On 2016-03-30, Predrag Punosevac <[email protected]> wrote: > On 3/29/16 5:42 PM, Stuart Henderson wrote: >> On 2016-03-29, Jeff Ross <[email protected]> wrote: >>> Greetings all! >>> >>> I've been away from OpenBSD for a while and for sure I've missed more >>> than a few things. Just updated a firewall in anticipation of > upgrading >>> my server but there are things that have changed. >>> >>> What has me puzzled now is the change to syslogd. For literally > years >>> I've run socklog from ports to replace the stock syslog with no > problems >>> but now it simply doesn't work on 5.9 -current. >>> >>> My former installations of socklog all listen to /dev/log but when I >>> couldn't get anything to work listening there I switched to listening > to >>> 0.0.0.0:514 but still no joy. >>> >>> If anyone out there is using socklog, or possibly any alternative to >>> syslog, I'd sure appreciate a clue by four to get socklog running > again. >> OpenBSD's syslog functions now use sendsyslog(2) which doesn't use >> /dev/log sockets any more. >> >> Here is where syslogd was modified to do things this way: >> > http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 >> - it's probably not all that complex to convert other logging daemons, >> but afaik nobody has yet felt the need to do this for any of the >> alternative log daemons in ports. >> >> If you don't want to write code and want to stick with socklog, >> the easiest way is probably a minimal syslogd(8) setup that >> forwards everything via UDP. >> > Hi Stuart, > > Could you please clarify something to me? I am running a centralized > logging server using syslog-ng from the ports. The way I read your > e-mail is that I will no longer be able to log messages using syslog-ng > from the local host but the port will continue to work as expected.
Yes, this isn't particularly new though, it changed in 5.6. > Would I be able to run syslogd for the local host and syslog-ng for > remote hosts simultaneously? IIRC I saw people posting on misc who were > doing that in the past but I think when I played with it syslog-ng > didn't want to start until I turned off syslogd. You can run two simultaneously but you'll need to get one of them to bind to a specific IP address. > How suitable is syslogd > from the base as a centralized logging server. I know that it supports > TCP and TLS now but does it play well with rsyslog or syslog-ng? I have > bunch of Linux servers to log. If you can get them to feed it syslog messages using either the usual UDP-based syslog protocol or using a TCP/TLS protocol then that should work fine (IIRC the TLS code was developed against one of these, possibly rsyslog?). syslogd(8) / syslog.conf(5) gained +host/++host matching that allows you to separate logs between different hosts into different files which can be useful on a centralised log host. There are lots of options of how to set this all up.
