:27:48.981329336 -0500
@@ -116,7 +116,8 @@
=20
EXTRA_DIST =3D $(man_MANS) stresstest.sh syslog-ng.old.txt \
syslog-ng.conf.demo syslog-ng.conf.sample \
- syslog-ng.conf.solaris
+ syslog-ng.conf.solaris README.syslog-ng-anon \
+ syslog-ng-anon.conf
=20
subdir =3D doc
ACLOCAL_M4 =3D $(top_srcdir)/aclocal.m4
diff -uNr /tmp/syslog-ng-1.6.5/doc/README.syslog-ng-anon /home/micah/debi=
an/syslog-ng/syslog-ng-1.6.5/doc/README.syslog-ng-anon
--- /tmp/syslog-ng-1.6.5/doc/README.syslog-ng-anon 1969-12-31 18:00:00.00=
0000000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/README.syslog-ng-ano=
n 2005-04-08 15:27:48.984328880 -0500
@@ -0,0 +1,93 @@
+syslog-ng-anon
+
+ This patch adds the capability to syslog-ng that allows you to strip
+ out any given regexp or all IP addresses from log messages before
+ they are written to disk. The goal is to give the system administrator
+ the means to implement site logging policies, by allowing them easy
+ control over exactly what data they retain in their logfiles,
+ regardless of what a particular daemon might think is best.
+
+Background:
+
+ Data retention has become a hot legal topic for ISPs and other Online
+ Service Providers (OSPs). There are many instances where it is preferab=
le
+ to keep less information on users than is collected by default on many
+ systems. In the United States it is not currently required to retain
+ data on users of a server, but you may be required to provide all data
+ on a user which you have retained. OSPs can protect themselves from leg=
al
+ hassles and added work by choosing what data they wish to retain.
+
+ From "Best Practices for Online Service Providers"
+ (http://www.eff.org/osp):
+
+ As an intermediary, the OSP [Online Service Provider] finds itself in
+ a position to collect and store detailed information about its users
+ and their online activities that may be of great interest to third
+ parties. The USA PATRIOT Act also provides the government with
+ expanded powers to request this information. As a result, OSP owners
+ must deal with requests from law enforcement and lawyers to hand over
+ private user information and logs. Yet, compliance with these demands
+ takes away from an OSP's goal of providing users with reliable,
+ secure network services. In this paper, EFF offers some suggestions,
+ both legal and technical, for best practices that balance the needs
+ of OSPs and their users' privacy and civil liberties.
+=20
+ Rather than scrubbing the information you don't want in logs, this pat=
ch
+ ensures that the information is never written to disk. Also, for those=
=20
+ daemons which log through syslog facilities, this patch provides a=20
+ convenient single configuration to limit what you wish to log.
+ =20
+ Here are some related links:
+ =20
+ Best Practices for Online Service Providers
+ http://www.eff.org/osp
+ http://www.eff.org/osp/20040819_OSPBestPractices.pdf
+ =20
+ EPIC International Data Retention Page
+ http://www.epic.org/privacy/intl/data_retention.html
+ =20
+ Working Paper on Usage Log Data Management (from Computer, Freedom, an=
d=20
+ Privacy conference) http://cryptome.org/usage-logs.htm
+ =20
+
+Installing syslog-ng-anon=20
+ =20
+ Applying the patch
+
+ This patch has been tested against the following versions of syslog-ng=
:
+ . version 1.9.5
+ . Debian package syslog-ng_1.9.5-2
+
+
+ To use this patch, obtain the source for syslog-ng=20
+ (http://www.balabit.com/downloads/syslog-ng/1.6/src/) and the latest
+ syslog-ng-anon patch (http://dev.riseup.net/patches/syslog-ng/).=20
+ Uncompress the syslog-ng source and then apply the patch:
+
+ % tar -zxvf syslog-ng.tar.gz
+ % cd syslog-ng
+ % patch -p3 < syslog-ng-anon.diff
+=20
+ Then compile and install syslog-ng as normal.
+
+ Debian package
+
+ Alternately, you can install syslog-ng-anon from this repository:
+ deb http://deb.riseup.net/debian unstable main
+
+ How to use it
+
+ This patch adds the filter "strip". For example:
+
+ filter f_strip {strip(<regexp>);};
+
+ This will strip out all matches of the regular expression on logs to
+ which the filter is applied. In place of a regular expression, you can
+ put "ips", which will remove all internet addresses. For example:
+
+ and the shortcut 'ips':
+
+ filter f_strip {strip(ips);};
+
+
+For a complete example, see the example syslog-ng-anon.conf.
diff -uNr /tmp/syslog-ng-1.6.5/doc/syslog-ng-anon.conf /home/micah/debian=
/syslog-ng/syslog-ng-1.6.5/doc/syslog-ng-anon.conf
--- /tmp/syslog-ng-1.6.5/doc/syslog-ng-anon.conf 1969-12-31
18:00:00.0000=
00000 -0600
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/doc/syslog-ng-anon.conf
=
2005-04-08 15:27:48.987328424 -0500
@@ -0,0 +1,243 @@
+#
+# Configuration file for syslog-ng under Debian.
+# Customized for riseup.net using syslog-ng-anon patch
+# (http://dev.riseup.net/patches/syslog-ng/)
+#
+# see http://www.campin.net/syslog-ng/expanded-syslog-ng.conf
+# for examples.
+#
+# levels: emerg alert crit err warning notice info debug
+#
+
+############################################################
+## global options
+
+options {
+ chain_hostnames(0);
+ time_reopen(10);
+ time_reap(360);
+ sync(0);
+ log_fifo_size(2048);
+ create_dirs(yes);
+ group(adm);
+ perm(0640);
+ dir_perm(0755);
+ use_dns(no);
+};
+
+############################################################
+## universal source
+
+source s_all {
+ internal();
+ unix-stream("/dev/log");
+ file("/proc/kmsg" log_prefix("kernel: "));
+};
+
+############################################################
+## generic destinations
+
+destination df_facility_dot_info { file("/var/log/$FACILITY.info"); =
};
+destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); =
};
+destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); =
};
+destination df_facility_dot_err { file("/var/log/$FACILITY.err"); =
};
+destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); =
};
+
+############################################################
+## generic filters
+
+filter f_strip { strip(ips); };
+filter f_at_least_info { level(info..emerg); };
+filter f_at_least_notice { level(notice..emerg); };
+filter f_at_least_warn { level(warn..emerg); };
+filter f_at_least_err { level(err..emerg); };
+filter f_at_least_crit { level(crit..emerg); };
+
+############################################################
+## auth.log
+
+filter f_auth { facility(auth, authpriv); };
+destination df_auth { file("/var/log/auth.log"); };
+log {
+ source(s_all);
+ filter(f_auth);
+ destination(df_auth);
+};
+
+############################################################
+## daemon.log
+
+filter f_daemon { facility(daemon); };
+destination df_daemon { file("/var/log/daemon.log"); };
+log {
+ source(s_all);
+ filter(f_daemon);
+ destination(df_daemon);
+};
+
+############################################################
+## kern.log
+
+filter f_kern { facility(kern); };
+destination df_kern { file("/var/log/kern.log"); };
+log {
+ source(s_all);
+ filter(f_kern);
+ destination(df_kern);
+};
+
+############################################################
+## user.log
+
+filter f_user { facility(user); };
+destination df_user { file("/var/log/user.log"); };
+log {
+ source(s_all);
+ filter(f_user);
+ destination(df_user);
+};
+
+############################################################
+## sympa.log
+
+filter f_sympa { program("^(sympa|bounced|archived|task_manager)"); };
+destination d_sympa { file("/var/log/sympa.log"); };
+log {
+ source(s_all);
+ filter(f_sympa);
+ destination(d_sympa);
+ flags(final);
+};
+
+############################################################
+## wwsympa.log
+
+filter f_wwsympa { program("^wwsympa"); };
+destination d_wwsympa { file("/var/log/wwsympa.log"); };
+log {
+ source(s_all);
+ filter(f_wwsympa);
+ filter(f_strip);
+ destination(d_wwsympa);
+ flags(final);
+};
+
+############################################################
+## ldap.log
+
+filter f_ldap { program("slapd"); };
+destination d_ldap { file("/var/log/ldap.log"); };
+log {
+ source(s_all);
+ filter(f_ldap);
+ destination(d_ldap);
+ flags(final);
+};
+
+############################################################
+## postfix.log
+
+# special source because of chroot jail
+#source s_postfix { unix-stream("/var/spool/postfix/dev/log" keep-alive(=
yes)); };=20
+filter f_postfix { program("^postfix/"); };
+destination d_postfix { file("/var/log/postfix.log"); };
+log {
+ source(s_all);
+ filter(f_postfix);
+ filter(f_strip);
+ destination(d_postfix);
+ flags(final);
+};
+
+############################################################
+## courier.log
+
+filter f_courier { program("courier|imap|pop"); };
+destination d_courier { file("/var/log/courier.log"); };
+log {
+ source(s_all);
+ filter(f_courier);
+ filter(f_strip);
+ destination(d_courier);
+ flags(final);
+};
+
+############################################################
+## maildrop.log
+
+filter f_maildrop { program("^maildrop"); };
+destination d_maildrop { file("/var/log/maildrop.log"); };
+log {
+ source(s_all);
+ filter(f_maildrop);
+ destination(d_courier);
+ flags(final);
+};
+
+############################################################
+## mail.log
+
+filter f_mail { facility(mail); };
+destination df_mail { file("/var/log/mail.log"); };
+
+log {
+ source(s_all);
+ filter(f_mail);
+ destination(df_mail);
+};
+
+############################################################
+## messages.log
+
+filter f_messages {
+ level(debug,info,notice)
+ and not facility(auth,authpriv,daemon,mail,user,kern);
+};
+destination df_messages { file("/var/log/messages.log"); };
+log {
+ source(s_all);
+ filter(f_messages);
+ destination(df_messages);
+};
+
+############################################################
+## errors.log
+
+filter f_errors {
+ level(warn,err,crit,alert,emerg)
+ and not facility(auth,authpriv,daemon,mail,user,kern);
+};
+destination df_errors { file("/var/log/errors.log"); };
+log {
+ source(s_all);
+ filter(f_errors);
+ destination(df_errors);
+};
+
+############################################################
+## emergencies
+
+filter f_emerg { level(emerg); };
+destination du_all { usertty("*"); };
+log {
+ source(s_all);
+ filter(f_emerg);
+ destination(du_all);
+};
+
+############################################################
+## console messages
+
+filter f_xconsole {
+ facility(daemon,mail)
+ or level(debug,info,notice,warn)
+ or (facility(news)
+ and level(crit,err,notice));
+};
+destination dp_xconsole { pipe("/dev/xconsole"); };
+log {
+ source(s_all);
+ filter(f_xconsole);
+ destination(dp_xconsole);
+};
+
diff -uNr /tmp/syslog-ng-1.6.5/src/cfg-grammar.y /home/micah/debian/syslo=
g-ng/syslog-ng-1.6.5/src/cfg-grammar.y
--- /tmp/syslog-ng-1.6.5/src/cfg-grammar.y 2004-05-06 03:57:52.000000000 =
-0500
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-grammar.y 2005-0=
4-08 15:27:48.990327968 -0500
@@ -89,7 +89,7 @@
%token KW_REMOVE_IF_OLDER KW_LOG_PREFIX KW_PAD_SIZE
=20
/* filter items*/
-%token KW_FACILITY KW_LEVEL KW_NETMASK KW_HOST KW_MATCH
+%token KW_FACILITY KW_LEVEL KW_NETMASK KW_HOST KW_MATCH KW_STRIP
=20
/* yes/no switches */
%token KW_YES KW_NO
@@ -668,6 +668,7 @@
| KW_NETMASK '(' string ')' { $$ =3D make_filter_netmask($3=
); free($3); }
| KW_HOST '(' string ')' { $$ =3D make_filter_host($3);
free($3); }=09
| KW_MATCH '(' string ')' { $$ =3D make_filter_match($3);
free($3); }
+ | KW_STRIP '(' string ')' { $$ =3D make_filter_strip($3);
free($3); }
| KW_FILTER '(' string ')' { $$ =3D make_filter_call($3);
free($3); }
;
=20
diff -uNr /tmp/syslog-ng-1.6.5/src/cfg-lex.l /home/micah/debian/syslog-ng=
/syslog-ng-1.6.5/src/cfg-lex.l
--- /tmp/syslog-ng-1.6.5/src/cfg-lex.l 2005-04-08 15:21:08.855157760 -050=
0
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/cfg-lex.l 2005-04-08=
15:27:48.993327512 -0500
@@ -140,6 +140,7 @@
{ "netmask", KW_NETMASK },
{ "host", KW_HOST },
{ "match", KW_MATCH },
+ { "strip", KW_STRIP },
=20
/* on/off switches */
{ "yes", KW_YES },
diff -uNr /tmp/syslog-ng-1.6.5/src/filters.c /home/micah/debian/syslog-ng=
/syslog-ng-1.6.5/src/filters.c
--- /tmp/syslog-ng-1.6.5/src/filters.c 2004-01-13 12:08:02.000000000 -060=
0
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.c 2005-04-08=
15:27:48.995327208 -0500
@@ -226,6 +226,44 @@
return &self->super;
}
=20
+static int do_filter_strip(struct filter_expr_node *c,=20
+ struct log_filter *rule UNUSED,
+ struct log_info *log)
+{
+ CAST(filter_expr_re, self, c);
+ char *buffer =3D log->msg->data;
+ regmatch_t pmatch;
+
+ int error =3D regexec(&self->regex, buffer, 1, &pmatch, 0);
+ while (error=3D=3D0) {
+ buffer +=3D pmatch.rm_so;
+ memset(buffer, '-', pmatch.rm_eo - pmatch.rm_so);
+ error =3D regexec (&self->regex, buffer, 1, &pmatch,
REG_NOTBOL);
+ }
+ return 1;
+}
+
+struct filter_expr_node *make_filter_strip(const char *re)
+{
+ int regerr;
+ NEW(filter_expr_re, self);
+ self->super.eval =3D do_filter_strip;
+
+ if (strcasecmp(re,"ips") =3D=3D 0) {
+ re =3D
"(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])([\\.\\-](25[0-5]|2[0-4=
][0-9]|[0-1]?[0-9]?[0-9])){3}";
+ }
+ regerr =3D regcomp(&self->regex, re, REG_ICASE | REG_EXTENDED);
+ if (regerr) {
+ char errorbuf[256];
+ regerror(regerr, &self->regex, errorbuf, sizeof(errorbuf));
+ werror("Error compiling regular expression: \"%z\" (%z)\n", re,
errorb=
uf);
+ KILL(self);
+ return NULL;
+ }
+
+ return &self->super;
+}
+
static int do_filter_prog(struct filter_expr_node *c,=20
struct log_filter *rule UNUSED,
struct log_info *log)
diff -uNr /tmp/syslog-ng-1.6.5/src/filters.h /home/micah/debian/syslog-ng=
/syslog-ng-1.6.5/src/filters.h
--- /tmp/syslog-ng-1.6.5/src/filters.h 2002-02-04 10:07:50.000000000 -060=
0
+++ /home/micah/debian/syslog-ng/syslog-ng-1.6.5/src/filters.h 2005-04-08=
15:27:48.997326904 -0500
@@ -66,6 +66,7 @@
struct filter_expr_node *make_filter_netmask(const char *nm);
struct filter_expr_node *make_filter_host(const char *re);
struct filter_expr_node *make_filter_match(const char *re);
+struct filter_expr_node *make_filter_strip(const char *re);
struct filter_expr_node *make_filter_call(const char *name);
=20
#endif
--===============0669824790==--
---------------------------------------
Received: (at 303808-close) by bugs.debian.org; 24 May 2005 10:39:09 +0000
>From [EMAIL PROTECTED] Tue May 24 03:39:09 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DaWoX-0006Ll-00; Tue, 24 May 2005 03:39:09 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DaWhq-0007BN-00; Tue, 24 May 2005 06:32:14 -0400
From: SZALAY Attila <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#303808: fixed in syslog-ng 1.6.7-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 24 May 2005 06:32:14 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: syslog-ng
Source-Version: 1.6.7-2
We believe that the bug you reported is fixed in the latest version of
syslog-ng, which is due to be installed in the Debian FTP archive:
syslog-ng_1.6.7-2.diff.gz
to pool/main/s/syslog-ng/syslog-ng_1.6.7-2.diff.gz
syslog-ng_1.6.7-2.dsc
to pool/main/s/syslog-ng/syslog-ng_1.6.7-2.dsc
syslog-ng_1.6.7-2_i386.deb
to pool/main/s/syslog-ng/syslog-ng_1.6.7-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
SZALAY Attila <[EMAIL PROTECTED]> (supplier of updated syslog-ng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 May 2005 11:43:11 +0200
Source: syslog-ng
Binary: syslog-ng
Architecture: source i386
Version: 1.6.7-2
Distribution: unstable
Urgency: high
Maintainer: SZALAY Attila <[EMAIL PROTECTED]>
Changed-By: SZALAY Attila <[EMAIL PROTECTED]>
Description:
syslog-ng - Next generation logging daemon
Closes: 297190 303808
Changes:
syslog-ng (1.6.7-2) unstable; urgency=high
.
* Added syslog-ng-anon IP anonymizing patch, see
/usr/share/doc/README.syslog-ng-anon for more information (Closes: #303808)
* Restart syslog-ng manually and start it only if installed and not
upgraded. (Closes: #297190)
Set urgency to high because of this.
* In int change start-stop-damon call parameter from --exec to --name to
enable restart syslog-ng after upgrade.
Files:
7e5ec5dc235d289c20fe5aaf179206df 690 admin extra syslog-ng_1.6.7-2.dsc
7fef3c6ec2db316955911328d30dc2d6 62669 admin extra syslog-ng_1.6.7-2.diff.gz
67fefab15f1d287c1d6b820516fed92a 216942 admin extra syslog-ng_1.6.7-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCkvy123Gu/Kug6LIRAqIeAJ4h0tzvL054Ch7R/FWTh/7bnRS9TgCfe1it
fz8iDOWiVsJQYKIA/xa51bc=
=+nWO
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
