Created attachment 221498 [details] revert ports r555726 It's need to revert syslog-ng.conf.sample after ports r555726. The commit contains some errors: 1) The system() source contains a syslog-protocol flag by default ( https://github.com/syslog-ng/syslog-ng/blob/2d594f664a5d8c01081c96c966ac3d05ef8675d4/modules/system-source/system-source.c#L57 ) for a long time now. 2) The system() source contains unix-dgram("/var/run/logpriv" perm(0600)); also ( https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.21/administration-guide/25#TOPIC-1180460 ). Omitted by the commit. 3) There're no a no-parse flag on file("/dev/klog") in the commit. 4) The udp() source is omitted by the commit. P.S. Added the LICENSE section to Makefile also.
Without the patch syslog-ng is crippled on FreeBSD 12+ that support RFC 5424, the default. What specific problem are you experiencing?
(In reply to Cy Schubert from comment #1) Syslog-ng works correctly on FreeBSD 12+ that support RFC 5424, because the system() source already contains flags(syslog-protocol) by default. The previous commit is meaningless. Specific problem is logpriv-socket absence.
Created attachment 222100 [details] Patch proposed by syslog-ng upstream Can you please try this patch from Peter Czanik of syslog-ng support.
(In reply to Cy Schubert from comment #3) Why has Peter removed the "no-parse" flag from system_sysblock_add_file() for FreeBSD 9.1+? What about another errors (1,2 and 4)?
I fully support reverting to the previous configuration, as that solves problems 1, 2 and 4 and makes transition from FreeBSD 11 to 12 transparent without touching the configuration. The tricky one is problem 3. The proposed patch makes sure, that kernel logs collected by syslog-ng look the same as kernel logs collected by syslogd in the base system: Before the patch: Jan 13 09:51:13 fb122 root[1639]: bla Jan 13 09:51:23 fb122 kernel: <6>em0: link state changed to DOWN Jan 13 09:51:26 fb122 dhclient[1647]: New IP Address (em0): 172.16.167.138 Jan 13 09:51:26 fb122 dhclient[1650]: New Subnet Mask (em0): 255.255.255.0 Jan 13 09:51:26 fb122 dhclient[1652]: New Broadcast Address (em0): 172.16.167.255 Jan 13 09:51:26 fb122 dhclient[1653]: New Routers (em0): 172.16.167.2 Jan 13 09:51:26 fb122 kernel: <6>em0: link state changed to UP Jan 13 10:00:48 fb122 syslog-ng[1638]: syslog-ng shutting down; version='3.30.1' Jan 13 10:00:48 fb122 syslog-ng[1713]: syslog-ng starting up; version='3.30.1' After the syslog-ng patch (and also with syslogd in the base system): Jan 13 10:03:14 fb122 syslog-ng[1744]: syslog-ng starting up; version='3.30.1' Jan 13 10:03:16 fb122 root[1745]: bla Jan 13 10:03:32 fb122 kernel: em0: link state changed to DOWN Jan 13 10:03:35 fb122 dhclient[1754]: New IP Address (em0): 172.16.167.138 Jan 13 10:03:35 fb122 dhclient[1755]: New Subnet Mask (em0): 255.255.255.0 Jan 13 10:03:35 fb122 dhclient[1757]: New Broadcast Address (em0): 172.16.167.255 Jan 13 10:03:35 fb122 dhclient[1760]: New Routers (em0): 172.16.167.2 Jan 13 10:03:35 fb122 kernel: em0: link state changed to UP Jan 13 10:36:38 fb122 syslog-ng[1744]: syslog-ng shutting down; version='3.30.1' As you can see, the difference is: an extra "<6>" printed between "kernel:" and "em0:". With no-parse the message header containing priority/facility in <> becomes also part of the message. Once we remove no-parse, kernel message is parsed correctly, just like by syslogd. Yes, syslog-ng for the past few years included the <> part. But that's more of a bug than a feature...
Created attachment 222160 [details] syslog-ng.diff (In reply to Peter Czanik from comment #5) Hi Peter. It's a practical comment. I agree with it. I've rebuilded the patch for the port.
In that case I won't use your patch but do two separate commits.
(In reply to Cy Schubert from comment #7) Ok, good idea. I hope that all suggested fixes (from the obsoleted patch) will be considered in the commit.
No. That would mess up the VCS history.
A commit references this bug: Author: cy Date: Thu Feb 4 14:24:32 UTC 2021 New revision: 564027 URL: https://svnweb.freebsd.org/changeset/ports/564027 Log: Revert r555726: Support RFC5424/IETF syslog format. There is a better way to support RFC5424/IETF syslog format implemented in 12-STABLE, 13-STABLE, and 14-CURRENT. PR: 252613 Reported by: Boris Korzun <drtr0jan@yandex.ru> Reviewed by: Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream Changes: head/sysutils/syslog-ng/Makefile head/sysutils/syslog-ng/files/syslog-ng.conf.sample
A commit references this bug: Author: cy Date: Thu Feb 4 14:24:36 UTC 2021 New revision: 564028 URL: https://svnweb.freebsd.org/changeset/ports/564028 Log: A better way to support RFC5424/IETF syslog format. 12-STABLE, 13-STABLE, and 14-CURRENT now support RFC5424 by default. PR: 252613 Reported by: leres Reviewed by: Peter Czanik <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream Changes: head/sysutils/syslog-ng/Makefile head/sysutils/syslog-ng/files/patch-modules_system-source_system-source.c
A commit references this bug: Author: cy Date: Thu Feb 4 14:24:40 UTC 2021 New revision: 564029 URL: https://svnweb.freebsd.org/changeset/ports/564029 Log: Add license metadata. The open source version of syslog-ng is GPLv2. PR: 252613 Submitted by: Boris Korzun <drtr0jan@yandex.ru> Reported by: Boris Korzun <drtr0jan@yandex.ru> Changes: head/sysutils/syslog-ng/Makefile
(In reply to Cy Schubert from comment #9) Good job! Thx!