From b31e2d198fff1deab00492c99e025cb4486092a8 Mon Sep 17 00:00:00 2001 From: sthen Date: Wed, 13 Oct 2021 20:34:03 +0000 Subject: [PATCH] Change syslog.conf comments relating to network logging to focus on client setup which is configured in the file itself, rather than talking partly about client (set in the file), command-line flags used for servers which are better suited to the syslogd(8) manual, and ISDN. In the commented-out examples, use tls rather than the plaintext protocol. If users don't need tls they can change it, but it's a sane default, and a good place to show that we have the feature. ok bluhm@ --- etc/syslog.conf | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/etc/syslog.conf b/etc/syslog.conf index 9eb309c7164..c6f41244d26 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -1,4 +1,4 @@ -# $OpenBSD: syslog.conf,v 1.20 2016/12/27 13:38:14 jca Exp $ +# $OpenBSD: syslog.conf,v 1.21 2021/10/13 20:34:03 sthen Exp $ # *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages @@ -22,13 +22,11 @@ mail.info /var/log/maillog # Everyone gets emergency messages. #*.emerg * -# Uncomment to log to a central host named "loghost". You need to run -# syslogd with the -u option on the remote host if you are using this. -# (This is also required to log info from things like routers and -# ISDN-equipment). If you run -u, you are vulnerable to syslog bombing, -# and should consider blocking external syslog packets. -#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @loghost -#auth,daemon,syslog,user.info;authpriv,kern.debug @loghost +# Uncomment to log to a central host named "loghost" using syslog-tls. +# You need to run syslogd with the -S option on the remote host if you +# are using this. +#*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @tls://loghost +#auth,daemon,syslog,user.info;authpriv,kern.debug @tls://loghost # Uncomment to log messages from doas(1) to its own log file. Matches are done # based on the program name. -- 2.20.1