Last year, I wrote a small configuration snippet for syslog-ng: FreeBSD audit source. I published it in a previous blog, and based on feedback, it is already used in production. And soon, it will be available also as part of a syslog-ng release.
As an active FreeBSD user and co-maintainer of the sysutils/syslog-ng port for FreeBSD, I am always happy to share FreeBSD-related news. Last year, we improved directory monitoring and file reading on FreeBSD and MacOS. Now, the FreeBSD audit source is already available in syslog-ng development snapshots.
If you already use the FreeBSD audit source, you only need one little change in your configuration. As the configuration snippet is now part of SCL (the syslog-ng configuration library), you do not need this part in your configuration anymore:
@define def-praudit-params " -p -l -x"
block source freebsd-audit(params("`def-praudit-params`")) {
program(
"tail -F /var/audit/current | praudit `params`"
flags(no-parse)
);
};
Development snapshots of syslog-ng are not part of FreeBSD ports, but you can compile them yourself with a little effort. Two of my blogs contain the necessary information:
-
https://www.syslog-ng.com/community/b/blog/posts/compiling-syslog-ng-git-snapshots-on-freebsd describes how to generate a release tgz from a git snapshot of syslog-ng on FreeBSD.
-
https://www.syslog-ng.com/community/b/blog/posts/installing-a-syslog-ng-4-development-snapshot-on-freebsd describes how to use my up-to-date ports for the latest syslog-ng git snapshot.
Each commit to the syslog-ng git repository is tested on FreeBSD. I regularly test syslog-ng on FreeBSD when I update my ports repo. However, obviously I cannot test all possible combinations of the syslog-ng configuration, so any testing and feedback is very welcome!
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.