Annoying syslog-ng Problem (And Two Questions)
-
Annoying Problem:
I need to log every DHCPACK message sent by the DHCP Server. So I have installed the "syslog-ng" package and created the necessary entries in the package's "Advanced" tab, and I have successfully managed to filter and log the information I need into a separate log file. However, I see there is also one "_DEFAULT" log entry in the table which I am not allowed to remove or disable. I do not want to keep two separate log files and I don't understand why that entry is necessary. This is really annoying. Any help would be appreciated.
Question 1:
I want to keep the logs for a year. Also I see on the package's "General" tab, there are the "Archive Frequency" , "Compress Archives" , "Compress Type" and "Max Archives" options - which I set to "Daily" , "YES", "gzip" and "365" respectively. I assume by these options that syslog-ng will compress and archive my logs daily and keep them for 365 days and delete the ones that are older than that. Do I assume correctly or do I need a separate tool to do that? And if I DO need another tool, what would that be?Question 2:
Isn't a server supposed to have many more options than the ones provided in the package? How am I supposed to fine-tune the server? Why won't the package let me edit configuration files manually? What's the point?Bye the way, I'd like to thank all those who have contributed to the creation of pfSense. It is one very powerful and beautiful beast.
-
Q1: Yes this is sufficient.
But be sure to check whether log files get rotated. On some package versions logrotate wasn't set as dependancy hence not installed. See #6047 on redmine for latest instructions for beta 2.3.Q2: pfSense philosophy is to auto generate config files from what you enter in the GUI. You might ask the devs to add an extra textarea to the syslog-ng config GUI to add custom options. Could be a feature request on redmine.