syslog-ng is a replacement for the BSD's syslog daemon with a few nifty security features. Among the files it installs is a sample config, presumable tro be used as a template to build your configfrom. The sample config claims to be an exact equivalent of FreeBSD's /etc/syslog.conf as distributed with the system. Unfortunately, this claim rests on erroneous understanding of syslog-ng's configuration language. The sample config is not only defective but actually misleads the user into false assumptions about syslog-ngs config semantic. Here is the worst offender. The following block handles /var/log/messages. The filters used are all predefined elsewhere and essentially do what you would expect them to do based on their name. The commented header line displays the syslog.conf line it is supposed to replace. # --------------- # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages # log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); }; # --------------- The problem here is that filters in a log statement are combined by AND, while consecutive log statements are essentially additive. The original syslogd, on the other hand, allows consecutive statements to modify their preceding, more general statements. The original line, for instance, meant "all lines notice-and-above, except authpriv, and also except any mail lines below crit and news lines below err. Furthermore everything from kern and info-and-above from lpr. ). In the syslog-ng syntax, this is not reproduced. the nog statements for mail and news are NOPs. A similar problem exists with the /dev/console block. Fix: There is no way in syslog-ng to work with simple atomar filters and combine them in a sequence of log lines to emulate the syslog.conf mechanism, as the author tries. You have to employ more complex filters. I give an example. I assume the predefined atomar filters in the sample file are still there: # ------------- filter f_msgntc { level(notice..emerg) and not facility(authpriv) and not (facility(mail) and level(notice..err)) and not (facility(news) and level(notice..warning)) ; }; # log { source(src); filter(f_msgntc); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; # ------------- You also need to use a similar fix with the /dev/console block How-To-Repeat: install syslog-ng move /usr/local/etc/syslog-ng.conf.sample to /usr/local/etc/syslog-ng.conf activate syslog-ng in /etc/rc.conf deactivate system syslogd and start syslog-ng test classes like mail.err or news.warning via logger(1)
Responsible Changed From-To: freebsd-ports-bugs->cy Over to maintainer (via the GNATS Auto Assign Tool)
Is this PR still relevant?
Same question: Is it still relevant.
Probably best to check with our upline.
This has been addressed by the latest tarball from upstream.