From 543c7b286df12aee479a7ae58bdc2ca7d48d6877 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 22 Nov 2017 07:13:53 +0000
Subject: [PATCH] system: add syslog-ng, disable processing so that it coexists
 with syslogd

---
 Makefile                                      |   1 +
 plist                                         |   1 +
 .../templates/OPNsense/Syslog/+TARGETS        |   1 +
 .../templates/OPNsense/Syslog/syslog-ng.conf  | 184 ++++++++++++++++++
 4 files changed, 187 insertions(+)
 create mode 100644 src/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf

diff --git a/Makefile b/Makefile
index 47be85098..f05be2581 100644
--- a/Makefile
+++ b/Makefile
@@ -132,6 +132,7 @@ CORE_DEPENDS?=		${CORE_DEPENDS_${CORE_ARCH}} \
 			strongswan \
 			sudo \
 			suricata \
+			syslog-ng \
 			syslogd \
 			unbound \
 			wpa_supplicant \
diff --git a/plist b/plist
index 561e663c7..2b9b0f35a 100644
--- a/plist
+++ b/plist
@@ -736,6 +736,7 @@
 /usr/local/opnsense/service/templates/OPNsense/Sample/sub2/example_sub2.txt
 /usr/local/opnsense/service/templates/OPNsense/Syslog/+TARGETS
 /usr/local/opnsense/service/templates/OPNsense/Syslog/newsyslog.conf
+/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf
 /usr/local/opnsense/service/templates/OPNsense/WebGui/+TARGETS
 /usr/local/opnsense/service/templates/OPNsense/WebGui/php.etc.ini
 /usr/local/opnsense/service/templates/OPNsense/WebGui/php.ini
diff --git a/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS b/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS
index 121b5c671..b6393a255 100644
--- a/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS
+++ b/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS
@@ -1 +1,2 @@
 newsyslog.conf:/etc/newsyslog.conf
+syslog-ng.conf:/usr/local/etc/syslog-ng.conf
diff --git a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf
new file mode 100644
index 000000000..6d0d21a17
--- /dev/null
+++ b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf
@@ -0,0 +1,184 @@
+@version:3.11
+@include "scl.conf"
+
+#
+# This sample configuration file is essentially equilivent to the stock
+# FreeBSD /etc/syslog.conf file.
+#
+# $FreeBSD: head/sysutils/syslog-ng/files/syslog-ng.conf.sample 340872 2014-01-24 00:14:07Z mat $
+#
+
+#
+# options
+#
+options { chain_hostnames(off); flush_lines(0); threaded(yes); };
+
+#
+# sources
+#
+#source src { system(); udp(); internal(); };
+
+#
+# destinations
+#
+#destination messages { file("/var/log/messages"); };
+#destination security { file("/var/log/security"); };
+#destination authlog { file("/var/log/auth.log"); };
+#destination maillog { file("/var/log/maillog"); };
+#destination lpd-errs { file("/var/log/lpd-errs"); };
+#destination xferlog { file("/var/log/xferlog"); };
+#destination cron { file("/var/log/cron"); };
+#destination debuglog { file("/var/log/debug.log"); };
+#destination consolelog { file("/var/log/console.log"); };
+#destination all { file("/var/log/all.log"); };
+#destination newscrit { file("/var/log/news/news.crit"); };
+#destination newserr { file("/var/log/news/news.err"); };
+#destination newsnotice { file("/var/log/news/news.notice"); };
+#destination slip { file("/var/log/slip.log"); };
+#destination ppp { file("/var/log/ppp.log"); };
+#destination console { file("/dev/console"); };
+#destination allusers { usertty("*"); };
+#destination loghost { udp("loghost" port(514)); };
+
+#
+# log facility filters
+#
+filter f_auth { facility(auth); };
+filter f_authpriv { facility(authpriv); };
+filter f_not_authpriv { not facility(authpriv); };
+#filter f_console { facility(console); };
+filter f_cron { facility(cron); };
+filter f_daemon { facility(daemon); };
+filter f_ftp { facility(ftp); };
+filter f_kern { facility(kern); };
+filter f_lpr { facility(lpr); };
+filter f_mail { facility(mail); };
+filter f_news { facility(news); };
+filter f_security { facility(security); };
+filter f_user { facility(user); };
+filter f_uucp { facility(uucp); };
+filter f_local0 { facility(local0); };
+filter f_local1 { facility(local1); };
+filter f_local2 { facility(local2); };
+filter f_local3 { facility(local3); };
+filter f_local4 { facility(local4); };
+filter f_local5 { facility(local5); };
+filter f_local6 { facility(local6); };
+filter f_local7 { facility(local7); };
+
+#
+# log level filters
+#
+filter f_emerg { level(emerg); };
+filter f_alert { level(alert..emerg); };
+filter f_crit { level(crit..emerg); };
+filter f_err { level(err..emerg); };
+filter f_warning { level(warning..emerg); };
+filter f_notice { level(notice..emerg); };
+filter f_info { level(info..emerg); };
+filter f_debug { level(debug..emerg); };
+filter f_is_debug { level(debug); };
+
+#
+# program filters
+#
+filter f_ppp { program("ppp"); };
+filter f_slip { program("startslip"); };
+
+#
+# *.err;kern.warning;auth.notice;mail.crit		/dev/console
+#
+#log { source(src); filter(f_err); destination(console); };
+#log { source(src); filter(f_kern); filter(f_warning); destination(console); };
+#log { source(src); filter(f_auth); filter(f_notice); destination(console); };
+#log { source(src); filter(f_mail); filter(f_crit); destination(console); };
+
+#
+# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
+#
+#log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };
+#log { source(src); filter(f_kern); filter(f_debug); destination(messages); };
+#log { source(src); filter(f_lpr); filter(f_info); destination(messages); };
+#log { source(src); filter(f_mail); filter(f_crit); destination(messages); };
+#log { source(src); filter(f_news); filter(f_err); destination(messages); };
+
+#
+# security.*						/var/log/security
+#
+#log { source(src); filter(f_security); destination(security); };
+
+#
+# auth.info;authpriv.info				/var/log/auth.log
+#log { source(src); filter(f_auth); filter(f_info); destination(authlog); };
+#log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };
+
+#
+# mail.info						/var/log/maillog
+#
+#log { source(src); filter(f_mail); filter(f_info); destination(maillog); };
+
+#
+# lpr.info						/var/log/lpd-errs
+#
+#log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };
+
+#
+# ftp.info						/var/log/xferlog
+#
+#log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); };
+
+#
+# cron.*						/var/log/cron
+#
+#log { source(src); filter(f_cron); destination(cron); };
+
+#
+# *.=debug						/var/log/debug.log
+#
+#log { source(src); filter(f_is_debug); destination(debuglog); };
+
+#
+# *.emerg						*
+#
+#log { source(src); filter(f_emerg); destination(allusers); };
+
+#
+# uncomment this to log all writes to /dev/console to /var/log/console.log
+# console.info						/var/log/console.log
+#
+#log { source(src); filter(f_console); filter(f_info); destination(consolelog); };
+
+#
+# uncomment this to enable logging of all log messages to /var/log/all.log
+# touch /var/log/all.log and chmod it to mode 600 before it will work
+# *.*							/var/log/all.log
+#
+#log { source(src); destination(all); };
+
+#
+# uncomment this to enable logging to a remote loghost named loghost
+# *.*							@loghost
+#
+#log { source(src); destination(loghost); };
+
+#
+# uncomment these if you're running inn
+# news.crit						/var/log/news/news.crit
+# news.err						/var/log/news/news.err
+# news.notice						/var/log/news/news.notice
+#
+#log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
+#log { source(src); filter(f_news); filter(f_err); destination(newserr); };
+#log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
+
+#
+# !startslip
+# *.*							/var/log/slip.log
+#
+#log { source(src); filter(f_slip); destination(slip); };
+
+#
+# !ppp
+# *.*							/var/log/ppp.log
+#
+#log { source(src); filter(f_ppp); destination(ppp); };