diff options
author | jim-p <jimp@pfsense.org> | 2011-10-26 17:13:01 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2011-10-26 17:14:37 -0400 |
commit | 4659f856f96b4f289d3f5de55d6b7d15f7c5351c (patch) | |
tree | 711ef9366e57c99afacdf14bbd128b33546e76ae | |
parent | 16cc1c10bf5b5ccad91e30a5e78c9ed77742d176 (diff) | |
download | pfsense-4659f856f96b4f289d3f5de55d6b7d15f7c5351c.zip pfsense-4659f856f96b4f289d3f5de55d6b7d15f7c5351c.tar.gz |
Fix up syslog settings a bit, add some missing options, fix formatting of syslog.conf, correct behavior of 'everything', code cleanup.
-rw-r--r-- | etc/inc/system.inc | 207 | ||||
-rwxr-xr-x | usr/local/www/diag_logs_settings.php | 64 |
2 files changed, 137 insertions, 134 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 4a36b14..e3a9b30 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -413,6 +413,21 @@ function system_routing_enable() { return mwexec("/sbin/sysctl net.inet.ip.forwarding=1"); } +function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { + // Rather than repeatedly use the same code, use this function to build a list of remote servers. + $facility .= " ". + $remote_servers = ""; + $pad_to = 56; + $padding = ceil(($pad_to - strlen($facility))/8)+1; + if($syslogcfg['remoteserver']) + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@{$syslogcfg['remoteserver3']}\n"; + return $remote_servers; +} + function system_syslogd_start() { global $config, $g; if(isset($config['system']['developerspew'])) { @@ -430,9 +445,9 @@ function system_syslogd_start() { killbypid("{$g['varrun_path']}/syslog.pid"); if(is_process_running("syslogd")) - pkill("syslogd"); + mwexec('/bin/pkill syslogd'); if(is_process_running("fifolog_writer")) - pkill("fifolog_writer"); + mwexec('/bin/pkill fifolog_writer'); // Define carious commands for logging $fifolog_create = "/usr/sbin/fifolog_create -s "; @@ -443,7 +458,7 @@ function system_syslogd_start() { // Which logging type are we using this week?? if(isset($config['system']['usefifolog'])) { $log_directive = $fifolog_log; - $log_create_directive = $fifolog_create; + $log_create_directive = $fifolog_create; } else { // Defaults to CLOG $log_directive = $clog_log; $log_create_directive = $clog_create; @@ -469,155 +484,91 @@ function system_syslogd_start() { } $syslogconf .= "!ntpdate,!ntpd\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ntpd.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ntpd.log\n"; + $syslogconf .= "!ppp\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ppp.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ppp.log\n"; + $syslogconf .= "!pptps\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/pptps.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/pptps.log\n"; + $syslogconf .= "!poes\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/poes.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/poes.log\n"; + $syslogconf .= "!l2tps\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/l2tps.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/l2tps.log\n"; + $syslogconf .= "!racoon\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ipsec.log\n"; - if (isset($syslogcfg['vpn'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver2']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; - } + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/ipsec.log\n"; + if (isset($syslogcfg['vpn'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + $syslogconf .= "!openvpn\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/openvpn.log\n"; - if (isset($syslogcfg['vpn'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; - } + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/openvpn.log\n"; + if (isset($syslogcfg['vpn'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + $syslogconf .= "!apinger\n"; if (!isset($syslogcfg['disablelocallogging'])) - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/apinger.log\n"; + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/apinger.log\n"; + if (isset($syslogcfg['apinger'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + $syslogconf .= "!relayd\n"; - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/relayd.log\n"; + if (!isset($syslogcfg['disablelocallogging'])) + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/relayd.log\n"; + if (isset($syslogcfg['relayd'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + $syslogconf .= "!hostapd\n"; - $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/wireless.log\n"; + if (!isset($syslogcfg['disablelocallogging'])) + $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/wireless.log\n"; + if (isset($syslogcfg['hostapd'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + $syslogconf .= "!-{$facilitylist}\n"; if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= <<<EOD -local0.* {$log_directive}{$g['varlog_path']}/filter.log -local3.* {$log_directive}{$g['varlog_path']}/vpn.log -local4.* {$log_directive}{$g['varlog_path']}/portalauth.log -local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log -*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log -news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log -local7.none {$log_directive}{$g['varlog_path']}/system.log -security.* {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 -*.emerg * - -EOD; - if (isset($syslogcfg['filter'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n"; - - } - if (isset($syslogcfg['vpn'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n"; - } - if (isset($syslogcfg['portalauth'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n"; - } - if (isset($syslogcfg['dhcp'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n"; - if($syslogcfg['remoteserver2']) - $syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n"; - if($syslogcfg['remoteserver3']) - $syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n"; - } - if (isset($syslogcfg['system'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= <<<EOD -*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']} -news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']} -security.* @{$syslogcfg['remoteserver']} -auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']} -*.emerg @{$syslogcfg['remoteserver']} - -EOD; - -} - - if (isset($syslogcfg['system'])) { - if($syslogcfg['remoteserver2']) - $syslogconf .= <<<EOD -*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']} -news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']} -security.* @{$syslogcfg['remoteserver2']} -auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']} -*.emerg @{$syslogcfg['remoteserver2']} +local0.* {$log_directive}{$g['varlog_path']}/filter.log +local3.* {$log_directive}{$g['varlog_path']}/vpn.log +local4.* {$log_directive}{$g['varlog_path']}/portalauth.log +local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log +*.notice;kern.debug;lpr.info;mail.crit; {$log_directive}{$g['varlog_path']}/system.log +news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log +local7.none {$log_directive}{$g['varlog_path']}/system.log +security.* {$log_directive}{$g['varlog_path']}/system.log +auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log +auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 +*.emerg * EOD; - -} - + if (isset($syslogcfg['filter'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local0.*"); + if (isset($syslogcfg['vpn'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*"); + if (isset($syslogcfg['portalauth'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*"); + if (isset($syslogcfg['dhcp'])) + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*"); if (isset($syslogcfg['system'])) { - if($syslogcfg['remoteserver3']) - $syslogconf .= <<<EOD -*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']} -news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']} -security.* @{$syslogcfg['remoteserver3']} -auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']} -*.emerg @{$syslogcfg['remoteserver3']} - -EOD; - -} + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg"); + } if (isset($syslogcfg['logall'])) { - if($syslogcfg['remoteserver']) - $syslogconf .= <<<EOD -*.* @{$syslogcfg['remoteserver']} - -EOD; - - if($syslogcfg['remoteserver2']) - $syslogconf .= <<<EOD -*.* @{$syslogcfg['remoteserver2']} - -EOD; - - if($syslogcfg['remoteserver3']) - $syslogconf .= <<<EOD -*.* @{$syslogcfg['remoteserver3']} - -EOD; + // Make everything mean everything, including facilities excluded above. + $syslogconf .= "!*\n"; + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); + } -} if (isset($syslogcfg['zmqserver'])) { $syslogconf .= <<<EOD *.* ^{$syslogcfg['zmqserver']} diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index 77e1b91..44a682c 100755 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -56,6 +56,9 @@ $pconfig['filter'] = isset($config['syslog']['filter']); $pconfig['dhcp'] = isset($config['syslog']['dhcp']); $pconfig['portalauth'] = isset($config['syslog']['portalauth']); $pconfig['vpn'] = isset($config['syslog']['vpn']); +$pconfig['apinger'] = isset($config['syslog']['apinger']); +$pconfig['relayd'] = isset($config['syslog']['relayd']); +$pconfig['hostapd'] = isset($config['syslog']['hostapd']); $pconfig['logall'] = isset($config['syslog']['logall']); $pconfig['system'] = isset($config['syslog']['system']); $pconfig['enable'] = isset($config['syslog']['enable']); @@ -99,6 +102,9 @@ if ($_POST) { $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; + $config['syslog']['apinger'] = $_POST['apinger'] ? true : false; + $config['syslog']['relayd'] = $_POST['relayd'] ? true : false; + $config['syslog']['hostapd'] = $_POST['hostapd'] ? true : false; $config['syslog']['logall'] = $_POST['logall'] ? true : false; $config['syslog']['system'] = $_POST['system'] ? true : false; $config['syslog']['disablelocallogging'] = $_POST['disablelocallogging'] ? true : false; @@ -140,6 +146,9 @@ function enable_change(enable_over) { document.iform.dhcp.disabled = 0; document.iform.portalauth.disabled = 0; document.iform.vpn.disabled = 0; + document.iform.apinger.disabled = 0; + document.iform.relayd.disabled = 0; + document.iform.hostapd.disabled = 0; document.iform.system.disabled = 0; document.iform.logall.disabled = 0; } else { @@ -150,10 +159,42 @@ function enable_change(enable_over) { document.iform.dhcp.disabled = 1; document.iform.portalauth.disabled = 1; document.iform.vpn.disabled = 1; + document.iform.apinger.disabled = 1; + document.iform.relayd.disabled = 1; + document.iform.hostapd.disabled = 1; document.iform.system.disabled = 1; document.iform.logall.disabled = 1; } } +function check_everything() { + if (document.iform.logall.checked) { + document.iform.filter.disabled = 1; + document.iform.filter.checked = false + document.iform.dhcp.disabled = 1; + document.iform.dhcp.checked = false + document.iform.portalauth.disabled = 1; + document.iform.portalauth.checked = false + document.iform.vpn.disabled = 1; + document.iform.vpn.checked = false + document.iform.apinger.disabled = 1; + document.iform.apinger.checked = false + document.iform.relayd.disabled = 1; + document.iform.relayd.checked = false + document.iform.hostapd.disabled = 1; + document.iform.hostapd.checked = false + document.iform.system.disabled = 1; + document.iform.system.checked = false + } else { + document.iform.filter.disabled = 0; + document.iform.dhcp.disabled = 0; + document.iform.portalauth.disabled = 0; + document.iform.vpn.disabled = 0; + document.iform.apinger.disabled = 0; + document.iform.relayd.disabled = 0; + document.iform.hostapd.disabled = 0; + document.iform.system.disabled = 0; + } +} // --> </script> @@ -256,12 +297,22 @@ function enable_change(enable_over) { </td> </table> <input name="system" id="system" type="checkbox" value="yes" onclick="enable_change(false)" <?php if ($pconfig['system']) echo "checked"; ?>> - <?=gettext("system events");?><br> <input name="filter" id="filter" type="checkbox" value="yes" <?php if ($pconfig['filter']) echo "checked"; ?>> - <?=gettext("firewall events");?><br> <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>> - <?=gettext("DHCP service events");?><br> <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?php if ($pconfig['portalauth']) echo "checked"; ?>> - <?=gettext("Portal Auth");?><br> <input name="vpn" id="vpn" type="checkbox" value="yes" <?php if ($pconfig['vpn']) echo "checked"; ?>> - <?=gettext("PPTP VPN events");?> - <br> <input name="logall" id="logall" type="checkbox" value="yes" <?php if ($pconfig['logall']) echo "checked"; ?>> + <?=gettext("System events");?><br> + <input name="filter" id="filter" type="checkbox" value="yes" <?php if ($pconfig['filter']) echo "checked"; ?>> + <?=gettext("Firewall events");?><br> + <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>> + <?=gettext("DHCP service events");?><br> + <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?php if ($pconfig['portalauth']) echo "checked"; ?>> + <?=gettext("Portal Auth events");?><br> + <input name="vpn" id="vpn" type="checkbox" value="yes" <?php if ($pconfig['vpn']) echo "checked"; ?>> + <?=gettext("VPN (PPTP, IPsec, OpenVPN) events");?><br> + <input name="apinger" id="apinger" type="checkbox" value="yes" <?php if ($pconfig['apinger']) echo "checked"; ?>> + <?=gettext("Gateway Monitor events");?><br> + <input name="relayd" id="relayd" type="checkbox" value="yes" <?php if ($pconfig['relayd']) echo "checked"; ?>> + <?=gettext("Server Load Balancer events");?><br> + <input name="hostapd" id="hostapd" type="checkbox" value="yes" <?php if ($pconfig['hostapd']) echo "checked"; ?>> + <?=gettext("Wireless events");?><br> + <br> <input name="logall" id="logall" type="checkbox" value="yes" <?php if ($pconfig['logall']) echo "checked"; ?> onclick="check_everything();"> <?=gettext("Everything");?> </td> </tr> @@ -287,6 +338,7 @@ function enable_change(enable_over) { <script language="JavaScript"> <!-- enable_change(false); +check_everything(); //--> </script> <?php include("fend.inc"); ?> |