From a6ca28c55bb2317e9870285277d8e0ec5486d2dd Mon Sep 17 00:00:00 2001 From: Leger Lance Date: Sun, 16 Sep 2012 18:48:34 +0200 Subject: New syslog-ng package --- config/syslog-ng/syslog-ng.inc | 432 ++++++++++++++++++++++++++++++ config/syslog-ng/syslog-ng.xml | 192 +++++++++++++ config/syslog-ng/syslog-ng_advanced.xml | 135 ++++++++++ config/syslog-ng/syslog-ng_log_viewer.php | 167 ++++++++++++ pkg_config.8.xml | 20 +- 5 files changed, 945 insertions(+), 1 deletion(-) create mode 100644 config/syslog-ng/syslog-ng.inc create mode 100644 config/syslog-ng/syslog-ng.xml create mode 100644 config/syslog-ng/syslog-ng_advanced.xml create mode 100644 config/syslog-ng/syslog-ng_log_viewer.php diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc new file mode 100644 index 00000000..b56cef39 --- /dev/null +++ b/config/syslog-ng/syslog-ng.inc @@ -0,0 +1,432 @@ +$post['objecttype'], "objectname"=>$post['objectname'], "objectparameters"=>$post['objectparameters']); + + if(empty($objects)) { + $objects = $new_object; + } else { + $objects = syslogng_merge_objects($objects, $new_object); + } + + if($errors = syslogng_test_object_syntax($objects)) + $input_errors[] = "Syslog-ng syntax test failed:\n" . $errors; +} + +function syslogng_install_cron($should_install) { + global $config, $g; + + if($g['booting']==true) + return; + + if(!$config['cron']['item']) + return; + + $x=0; + $rotate_job_id=-1; + $rotate_is_installed = false; + + foreach($config['cron']['item'] as $item) { + if(strstr($item['task_name'], "syslogng_rotate_logs")) { + $rotate_job_id = $x; + } + $x++; + } + $need_write = false; + switch($should_install) { + case true: + if($rotate_job_id < 0) { + $cron_item = array(); + $cron_item['task_name'] = "syslogng_rotate_logs"; + $cron_item['minute'] = "0"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/logrotate /usr/local/etc/logrotate.conf"; + $config['cron']['item'][] = $cron_item; + $need_write = true; + } + if($need_write) { + parse_config(true); + write_config("Adding syslog-ng Cron Jobs"); + } + break; + case false: + if($rotate_job_id >= 0) { + unset($config['cron']['item'][$rotate_job_id]); + $need_write = true; + } + if($need_write) { + parse_config(true); + write_config("Removing syslog-ng Cron Jobs"); + } + break; + } + configure_cron(); +} + +function syslogng_build_default_objects($settings) { + $default_objects = array(); + + $interfaces = $settings['interfaces']; + $default_protocol = $settings['default_protocol']; + $default_port = $settings['default_port']; + $default_logdir = $settings['default_logdir']; + $default_logfile = $settings['default_logfile']; + + $default_objects[0] = array("objecttype"=>"source", "objectname"=>"_DEFAULT", "objectparameters"=>"{ internal(); syslog(transport($default_protocol) port($default_port)"); + foreach (explode(",", $interfaces) as $interface) { + $interface_address = syslogng_get_real_interface_address($interface); + if($interface_address[0]) { + $default_objects[0]['objectparameters'] .= " ip({$interface_address[0]})"; + } + } + $default_objects[0]['objectparameters'] .= "); };"; + $default_objects[1] = array("objecttype"=>"destination", "objectname"=>"_DEFAULT", "objectparameters"=>"{ file(\"$default_logdir/$default_logfile\"); };"); + $default_objects[2] = array("objecttype"=>"log", "objectname"=>"_DEFAULT", "objectparameters"=>"{ source(_DEFAULT); destination(_DEFAULT); };"); + + return $default_objects; +} + + +function syslogng_merge_objects($objects1, $objects2) +{ + foreach($objects2 as $object2) { + $match = 0; + foreach($objects1 as &$object1) { + if(($object2['objecttype'] == $object1['objecttype']) && ($object2['objectname'] == $object1['objectname'])) { + $object1 = $object2; + $match = 1; + } + } + if($match == 0) + array_push($objects1, $object2); + } + + return $objects1; +} + +function syslogng_test_object_syntax($objects) { + exec("mv /usr/local/etc/syslog-ng.conf /usr/local/etc/syslog-ng.conf.backup"); + syslogng_build_conf($objects); + $errors = trim(shell_exec('/usr/local/sbin/syslog-ng --syntax-only 2>&1')); + exec("mv /usr/local/etc/syslog-ng.conf /usr/local/etc/syslog-ng.conf.tested"); + exec("mv /usr/local/etc/syslog-ng.conf.backup /usr/local/etc/syslog-ng.conf"); + + return $errors; +} + +function syslogng_get_log_files($objects) { + $log_files = array(); + + foreach($objects as $object) { + if($object['objecttype'] == 'destination') { + preg_match("/file\(['\"]([^'\"]*)['\"]/", $object['objectparameters'], $match); + if($match) { + $log_file = $match[1]; + array_push($log_files, $log_file); + } + } + } + + return $log_files; +} + +function syslogng_build_conf($objects) { + $conf = "# This file is automatically generated by pfSense\n"; + $conf .= "# Do not edit manually !\n"; + $conf .= "@version:3.3\n"; + + foreach($objects as $object) { + if($object['objecttype'] == 'log' || $object['objecttype'] == 'options') { + $conf .= $object['objecttype'] . " " . $object['objectparameters'] . "\n"; + } else { + $conf .= $object['objecttype'] . " " . $object['objectname'] . " " . $object['objectparameters'] . "\n"; + } + } + + file_put_contents('/usr/local/etc/syslog-ng.conf', $conf); +} + +function syslogng_build_logrotate_conf($settings, $objects) { + $conf = "# This file is automatically generated by pfSense\n"; + $conf .= "# Do not edit manually !\n"; + + $compress_archives = $settings['compress_archives']; + $compress_type = $settings['compress_type']; + $archive_frequency = $settings['archive_frequency']; + $max_archives = $settings['max_archives']; + + $log_files = syslogng_get_log_files($objects); + + foreach($log_files as $log_file) { + $conf .= "$log_file "; + } + + $conf .= "{\n"; + $conf .= "\trotate $max_archives\n"; + $conf .= "\t$archive_frequency\n"; + + if($compress_archives == 'on') { + $conf .= "\tcompress\n"; + if($compress_type == 'bz2') { + $conf .= "\tcompresscmd bzip2\n"; + } + } + + $conf .= "\tpostrotate\n"; + $conf .= "\t\tkill -s HUP `cat /var/run/syslog-ng.pid`\n"; + $conf .= "\tendscript\n"; + $conf .= "}\n"; + + file_put_contents('/usr/local/etc/logrotate.conf', $conf); +} + +function syslogng_generate_rules($type) { + global $config; + + $settings = $config['installedpackages']['syslogng']['config'][0]; + + $interfaces = ($settings['interfaces'] ? $settings['interfaces'] : 'lan'); + $default_protocol = ($settings['default_protocol'] ? $settings['default_protocol'] : 'udp'); + $default_port = ($settings['default_port'] ? $settings['default_port'] : 5140); + + $rules = ""; + switch($type) { + case 'rule': + foreach ($interfaces as $interface) { + $rules .= "pass in quick on $interface proto $default_protocol from any to !($interface) port $default_port no state label\n"; + } + break; + } + + return $rules; +} + +function syslogng_resync() { + global $config; + conf_mount_rw(); + + $settings = $config['installedpackages']['syslogng']['config'][0]; + $objects = $config['installedpackages']['syslogngadvanced']['config']; + + if(!isset($settings['enable'])) + $settings['enable'] = 'off'; + if(!isset($settings['interfaces'])) + $settings['interfaces'] = 'lan'; + if(!isset($settings['default_protocol'])) + $settings['default_protocol'] = 'udp'; + if(!isset($settings['default_port'])) + $settings['default_port'] = 5140; + if(!isset($settings['default_logdir'])) + $settings['default_logdir'] = '/var/syslog-ng'; + if(!isset($settings['default_logfile'])) + $settings['default_logfile'] = 'default.log'; + if(!isset($settings['archive_frequency'])) + $settings['archive_frequency'] = 'daily'; + if(!isset($settings['compress_archives'])) + $settings['compress_archives'] = 'on'; + if(!isset($settings['compress_type'])) + $settings['compress_type'] = 'gz'; + if(!isset($settings['max_archives'])) + $settings['max_archives'] = 30; + + $default_objects = syslogng_build_default_objects($settings); + + if(empty($objects)) { + $objects = $default_objects; + } else { + $objects = syslogng_merge_objects($objects, $default_objects); + } + + $sort = array(); + foreach($objects as $k=>$v) { + $sort['objecttype'][$k] = $v['objecttype']; + $sort['objectname'][$k] = $v['objectname']; + } + array_multisort($sort['objecttype'], SORT_ASC, $sort['objectname'], SORT_ASC, $objects); + + syslogng_build_conf($objects); + syslogng_build_logrotate_conf($settings, $objects); + + $config['installedpackages']['syslogng']['config'][0] = $settings; + $config['installedpackages']['syslogngadvanced']['config'] = $objects; + + if($settings['enable'] == 'on') { + if(!file_exists($settings['default_logdir'])) { + exec("mkdir -p " . $settings['default_logdir']); + } + + syslogng_write_rcfile(); + + if(!is_service_running('syslog-ng')) { + log_error("Starting syslog-ng"); + exec("/usr/local/etc/rc.d/syslog-ng.sh start"); + } else { + log_error("Reloading syslog-ng for configuration sync"); + exec("/usr/local/etc/rc.d/syslog-ng.sh restart"); + } + + // Sleep for a couple seconds to give syslog-ng a chance to fire up fully. + for ($i=0; $i < 10; $i++) { + if(!is_service_running('syslog-ng')) + sleep(1); + } + } else { + if(is_service_running('syslog-ng')) { + log_error("Stopping syslog-ng"); + exec("/usr/local/etc/rc.d/syslog-ng.sh stop"); + + unlink_if_exists("/usr/local/etc/rc.d/syslog-ng.sh"); + } + } + + write_config(); + conf_mount_ro(); + filter_configure(); +} + +function syslogng_write_rcfile() { + $rc = array(); + $pid_file = "/var/run/syslog-ng.pid"; + $rc['file'] = 'syslog-ng.sh'; + $rc['start'] = <</dev/null +fi +# Just in case pid file didn't exist or process is still running... +sleep 5 +killall -9 syslog-ng 2>/dev/null + +EOD; + $rc['restart'] = <</dev/null +else + killall -9 syslog-ng 2>/dev/null + /usr/local/sbin/syslog-ng -p {$pid_file} +fi + +EOD; + conf_mount_rw(); + write_rcfile($rc); +} +?> \ No newline at end of file diff --git a/config/syslog-ng/syslog-ng.xml b/config/syslog-ng/syslog-ng.xml new file mode 100644 index 00000000..dbdd4a8d --- /dev/null +++ b/config/syslog-ng/syslog-ng.xml @@ -0,0 +1,192 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + Syslog-ng + 3.3.4_1 + Services: Syslog-ng + /usr/local/pkg/syslog-ng.inc + + Syslog-ng + Setup Syslog-ng +
Services
+ /syslog-ng_log_viewer.php +
+ + syslog-ng + syslog-ng.sh + syslog-ng + + + + General + /pkg_edit.php?xml=syslog-ng.xml&id=0 + + + + Advanced + /pkg.php?xml=syslog-ng_advanced.xml + + + Log Viewer + /syslog-ng_log_viewer.php + + + + /usr/local/pkg/ + 0755 + http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.inc + + + /usr/local/pkg/ + 0755 + http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_advanced.xml + + + /usr/local/www/ + 0755 + http://www.pfsense.org/packages/config/syslog-ng/syslog-ng_log_viewer.php + + + + Enable + enable + checkbox + Select this option to enable syslog-ng + + + Interface Selection + interfaces + interfaces_selection + Select interfaces you want to listen on + + + + + Default Protocol + default_protocol + Select the default protocol you want to listen on + select + udp + + + + + + + + Default Port + default_port + input + Enter default port number you want to listen on + 514 + + + + Default Log Directory + default_logdir + input + Enter default log directory (no trailing slash) + /var/syslog-ng + + + + Default Log File + default_logfile + input + Enter default log file + default.log + + + + Archive Frequency + archive_frequency + Select the frequency to archive (rotate) log files + select + daily + + + + + + + + + Compress Archives + compress_archives + checkbox + Select this option to compress archived log files + + + Compress Type + compress_type + Select the type of compression for archived log files + select + gz + + + + + + + Max Archives + max_archives + input + Enter the number of max archived log files + 30 + + + + + syslogng_validate_general($_POST, &$input_errors); + + + syslogng_resync(); + + + syslogng_install_command(); + + + syslogng_deinstall_command(); + + syslogng_generate_rules +
diff --git a/config/syslog-ng/syslog-ng_advanced.xml b/config/syslog-ng/syslog-ng_advanced.xml new file mode 100644 index 00000000..36a02a07 --- /dev/null +++ b/config/syslog-ng/syslog-ng_advanced.xml @@ -0,0 +1,135 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + Syslog-ng Advanced + 0.1.0 + Services: Syslog-ng Advanced + /usr/local/pkg/syslog-ng.inc + An object has been deleted. + An object has been created/modified. + + Syslog-ng + Setup Syslog-ng +
Services
+
+ + + General + /pkg_edit.php?xml=syslog-ng.xml&id=0 + + + Advanced + /pkg.php?xml=syslog-ng_advanced.xml + + + + Log Viewer + /syslog-ng_log_viewer.php + + + + + Object Type + objecttype + + + Object Name + objectname + + + Description + description + + + + + Object Name + objectname + Enter the object name + input + + + + Object Type + objecttype + Select the object type + select + + + + + + + + + + + + + + + Object Parameters + objectparameters + Enter the object parameters + textarea + 65 + 5 + + + + Description + description + Enter the description for this item + input + + + + syslogng_resync(); + + + syslogng_validate_advanced($_POST, &$input_errors); + + + syslogng_resync(); + +
\ No newline at end of file diff --git a/config/syslog-ng/syslog-ng_log_viewer.php b/config/syslog-ng/syslog-ng_log_viewer.php new file mode 100644 index 00000000..c8183f14 --- /dev/null +++ b/config/syslog-ng/syslog-ng_log_viewer.php @@ -0,0 +1,167 @@ + 0)) { + $grep = "grep -ih"; + + if(($compress_archives == 'on') && glob($logfile . "*" . $compress_type) && $archives) { + if($compress_type == 'bz2') { + $grep = "bzgrep -ih"; + } else { + $grep = "zgrep -ih"; + } + } + + if(isset($filter) && $not) { + $grepcmd = "$grep -v '$filter' $logfile"; + } else { + $grepcmd = "$grep '$filter' $logfile"; + } + + if($archives) + $grepcmd = $grepcmd . "*"; + + $log_lines = trim(shell_exec("$grepcmd | wc -l")); + $log_output = trim(shell_exec("$grepcmd | sort -M | tail -n $limit")); + + if(!empty($log_output)) { + $log_messages = explode("\n", $log_output); + $log_messages_count = sizeof($log_messages); + } +} + +$pgtitle = "Services: Syslog-ng Log Viewer"; +include("head.inc"); +?> + + + +
+ + + +
+ +
+
+ + +
+ + + + + + + + + +
Log File
Limit
Include Archives />
+ + \n"; + foreach($log_messages as $log_message) { + echo "\n"; + } + } else { + echo "\n"; + } + ?> +
Showing $log_messages_count of $log_lines messages
$log_message
No log messages found or log file is empty.
+
Filter
Inverse Filter (NOT) />
+ +
+
+
+
+ + \ No newline at end of file diff --git a/pkg_config.8.xml b/pkg_config.8.xml index f7723d59..7e5f22ef 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1758,5 +1758,23 @@ tinc - + syslog-ng + http://www.balabit.com/network-security/syslog-ng/ + Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server. + Services + 3.3.4_1 + ALPHA + 2.1 + http://files.pfsense.org/packages/8/All/ + syslog-ng-3.3.4_1.pbi + logrotate-3.7.9.pbi + + sysutils/syslog-ng + sysutils/logrotate + + + laleger@gmail.com + http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml + syslog-ng.xml + -- cgit v1.2.3 From 4d790f849edaede4ba909564b92d10594ee0adfe Mon Sep 17 00:00:00 2001 From: Leger Lance Date: Sun, 16 Sep 2012 18:59:26 +0200 Subject: Fixed issue with syslog-ng package entry (was missing enclosing ) --- pkg_config.8.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 7e5f22ef..27af7d2b 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1758,6 +1758,7 @@ tinc + syslog-ng http://www.balabit.com/network-security/syslog-ng/ Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server. @@ -1776,5 +1777,6 @@ laleger@gmail.com http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml syslog-ng.xml + -- cgit v1.2.3 From d18b6591cb16504ce201b49d9c4fe03ed81d1c00 Mon Sep 17 00:00:00 2001 From: Leger Lance Date: Sun, 16 Sep 2012 19:07:51 +0200 Subject: Fixed issue where tags were used instead of tags --- pkg_config.8.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 27af7d2b..b8d20e5d 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1767,8 +1767,8 @@ ALPHA 2.1 http://files.pfsense.org/packages/8/All/ - syslog-ng-3.3.4_1.pbi - logrotate-3.7.9.pbi + syslog-ng-3.3.4_1.pbi + logrotate-3.7.9.pbi sysutils/syslog-ng sysutils/logrotate -- cgit v1.2.3