https://wiki.archlinux.org/api.php?action=feedcontributions&user=Drencrom&feedformat=atomArchWiki - User contributions [en]2024-03-29T05:17:16ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Dell_Inspiron_11_3000_(3162)&diff=493541Dell Inspiron 11 3000 (3162)2017-10-18T22:23:20Z<p>Drencrom: Change link name</p>
<hr />
<div>[[Category:Dell]]<br />
[[ja:Dell Inspiron 11 3000 (3162)]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status''' || '''Modules'''<br />
|-<br />
| Video || {{G|Working}} || i915, xf86-video-intel<br />
|-<br />
| Wireless || {{G|Working}} || iwlwifi<br />
|-<br />
| Audio || {{G|Working}} || snd_hda_intel<br />
|-<br />
| Touchpad || {{G|Working}} || xf86-input-libinput<br />
|-<br />
| Camera || {{G|Working}} || linux-uvc<br />
|-<br />
| Card Reader || {{G|Working}} || rtsx_usb<br />
|-<br />
| Bluetooth || {{G|Working}} || btusb<br />
|}<br />
<br />
This is an install and configuration guide for the Dell Inspiron 11 3000 (3162) laptop.<br />
<br />
For a general overview of laptop-related articles and recommendations, see [[Laptop]].<br />
<br />
== Before Installation ==<br />
<br />
This laptop uses UEFI. By default secure boot is enabled. Though is should be possible to set up a secure boot loader ([[Secure Boot]]), I chose to simple turn off secure boot. Also, though the laptop does support booting from legacy devices I discovered that this causes serious video issues (you can not boot into the CLI with KMS enabled but disabling KMS prevents X from starting). Simply turning off the legacy boot option fixes this issue.<br />
<br />
=== Entering Setup ===<br />
<br />
This laptop hides the "Push XXX to enter setup" message during boot.<br />
<br />
# Power on the laptop<br />
# When the Dell logo appears, press ESC<br />
## If timed right, two lines of text will appear in the lower right corner of the screen<br />
# Press F2 to enter setup<br />
<br />
=== Disabling Secure Boot ===<br />
<br />
As mentioned above, disabling Secure Boot permanently may not be necessary but I was unable to find a way to boot the Arch install image without doing so.<br />
<br />
Once in setup:<br />
<br />
# Go to the "Boot" tab<br />
# Disable "Secure Boot"<br />
<br />
=== Disabling Load Legacy Option Rom ===<br />
<br />
With this option enabled the laptop screen would shut off while booting the install media and when booting the installed system unless KMS was disabled. Disabling KMS, however, prevents X from starting as, from what I have read, the xf86-video-intel driver requires KMS.<br />
<br />
Once in setup:<br />
<br />
# Go to the "Boot" tab<br />
# Disable "Load Legacy Option Rom"<br />
<br />
== Base Install ==<br />
<br />
Once setup has been configured, installation using the [[Installation guide]] and [[General recommendations]] proceeded without issue. As this laptop uses an Intel processor, pay attention to the sections covering microcode updates.<br />
<br />
== Configuration ==<br />
<br />
=== Video ===<br />
<br />
==== Drivers ====<br />
<br />
{{Pkg|xf86-video-intel}} works without issue.<br />
<br />
==== Brightness ====<br />
<br />
The brightness hotkeys (Fn-F11 & Fn-F12) did not work for me out of the box but they will if you are using a full desktop environment like Gnome or KDE. Still, I had no trouble making the hotkeys work using information found on the [[Backlight]] and [[Extra keyboard keys]] pages and my window manager's documentation. My solution involved configuring my window manager to map the XF86MonBrightnessUp and XF86MonBrightnessDown keys to run the appropriate xbacklight command.<br />
<br />
=== Wireless ===<br />
<br />
Wireless worked with no additional effort on my part. This is fairly important as this model does not include a wired port.<br />
<br />
=== Audio ===<br />
<br />
Audio using [[ALSA]] worked immediately after install.<br />
<br />
=== Keyboard ===<br />
<br />
Most of the extra keys did not work for me after install. Some or all will work if you use a full desktop environment like Gnome or KDE though. I was able to configure my window manager to run appropriate commands when the extra keys are pressed. The Enable/Disable wireless key did work without any extra work on my part. However, the page up and page down keys (activated by pressing Fn + PageUp or PageDn) do not work as expected. After pressing and releasing them, the scrolling action will be glitched and will not stop. To fix this create the following [[Map_scancodes_to_keycodes#Using_udev|hwdb]]:<br />
{{hc|/etc/udev/hwdb.d/90-custom-keyboard.hwdb|<nowiki><br />
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*3162:pvr*<br />
KEYBOARD_KEY_c7=!home<br />
KEYBOARD_KEY_cf=!end<br />
KEYBOARD_KEY_c9=!pageup<br />
KEYBOARD_KEY_d1=!pagedown<br />
</nowiki>}}<br />
Pay attention to formatting. This is the first reason why it may not work.<br />
<br />
=== Touchpad ===<br />
<br />
When I first installed xorg, I installed {{Pkg|xf86-input-evdev}} as the only input driver. This caused the touchpad to react like a disembodied touchscreen. I then replaced {{Pkg|xf86-input-evdev}} with {{Pkg|xf86-input-libinput}} this caused the touchpad to work fine but the keyboard stopped working once I started X. With both {{Pkg|xf86-input-evdev}} and {{Pkg|xf86-input-libinput}} installed, the keyboard and touchpad both work fine.<br />
<br />
If your touchpad stops working after suspend, it might be due to a [https://bbs.archlinux.org/viewtopic.php?pid=1550691#p1550691 problem with the i8042 module].<br />
<br />
To make taps work as clicks on the touchpad this file has to be created (see [[Libinput|libinput]]):<br />
{{hc|/etc/X11/xorg.conf.d/30-touchpad.conf|<nowiki><br />
Section "InputClass"<br />
Identifier "touchpad"<br />
Driver "libinput"<br />
MatchIsTouchpad "on"<br />
Option "Tapping" "on"<br />
EndSection<br />
</nowiki>}}<br />
<br />
=== Camera ===<br />
<br />
The camera worked without effort on my part. I tested by installing running guvcview.<br />
<br />
=== Card Reader ===<br />
<br />
It works as expected.<br />
<br />
=== Bluetooth ===<br />
<br />
The bluetooth hardware is recognized and the appropriate modules are loaded. I am also able to turn on power and detect other bluetooth devices. Pairing works, and so does file transfer from and to the device.<br />
<br />
=== Suspend & Hibernate ===<br />
<br />
Suspend and hibernation do work fine with no extra work on my part.<br />
<br />
== Hardware Details ==<br />
<br />
=== Specs ===<br />
<br />
* CPU: Intel Celeron N3060<br />
* GPU: Intel HD 400 (Braswell)<br />
* RAM: 4 GB DDR3 1600 MHz<br />
* HDD: 32 GB eMMC<br />
* Wireless: Intel Centrino Wireless-AC 3160<br />
* Bluetooth: 4.0<br />
* Display: 11.6", 1366 x 768 px<br />
* Camera: 720P (30FPS)<br />
* Ports: HDMI (1.4a), 1xUSB (3.0), 1xUSB (2.0), 3.5mm Headphone/Microphone, MicroSD Card Reader<br />
<br />
<br />
=== lspci ===<br />
<br />
$ lspci<br />
00:00.0 Host bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SoC Transaction Register (rev 35)<br />
00:02.0 VGA compatible controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Integrated Graphics Controller (rev 35)<br />
00:0b.0 Signal processing controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series Power Management Controller (rev 35)<br />
00:14.0 USB controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series USB xHCI Controller (rev 35)<br />
00:1a.0 Encryption controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series Trusted Execution Engine (rev 35)<br />
00:1b.0 Audio device: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series High Definition Audio Controller (rev 35)<br />
00:1c.0 PCI bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCI Express Port #1 (rev 35)<br />
00:1f.0 ISA bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCU (rev 35)<br />
00:1f.3 SMBus: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx SMBus Controller (rev 35)<br />
01:00.0 Network controller: Intel Corporation Wireless 3160 (rev 83)<br />
<br />
=== lsusb ===<br />
<br />
$ lsusb<br />
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub<br />
Bus 001 Device 003: ID 0bda:5769 Realtek Semiconductor Corp.<br />
Bus 001 Device 002: ID 8087:07dc Intel Corp.<br />
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub<br />
<br />
<br />
=== lscpu ===<br />
<br />
$ lscpu<br />
Architecture: x86_64<br />
CPU op-mode(s): 32-bit, 64-bit<br />
Byte Order: Little Endian<br />
CPU(s): 2<br />
On-line CPU(s) list: 0,1<br />
Thread(s) per core: 1<br />
Core(s) per socket: 2<br />
Socket(s): 1<br />
NUMA node(s): 1<br />
Vendor ID: GenuineIntel<br />
CPU family: 6<br />
Model: 76<br />
Model name: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz<br />
Stepping: 4<br />
CPU MHz: 875.585<br />
CPU max MHz: 2480.0000<br />
CPU min MHz: 480.0000<br />
BogoMIPS: 3201.33<br />
Virtualization: VT-x<br />
L1d cache: 24K<br />
L1i cache: 32K<br />
L2 cache: 1024K<br />
NUMA node0 CPU(s): 0,1<br />
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch epb tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat</div>Drencromhttps://wiki.archlinux.org/index.php?title=Dell_Inspiron_11_3000_(3162)&diff=493540Dell Inspiron 11 3000 (3162)2017-10-18T22:21:56Z<p>Drencrom: Added instructions for taps as clicks</p>
<hr />
<div>[[Category:Dell]]<br />
[[ja:Dell Inspiron 11 3000 (3162)]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status''' || '''Modules'''<br />
|-<br />
| Video || {{G|Working}} || i915, xf86-video-intel<br />
|-<br />
| Wireless || {{G|Working}} || iwlwifi<br />
|-<br />
| Audio || {{G|Working}} || snd_hda_intel<br />
|-<br />
| Touchpad || {{G|Working}} || xf86-input-libinput<br />
|-<br />
| Camera || {{G|Working}} || linux-uvc<br />
|-<br />
| Card Reader || {{G|Working}} || rtsx_usb<br />
|-<br />
| Bluetooth || {{G|Working}} || btusb<br />
|}<br />
<br />
This is an install and configuration guide for the Dell Inspiron 11 3000 (3162) laptop.<br />
<br />
For a general overview of laptop-related articles and recommendations, see [[Laptop]].<br />
<br />
== Before Installation ==<br />
<br />
This laptop uses UEFI. By default secure boot is enabled. Though is should be possible to set up a secure boot loader ([[Secure Boot]]), I chose to simple turn off secure boot. Also, though the laptop does support booting from legacy devices I discovered that this causes serious video issues (you can not boot into the CLI with KMS enabled but disabling KMS prevents X from starting). Simply turning off the legacy boot option fixes this issue.<br />
<br />
=== Entering Setup ===<br />
<br />
This laptop hides the "Push XXX to enter setup" message during boot.<br />
<br />
# Power on the laptop<br />
# When the Dell logo appears, press ESC<br />
## If timed right, two lines of text will appear in the lower right corner of the screen<br />
# Press F2 to enter setup<br />
<br />
=== Disabling Secure Boot ===<br />
<br />
As mentioned above, disabling Secure Boot permanently may not be necessary but I was unable to find a way to boot the Arch install image without doing so.<br />
<br />
Once in setup:<br />
<br />
# Go to the "Boot" tab<br />
# Disable "Secure Boot"<br />
<br />
=== Disabling Load Legacy Option Rom ===<br />
<br />
With this option enabled the laptop screen would shut off while booting the install media and when booting the installed system unless KMS was disabled. Disabling KMS, however, prevents X from starting as, from what I have read, the xf86-video-intel driver requires KMS.<br />
<br />
Once in setup:<br />
<br />
# Go to the "Boot" tab<br />
# Disable "Load Legacy Option Rom"<br />
<br />
== Base Install ==<br />
<br />
Once setup has been configured, installation using the [[Installation guide]] and [[General recommendations]] proceeded without issue. As this laptop uses an Intel processor, pay attention to the sections covering microcode updates.<br />
<br />
== Configuration ==<br />
<br />
=== Video ===<br />
<br />
==== Drivers ====<br />
<br />
{{Pkg|xf86-video-intel}} works without issue.<br />
<br />
==== Brightness ====<br />
<br />
The brightness hotkeys (Fn-F11 & Fn-F12) did not work for me out of the box but they will if you are using a full desktop environment like Gnome or KDE. Still, I had no trouble making the hotkeys work using information found on the [[Backlight]] and [[Extra keyboard keys]] pages and my window manager's documentation. My solution involved configuring my window manager to map the XF86MonBrightnessUp and XF86MonBrightnessDown keys to run the appropriate xbacklight command.<br />
<br />
=== Wireless ===<br />
<br />
Wireless worked with no additional effort on my part. This is fairly important as this model does not include a wired port.<br />
<br />
=== Audio ===<br />
<br />
Audio using [[ALSA]] worked immediately after install.<br />
<br />
=== Keyboard ===<br />
<br />
Most of the extra keys did not work for me after install. Some or all will work if you use a full desktop environment like Gnome or KDE though. I was able to configure my window manager to run appropriate commands when the extra keys are pressed. The Enable/Disable wireless key did work without any extra work on my part. However, the page up and page down keys (activated by pressing Fn + PageUp or PageDn) do not work as expected. After pressing and releasing them, the scrolling action will be glitched and will not stop. To fix this create the following [[Map_scancodes_to_keycodes#Using_udev|hwdb]]:<br />
{{hc|/etc/udev/hwdb.d/90-custom-keyboard.hwdb|<nowiki><br />
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*3162:pvr*<br />
KEYBOARD_KEY_c7=!home<br />
KEYBOARD_KEY_cf=!end<br />
KEYBOARD_KEY_c9=!pageup<br />
KEYBOARD_KEY_d1=!pagedown<br />
</nowiki>}}<br />
Pay attention to formatting. This is the first reason why it may not work.<br />
<br />
=== Touchpad ===<br />
<br />
When I first installed xorg, I installed {{Pkg|xf86-input-evdev}} as the only input driver. This caused the touchpad to react like a disembodied touchscreen. I then replaced {{Pkg|xf86-input-evdev}} with {{Pkg|xf86-input-libinput}} this caused the touchpad to work fine but the keyboard stopped working once I started X. With both {{Pkg|xf86-input-evdev}} and {{Pkg|xf86-input-libinput}} installed, the keyboard and touchpad both work fine.<br />
<br />
If your touchpad stops working after suspend, it might be due to a [https://bbs.archlinux.org/viewtopic.php?pid=1550691#p1550691 problem with the i8042 module].<br />
<br />
To make taps work as clicks on the touchpad this file has to be created (see [[Libinput]]):<br />
{{hc|/etc/X11/xorg.conf.d/30-touchpad.conf|<nowiki><br />
Section "InputClass"<br />
Identifier "touchpad"<br />
Driver "libinput"<br />
MatchIsTouchpad "on"<br />
Option "Tapping" "on"<br />
EndSection<br />
</nowiki>}}<br />
<br />
=== Camera ===<br />
<br />
The camera worked without effort on my part. I tested by installing running guvcview.<br />
<br />
=== Card Reader ===<br />
<br />
It works as expected.<br />
<br />
=== Bluetooth ===<br />
<br />
The bluetooth hardware is recognized and the appropriate modules are loaded. I am also able to turn on power and detect other bluetooth devices. Pairing works, and so does file transfer from and to the device.<br />
<br />
=== Suspend & Hibernate ===<br />
<br />
Suspend and hibernation do work fine with no extra work on my part.<br />
<br />
== Hardware Details ==<br />
<br />
=== Specs ===<br />
<br />
* CPU: Intel Celeron N3060<br />
* GPU: Intel HD 400 (Braswell)<br />
* RAM: 4 GB DDR3 1600 MHz<br />
* HDD: 32 GB eMMC<br />
* Wireless: Intel Centrino Wireless-AC 3160<br />
* Bluetooth: 4.0<br />
* Display: 11.6", 1366 x 768 px<br />
* Camera: 720P (30FPS)<br />
* Ports: HDMI (1.4a), 1xUSB (3.0), 1xUSB (2.0), 3.5mm Headphone/Microphone, MicroSD Card Reader<br />
<br />
<br />
=== lspci ===<br />
<br />
$ lspci<br />
00:00.0 Host bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series SoC Transaction Register (rev 35)<br />
00:02.0 VGA compatible controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Integrated Graphics Controller (rev 35)<br />
00:0b.0 Signal processing controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series Power Management Controller (rev 35)<br />
00:14.0 USB controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series USB xHCI Controller (rev 35)<br />
00:1a.0 Encryption controller: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series Trusted Execution Engine (rev 35)<br />
00:1b.0 Audio device: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series High Definition Audio Controller (rev 35)<br />
00:1c.0 PCI bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCI Express Port #1 (rev 35)<br />
00:1f.0 ISA bridge: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx Series PCU (rev 35)<br />
00:1f.3 SMBus: Intel Corporation Atom/Celeron/Pentium Processor x5-E8000/J3xxx/N3xxx SMBus Controller (rev 35)<br />
01:00.0 Network controller: Intel Corporation Wireless 3160 (rev 83)<br />
<br />
=== lsusb ===<br />
<br />
$ lsusb<br />
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub<br />
Bus 001 Device 003: ID 0bda:5769 Realtek Semiconductor Corp.<br />
Bus 001 Device 002: ID 8087:07dc Intel Corp.<br />
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub<br />
<br />
<br />
=== lscpu ===<br />
<br />
$ lscpu<br />
Architecture: x86_64<br />
CPU op-mode(s): 32-bit, 64-bit<br />
Byte Order: Little Endian<br />
CPU(s): 2<br />
On-line CPU(s) list: 0,1<br />
Thread(s) per core: 1<br />
Core(s) per socket: 2<br />
Socket(s): 1<br />
NUMA node(s): 1<br />
Vendor ID: GenuineIntel<br />
CPU family: 6<br />
Model: 76<br />
Model name: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz<br />
Stepping: 4<br />
CPU MHz: 875.585<br />
CPU max MHz: 2480.0000<br />
CPU min MHz: 480.0000<br />
BogoMIPS: 3201.33<br />
Virtualization: VT-x<br />
L1d cache: 24K<br />
L1i cache: 32K<br />
L2 cache: 1024K<br />
NUMA node0 CPU(s): 0,1<br />
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch epb tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat</div>Drencromhttps://wiki.archlinux.org/index.php?title=Systemd-networkd&diff=372876Systemd-networkd2015-05-07T16:28:01Z<p>Drencrom: Show config for wireless adapter with static ip address</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Network managers]]<br />
[[Category:Virtualization]]<br />
[[fr:systemd-networkd]]<br />
[[ja:systemd-networkd]]<br />
{{Related articles start}}<br />
{{Related|systemd}}<br />
{{Related|systemd-nspawn}}<br />
{{Related|Network bridge}}<br />
{{Related|Network configuration}}<br />
{{Related|Wireless network configuration}}<br />
{{Related|:Category:Network managers}}<br />
{{Related articles end}}<br />
<br />
''systemd-networkd'' is a system daemon that manages network configuration. It detects and configures network devices as they appear, as well as creates virtual network devices. This service can especially be very useful to setup basic or more complex network settings for a container managed by [[systemd-nspawn]] such as VMs or containers. Again, but also works fine on simple connections.<br />
<br />
== Basic usage ==<br />
The {{Pkg|systemd}} package is part of the default Arch install and contains all needed files to operate a wired network. Wireless adapters can be setup by other services such as [[wpa_supplicant]] which is covered later in this article.<br />
<br />
=== Required services and setup ===<br />
<br />
To use systemd-networkd, one needs to [[start]] the following two services and [[enable]] them to run on a system boot:<br />
<br />
* {{ic|systemd-networkd.service}}<br />
* {{ic|systemd-resolved.service}}<br />
<br />
For compability with [[resolv.conf]], delete or rename the existing file and create the following symbolic link:<br />
<br />
# ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf<br />
<br />
See {{ic|man systemd-resolved}}.<br />
<br />
=== Configuration examples ===<br />
All configurations in this section are stored as {{ic|foo.network}} in {{ic|/etc/systemd/network}}. For a full listing of options and processing order, see [[#Configuration files]] and the {{ic|systemd.network}} man page.<br />
<br />
One needs to know the name of the devices on the system. In days past, {{ic|eth0}} was the generic first NIC on the system, udev now defaults to a non-persistent naming scheme. Use {{ic|networkctl list}} to list the devices on the system.<br />
<br />
{{Note|In the examples below, '''enp1s0''' is the wired adapter and '''wlp0s20u3u1''' is the wireless adapter. These names can be different on different systems.}}<br />
<br />
==== Wired adapter using DHCP ====<br />
{{hc|/etc/systemd/network/''wired''.network|<nowiki><br />
[Match]<br />
Name=enp1s0<br />
<br />
[Network]<br />
DHCP=ipv4</nowiki><br />
}}<br />
<br />
==== Wired adapter using a static IP ====<br />
{{hc|/etc/systemd/network/''wired''.network|<nowiki><br />
[Match]<br />
Name=enp1s0<br />
<br />
[Network]<br />
DNS=10.1.10.1<br />
<br />
[Address]<br />
Address=10.1.10.9/24<br />
<br />
[Route]<br />
Gateway=10.1.10.1</nowiki><br />
}}<br />
<br />
==== Wireless adapter ====<br />
As stated earlier, one needs to have configured a wireless adapter with another service such as [[wpa_supplicant]] and the corresponding service is required to be enabled. In this example, that would be {{ic|wpa_supplicant@wlp0s20u3u1.service}}.<br />
<br />
{{hc|/etc/systemd/network/''wireless''.network|<nowiki><br />
[Match]<br />
Name=wlp0s20u3u1<br />
<br />
[Network]<br />
DHCP=ipv4<br />
</nowiki>}}<br />
<br />
If the wireless adapter has a static IP address the configuration is the same as in a wired adapter:<br />
<br />
{{hc|/etc/systemd/network/''wireless-static''.network|<nowiki><br />
[Match]<br />
Name=wlp0s20u3u1<br />
<br />
[Network]<br />
DNS=10.1.10.1<br />
<br />
[Address]<br />
Address=10.1.10.9/24<br />
<br />
[Route]<br />
Gateway=10.1.10.1</nowiki><br />
}}<br />
<br />
==== Wired and wireless adapters on the same machine ====<br />
<br />
This set up will enable a DHCP IP for both a wired and wireless connection making use of the metric directive to allow the kernel the decide on-the-fly which one to use. This way, no connection downtime is observed when the wired connection is unplugged.<br />
<br />
The kernel's route metric (same as configured with ''ip'') decides which route to use for outgoing packets, in cases when several match. This will be the case when both wireless and wired devices on the system have active connections. To break the tie, the kernel uses the metric. The nice thing about this is that if one of them goes away, the other automatically wins without there being a gap with nothing configured (ongoing transfers may still not deal with this nicely but that is at a different OSI layer).<br />
<br />
{{Note|The '''Metric''' option is for static routes while the '''RouteMetric''' option is for setups not using static routes.}}<br />
<br />
{{hc|/etc/systemd/network/''wired''.network|<nowiki><br />
[Match]<br />
Name=enp1s0<br />
<br />
[Network]<br />
DHCP=ipv4<br />
<br />
[DHCP]<br />
RouteMetric=10<br />
</nowiki>}}<br />
<br />
{{hc|/etc/systemd/network/''wireless''.network|<nowiki><br />
[Match]<br />
Name=wlp0s20u3u1<br />
<br />
[Network]<br />
DHCP=ipv4<br />
<br />
[DHCP]<br />
RouteMetric=20<br />
</nowiki>}}<br />
<br />
== Configuration files ==<br />
<br />
Configuration files will be read from {{ic|/usr/lib/systemd/network}}, the volatile runtime network directory {{ic|/run/systemd/network}} and the local administration network directory {{ic|/etc/systemd/network}}. Files in {{ic|/etc/systemd/network}} have the highest priority.<br />
<br />
There are three types of configuration files. <br />
<br />
* '''.network''' files. They will apply a network configuration for a ''matching'' device<br />
* '''.netdev''' files. They will create a ''virtual network device'' for a ''matching'' environment<br />
* '''.link''' files. When a network device appears, [[udev]] will look for the first ''matching'' '''.link''' file<br />
<br />
They all follow the same rules: <br />
<br />
* If '''all''' conditions in the {{ic|[Match]}} section are matched, the profile will be activated<br />
* an empty {{ic|[Match]}} section means the profile will apply in any case (can be compared to the {{ic|*}} joker)<br />
* each entry is a key with the {{ic|1=NAME=VALUE}} syntax <br />
* all configuration files are collectively sorted and processed in lexical order, regardless of the directory in which they live<br />
* files with identical name replace each other<br />
<br />
{{Tip|<br />
* to override a system-supplied file in {{ic|/usr/lib/systemd/network}} in a permanent manner (i.e even after upgrade), place a file with same name in {{ic|/etc/systemd/network}} and symlink it to {{ic|/dev/null}}<br />
* the {{ic|*}} joker can be used in {{ic|VALUE}} (e.g {{ic|en*}} will match any Ethernet device)<br />
* following this [https://mailman.archlinux.org/pipermail/arch-general/2014-March/035381.html Arch-general thread], the best practice is to setup specific container network settings ''inside the container'' with '''networkd''' configuration files.<br />
}}<br />
<br />
=== network files ===<br />
<br />
These files are aimed at setting network configuration variables, especially for servers and containers.<br />
<br />
Below is a basic structure of a ''MyProfile''.network file:<br />
<br />
{{hc|/etc/systemd/network/''MyProfile''.network|<br />
[Match]<br />
''a vertical list of keys''<br />
<br />
[Network]<br />
''a vertical list of keys''<br />
<br />
[Address]<br />
''a vertical list of keys''<br />
<br />
[Route]<br />
''a vertical list of keys''<br />
}}<br />
<br />
==== [Match] section ====<br />
<br />
Most common keys are:<br />
<br />
* {{ic|1=Name=}} the device name (e.g Br0, enp4s0)<br />
* {{ic|1=Host=}} the machine hostname<br />
* {{ic|1=Virtualization=}} check whether the system is executed in a virtualized environment or not. A {{ic|1=Virtualization=no}} key will only apply on your host machine, while {{ic|1=Virtualization=yes}} apply to any container or VM.<br />
<br />
==== [Network] section ====<br />
<br />
Most common keys are:<br />
<br />
* {{ic|1=DHCP=}} enables [[Wikipedia:Dynamic Host Configuration Protocol|DHCPv4]] and/or DHCPv6 support. Accepts {{ic|yes}}, {{ic|no}}, {{ic|ipv4}} or {{ic|ipv6}}<br />
* {{ic|1=DNS=}} is a [[Wikipedia:Domain Name System|DNS]] server address. You can specify this option more than once<br />
* {{ic|1=Bridge=}} is the name of the bridge to add the link to<br />
* {{ic|1=IPForward=}} enables IP forwarding, performing the forwarding according to the routing table, and is required for setting up [[Internet sharing]]. Accepts {{ic|yes}}, {{ic|no}}, {{ic|ipv4}} or {{ic|ipv6}}<br />
<br />
==== [Address] section ====<br />
Most common key in the {{ic|[Address]}} section is:<br />
<br />
* {{ic|1=Address=}} is a static '''IPv4''' or '''IPv6''' address and its prefix length, separated by a {{ic|/}} character (e.g {{ic|192.168.1.90/24}}). This option is '''mandatory''' unless DHCP is used.<br />
<br />
==== [Route] section ====<br />
Most common key in the {{ic|[Route]}} section is:<br />
<br />
* {{ic|1=Gateway=}} is the address of your machine gateway. This option is '''mandatory''' unless DHCP is used.<br />
For an exhaustive key list, please refer to {{ic|systemd.network(5)}}<br />
<br />
{{Tip|you can put the {{ic|1=Address=}} and {{ic|1=Gateway=}} keys in the {{ic|[Network]}} section as a short-hand if {{ic|1=Address=}} contains only an Address key and {{ic|1=Gateway=}} section contains only a Gateway key<br />
}}<br />
<br />
=== netdev files ===<br />
<br />
These files will create virtual network devices.<br />
<br />
Below is a basic structure of a ''Mydevice''.netdev file:<br />
<br />
{{hc|/etc/systemd/network/''MyDevice''.netdev|<br />
[Match]<br />
''a vertical list of keys''<br />
<br />
[Netdev]<br />
''a vertical list of keys''<br />
}}<br />
<br />
==== [Match] section ====<br />
<br />
Most common keys are {{ic|1=Host=}} and {{ic|1=Virtualization=}}<br />
<br />
==== [Netdev] section ====<br />
<br />
Most common keys are:<br />
<br />
* {{ic|1=Name=}} is the interface name used when creating the netdev. This option is '''compulsory'''<br />
* {{ic|1=Kind=}} is the netdev kind. Currently, ''bridge'', ''bond'', ''vlan'' and ''macvlan'' are supported. This option is '''compulsory'''<br />
<br />
For an exhaustive key list, please refer to {{ic|systemd.netdev(5)}}<br />
<br />
=== link files ===<br />
<br />
These files are an alternative to custom udev rules and will be applied by [[udev]] as the device appears.<br />
<br />
Below is a basic structure of a ''Mydevice''.link file:<br />
<br />
{{hc|/etc/systemd/network/''MyDevice''.link|<br />
[Match]<br />
''a vertical list of keys''<br />
<br />
[Link]<br />
''a vertical list of keys''<br />
}}<br />
<br />
The {{ic|[Match]}} section will determine if a given link file may be applied to a given device, when the {{ic|[Link]}} section specifies the device configuration.<br />
<br />
==== [Match] section ====<br />
<br />
Most common keys are {{ic|1=MACAddress=}}, {{ic|1=Host=}} and {{ic|1=Virtualization=}}.<br />
<br />
{{ic|1=Type=}} is the device type (e.g. vlan)<br />
<br />
==== [Link] section ====<br />
<br />
Most common keys are:<br />
<br />
{{ic|1=MACAddressPolicy=}} is either ''persistent'' when the hardware has a persistent MAC address (as most hardware should) or ''random'' , which allows to give a random MAC address when the device appears.<br />
<br />
{{ic|1=MACAddress=}} shall be used when no {{ic|1=MACAddressPolicy=}} is specified.<br />
<br />
{{Note|the system {{ic|/usr/lib/systemd/network/99-default.link}} is generally sufficient for most of the basic cases.}}<br />
<br />
== Usage with containers ==<br />
<br />
The service is available with {{Pkg|systemd}} >= 210. You will want to [[systemd#Basic systemctl usage|enable and start]] the {{ic|systemd-networkd.service}} on the host and container.<br />
<br />
For debugging purposes, it is strongly advised to [[pacman|install]] the {{Pkg|bridge-utils}}, {{Pkg|net-tools}} and {{Pkg|iproute2}} packages.<br />
<br />
If you are using ''systemd-nspawn'', you may need to modify the {{ic|systemd-nspawn@.service}} and append boot options to the {{ic|ExecStart}} line. Please refer to {{ic|man 1 systemd-nspawn}} for an exhaustive list of options.<br />
<br />
Note that if you want to take advantage of automatic DNS configuration from DHCP, you need to enable {{ic|systemd-resolved}} and symlink {{ic|/run/systemd/resolve/resolv.conf}} to {{ic|/etc/resolv.conf}}. See {{ic|systemd-resolved.service(8)}} for more details.<br />
<br />
{{Tip|Before you start to configure your container network, it is useful to:<br />
* disable all your [[netctl]] services. This will avoid any potential conflicts with '''systemd-networkd''' and make all your configurations easier to test. Furthermore, odds are high you will end with few or even no [[netctl]] activated profiles. The {{ic|netctl list}} command will output a list of all your profiles, with the activated one being starred.<br />
* disable the {{ic|systemd-nspawn@.service}} and use the {{ic|systemd-nspawn -bD /path_to/your_container/}} command as root to boot the container. To log off and shutdown inside the container {{ic|systemctl poweroff}} is used as root. Once the network setting meets your requirements, [[systemd#Basic systemctl usage|enable and start]] {{ic|systemd-nspawn@.service}}<br />
* disable the {{ic|dhcpcd.service}} if enabled on your system, since it activates ''dhcpcd'' on '''all''' interfaces<br />
* make sure you have no [[netctl]] profiles activated in the container, and ensure that {{ic|systemd-networkd.service}} is neither enabled nor started<br />
* make sure you do not have any [[iptables]] rules which can block traffic<br />
* make sure ''packet forwarding'' is [[Internet sharing|enabled]] if you plan to set up a ''private network'' on your container<br />
* after any configuration files, reload the networkd daemon when running {{ic|systemctl restart systemd-networkd}} as root <br />
* when the daemon is started the systemd {{ic|networkctl}} command displays the status of network interfaces.<br />
}}<br />
<br />
{{Note|For the set-up described below, <br />
* we will limit the output of the {{ic|ip a}} command to the concerned interfaces<br />
* we assume the ''host'' is your main OS you are booting to and the ''container'' is your guest virtual machine<br />
* all interface names and IP addresses are only examples<br />
}}<br />
<br />
=== Basic DHCP network ===<br />
<br />
This set up will enable a DHCP IP for host and container. In this case, both systems will share the same IP as they share the same interfaces.<br />
<br />
{{hc|/etc/systemd/network/''MyDhcp''.network|<nowiki><br />
[Match]<br />
Name=en*<br />
<br />
[Network]<br />
DHCP=ipv4<br />
</nowiki>}}<br />
<br />
Then, [[enable]] and start {{ic|systemd-networkd.service}} on your container.<br />
<br />
You can of course replace {{ic|en*}} by the full name of your ethernet device given by the output of the {{ic|ip link}} command.<br />
<br />
* on host and container:<br />
<br />
{{hc|$ ip a|<br />
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br />
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.1.72/24 brd 192.168.1.255 scope global enp7s0<br />
valid_lft forever preferred_lft forever<br />
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link <br />
valid_lft forever preferred_lft forever<br />
}}<br />
<br />
By default hostname received from the DHCP server will be used as the transient hostname.<br />
<br />
To change it add {{ic|1=UseHostname=false}} in section {{ic|[DHCPv4]}}<br />
{{hc|/etc/systemd/network/''MyDhcp''.network|<nowiki><br />
[DHCPv4]<br />
UseHostname=false<br />
</nowiki>}}<br />
<br />
If you did not want configure a DNS in {{ic|/etc/resolv.conf}} and want to rely on DHCP for setting it up, you need to [[enable]] {{ic|systemd-resolved.service}} and symlink {{ic|/run/systemd/resolve/resolv.conf}} to {{ic|/etc/resolv.conf}}<br />
<br />
# ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf<br />
<br />
See {{ic|systemd-resolved.service(8)}} for more details.<br />
<br />
=== DHCP with two distinct IP ===<br />
<br />
==== Bridge interface ====<br />
<br />
Create a virtual bridge interface <br />
<br />
{{hc|/etc/systemd/network/''MyBridge''.netdev|<nowiki><br />
[NetDev]<br />
Name=br0<br />
Kind=bridge<br />
</nowiki>}}<br />
<br />
* on host and container:<br />
<br />
{{hc|$ ip a|<br />
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default <br />
link/ether ae:bd:35:ea:0c:c9 brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
Note that the interface br0 is listed but is DOWN.<br />
<br />
==== Bind ethernet to bridge ====<br />
<br />
Modify the {{ic|/etc/systemd/network/''MyDhcp''.network}} to remove the DHCP, as the bridge requires an interface to bind to with no IP, and add a key to bind this device to br0. Let us change its name to a more relevant one.<br />
<br />
{{hc|/etc/systemd/network/''MyEth''.network|<nowiki><br />
[Match]<br />
Name=en*<br />
<br />
[Network]<br />
Bridge=br0<br />
</nowiki>}}<br />
<br />
==== Bridge network ====<br />
<br />
Create a network profile for the Bridge<br />
<br />
{{hc|/etc/systemd/network/''MyBridge''.network|<nowiki><br />
[Match]<br />
Name=br0<br />
<br />
[Network]<br />
DHCP=ipv4<br />
</nowiki>}}<br />
<br />
==== Add option to boot the container ====<br />
<br />
As we want to give a separate IP for host and container, we need to ''Disconnect'' networking of the container from the host. To do this, add this option {{ic|1=--network-bridge=br0}} to your container boot command.<br />
<br />
# systemd-nspawn --network-bridge&#61;br0 -bD /path_to/my_container<br />
<br />
==== Result ====<br />
<br />
* on host<br />
<br />
{{hc|$ ip a|<br />
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default <br />
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0<br />
valid_lft forever preferred_lft forever<br />
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link <br />
valid_lft forever preferred_lft forever<br />
6: vb-''MyContainer'': <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000<br />
link/ether d2:7c:97:97:37:25 brd ff:ff:ff:ff:ff:ff<br />
inet6 fe80::d07c:97ff:fe97:3725/64 scope link <br />
valid_lft forever preferred_lft forever<br />
}}<br />
<br />
* on container<br />
<br />
{{hc|$ ip a|<br />
2: host0: <BROADCAST,MULTICAST,ALLMULTI,AUTOMEDIA,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br />
link/ether 5e:96:85:83:a8:5d brd ff:ff:ff:ff:ff:ff<br />
inet 192.168.1.73/24 brd 192.168.1.255 scope global host0<br />
valid_lft forever preferred_lft forever<br />
inet6 fe80::5c96:85ff:fe83:a85d/64 scope link <br />
valid_lft forever preferred_lft forever<br />
}}<br />
<br />
==== Notice ====<br />
<br />
* we have now one IP address for Br0 on the host, and one for host0 in the container<br />
* two new interfaces have appeared: {{ic|vb-''MyContainer''}} in the host and {{ic|host0}} in the container. This comes as a result of the {{ic|1=--network-bridge=br0}} option. This option ''implies'' another option, {{ic|--network-veth}}. This means a ''virtual Ethernet link'' has been created between host and container.<br />
* the DHCP address on {{ic|host0}} comes from the system {{ic|/usr/lib/systemd/network/80-container-host0.network}} file.<br />
* on host<br />
<br />
{{hc|$ brctl show|<br />
bridge name bridge id STP enabled interfaces<br />
br0 8000.14dae9b57a88 no enp7s0<br />
vb-''MyContainer''<br />
}}<br />
<br />
the above command output confirms we have a bridge with two interfaces binded to.<br />
<br />
* on host<br />
<br />
{{hc|$ ip route|<br />
default via 192.168.1.254 dev br0 <br />
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.87<br />
}}<br />
<br />
* on container<br />
<br />
{{hc|$ ip route|<br />
default via 192.168.1.254 dev host0 <br />
192.168.1.0/24 dev host0 proto kernel scope link src 192.168.1.73<br />
}}<br />
<br />
the above command outputs confirm we have activated {{ic|br0}} and {{ic|host0}} interfaces with an IP address and Gateway 192.168.1.254. The gateway address has been automatically grabbed by ''systemd-networkd''<br />
<br />
{{hc|$ cat /run/systemd/resolve/resolv.conf|<br />
nameserver 192.168.1.254<br />
}}<br />
<br />
=== Static IP network ===<br />
<br />
Setting a static IP for each device can be helpful in case of deployed web services (e.g FTP, http, SSH). Each device will keep the same MAC address across reboots if your system {{ic|/usr/lib/systemd/network/99-default.link}} file has the {{ic|1=MACAddressPolicy=persistent}} option (it has by default). Thus, you will easily route any service on your Gateway to the desired device.<br />
First, we shall get rid of the system {{ic|/usr/lib/systemd/network/80-container-host0.network}} file. To do it in a permanent way (e.g even after upgrades), do the following on container. This will mask the file {{ic|/usr/lib/systemd/network/80-container-host0.network}} since files of the same name in {{ic|/etc/systemd/network}} take priority over {{ic|/usr/lib/systemd/network}}.<br />
<br />
# ln -sf /dev/null /etc/systemd/network/80-container-host0.network<br />
<br />
Then, [[systemd#Basic systemctl usage|enable and start]] {{ic|systemd-networkd}} on your container.<br />
<br />
The needed configuration files:<br />
<br />
* on host <br />
<br />
/etc/systemd/network/''MyBridge''.netdev<br />
/etc/systemd/network/''MyEth''.network<br />
<br />
A modified ''MyBridge''.network<br />
<br />
{{hc|/etc/systemd/network/''MyBridge''.network|<nowiki><br />
[Match]<br />
Name=br0<br />
<br />
[Network]<br />
DNS=192.168.1.254<br />
Address=192.168.1.87/24<br />
Gateway=192.168.1.254<br />
</nowiki>}}<br />
<br />
* on container<br />
<br />
{{hc|/etc/systemd/network/''MyVeth''.network|<nowiki><br />
[Match]<br />
Name=host0<br />
<br />
[Network]<br />
DNS=192.168.1.254<br />
Address=192.168.1.94/24<br />
Gateway=192.168.1.254<br />
</nowiki>}}<br />
<br />
== See also ==<br />
<br />
* [http://www.freedesktop.org/software/systemd/man/systemd-networkd.service.html systemd.networkd man page]<br />
* [https://plus.google.com/u/0/+TomGundersen/posts Tom Gundersen, main systemd-networkd developer, G+ home page]<br />
* [https://coreos.com/blog/intro-to-systemd-networkd/ Tom Gundersen posts on Core OS blog]</div>Drencromhttps://wiki.archlinux.org/index.php?title=Network_configuration&diff=371384Network configuration2015-04-27T12:23:18Z<p>Drencrom: Added a reference to static ip configuration using systemd-networkd. Previously only dhcp was mentioned.</p>
<hr />
<div>[[Category:Networking]]<br />
[[cs:Configuring Network]]<br />
[[el:Configuring Network]]<br />
[[es:Configuring Network]]<br />
[[fr:Connexions reseau]]<br />
[[it:Configuring Network]]<br />
[[ja:ネットワーク設定]]<br />
[[nl:Configuring Network]]<br />
[[pt:Configuring Network]]<br />
[[ro:Configurare retea]]<br />
[[ru:Network configuration]]<br />
[[sk:Configuring Network]]<br />
[[tr:Ağ_Yapılandırması]]<br />
[[zh-CN:Network Configuration]]<br />
[[zh-TW:Network Configuration]]<br />
{{Related articles start}}<br />
{{Related|Jumbo frames}}<br />
{{Related|Firewalls}}<br />
{{Related|Wireless network configuration}}<br />
{{Related|Network bridge}}<br />
{{Related|List of applications/Internet#Network managers}}<br />
{{Related articles end}}<br />
<br />
This page explains how to set up a '''wired''' connection to a network. If you need to set up '''wireless''' networking see the [[Wireless network configuration]] page.<br />
<br />
== Check the connection ==<br />
<br />
{{Note|If you receive an error like {{ic|ping: icmp open socket: Operation not permitted}} when executing ''ping'', try to re-install the {{Pkg|iputils}} package.}} <br />
<br />
Many times, the basic installation procedure has created a working network configuration. To check if this is so, use the following command:<br />
<br />
{{Note|The {{ic|-c 3}} option calls it three times. See {{ic|man ping}} for more information.}}<br />
<br />
{{hc|$ ping -c 3 www.google.com|<nowiki><br />
PING www.l.google.com (74.125.224.146) 56(84) bytes of data.<br />
64 bytes from 74.125.224.146: icmp_req=1 ttl=50 time=437 ms<br />
64 bytes from 74.125.224.146: icmp_req=2 ttl=50 time=385 ms<br />
64 bytes from 74.125.224.146: icmp_req=3 ttl=50 time=298 ms<br />
<br />
--- www.l.google.com ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 1999ms<br />
rtt min/avg/max/mdev = 298.107/373.642/437.202/57.415 ms<br />
</nowiki>}}<br />
<br />
If it works, then you may only wish to personalize your settings from the options below.<br />
<br />
If the previous command complains about unknown hosts, it means that your machine was unable to resolve this domain name. It might be related to your service provider or your router/gateway. You can try pinging a static IP address to prove that your machine has access to the Internet:<br />
<br />
{{hc|$ ping -c 3 8.8.8.8|<nowiki><br />
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.<br />
64 bytes from 8.8.8.8: icmp_req=1 ttl=53 time=52.9 ms<br />
64 bytes from 8.8.8.8: icmp_req=2 ttl=53 time=72.5 ms<br />
64 bytes from 8.8.8.8: icmp_req=3 ttl=53 time=70.6 ms<br />
<br />
--- 8.8.8.8 ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2002ms<br />
rtt min/avg/max/mdev = 52.975/65.375/72.543/8.803 ms<br />
</nowiki>}}<br />
<br />
{{Note|{{ic|8.8.8.8}} is a static address that is easy to remember. It is the address of Google's primary DNS server, therefore it can be considered reliable, and is generally not blocked by content filtering systems and proxies.}}<br />
<br />
If you are able to ping {{ic|8.8.8.8}} but not {{ic|www.google.com}}, check your DNS configuration. See [[resolv.conf]] for details.<br />
<br />
== Set the hostname ==<br />
<br />
A [[Wikipedia:Hostname|hostname]] is a unique name created to identify a machine on a network: it is configured in {{ic|/etc/hostname}}. The file can contain the system's domain name, if any. To set the hostname, do:<br />
<br />
# hostnamectl set-hostname ''myhostname''<br />
<br />
This will put {{ic|''myhostname''}} into {{ic|/etc/hostname}}. See {{ic|man 5 hostname}} and {{ic|man 1 hostnamectl}} for details.<br />
<br />
{{Note|<br />
{{Pkg|systemd}} provides hostname resolution via the {{ic|myhostname}} nss module (enabled by default in {{ic|/etc/nsswitch.conf}}). This means changing hostnames in {{ic|/etc/hosts}} is usually not necessary. See [[#Local network hostname resolution]] if there are problems with hostname resolution, such as delays with network-based applications.<br />
}}<br />
<br />
To temporarily set the hostname (until reboot), use ''hostname'' from {{Pkg|inetutils}}:<br />
<br />
# hostname ''myhostname''<br />
<br />
== Device Driver ==<br />
<br />
=== Check the status ===<br />
<br />
[[udev]] should detect your network interface card (see [[Wikipedia:Network_interface_controller]]) and automatically load the necessary module at start up. Check the "Ethernet controller" entry (or similar) from the {{ic|lspci -v}} output. It should tell you which kernel module contains the driver for your network device. For example:<br />
<br />
{{hc|$ lspci -v|<br />
02:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)<br />
...<br />
Kernel driver in use: atl1<br />
Kernel modules: atl1<br />
}}<br />
<br />
Next, check that the driver was loaded via {{ic|dmesg <nowiki>|</nowiki> grep ''module_name''}}. For example:<br />
<br />
$ dmesg | grep atl1<br />
...<br />
atl1 0000:02:00.0: eth0 link is up 100 Mbps full duplex<br />
<br />
Skip the next section if the driver was loaded successfully. Otherwise, you will need to know which module is needed for your particular model.<br />
<br />
=== Load the module ===<br />
<br />
Search in the Internet for the right module/driver for the chipset. Some common modules are {{ic|8139too}} for cards with a Realtek chipset, or {{ic|sis900}} for cards with a SiS chipset. Once you know which module to use, try to [[Kernel modules#Manual module handling|load it manually]]. If you get an error saying that the module was not found, it's possible that the driver is not included in Arch kernel. You may search the [[AUR]] for the module name.<br />
<br />
If udev is not detecting and loading the proper module automatically during bootup, see [[Kernel modules#Loading]].<br />
<br />
== Network Interfaces ==<br />
<br />
=== Device names ===<br />
<br />
For computers with multiple NICs, it is important to have fixed device names. Many configuration problems are caused by interface name changing.<br />
<br />
[[udev]] is responsible for which device gets which name. Systemd v197 introduced [http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames Predictable Network Interface Names], which automatically assigns static names to network devices. Interfaces are now prefixed with {{ic|en}} (ethernet), {{ic|wl}} (WLAN), or {{ic|ww}} (WWAN) followed by an automatically generated identifier, creating an entry such as {{ic|enp0s25}}. This behavior may be disabled by adding {{ic|1=net.ifnames=0}} to the [[kernel parameters]].<br />
<br />
{{Note|When changing the interface naming scheme, do not forget to update all network-related configuration files and custom systemd unit files to reflect the change. Specifically, if you have [[netctl#Basic method|netctl static profiles]] enabled, run {{ic|netctl reenable ''profile''}} to update the generated service file.}}<br />
<br />
==== Get current device names ====<br />
<br />
Current NIC names can be found via {{ic|sysfs}} or {{ic|ip link}}. For example:<br />
<br />
{{hc|$ ls /sys/class/net|<br />
lo enp0s3<br />
}}<br />
<br />
{{hc|$ ip link|<br />
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default <br />
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br />
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000<br />
link/ether 08:00:27:23:6f:3a brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
==== Change device name ====<br />
<br />
You can change the device name by defining the name manually with an udev-rule. For example:<br />
<br />
{{hc|/etc/udev/rules.d/10-network.rules|<nowiki><br />
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="net1"<br />
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="net0"<br />
</nowiki>}}<br />
<br />
A couple of things to note:<br />
<br />
* To get the MAC address of each card, use this command: {{ic|cat /sys/class/net/''device_name''/address}}<br />
* Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.<br />
<br />
If the network card has a dynamic MAC, you can use {{ic|DEVPATH}}, for example:<br />
<br />
{{hc|/etc/udev/rules.d/10-network.rules|<nowiki><br />
SUBSYSTEM=="net", DEVPATH=="/devices/platform/wemac.*", NAME="int"<br />
</nowiki>}}<br />
<br />
{{Note|When choosing the static names '''it should be avoided to use names in the format of "eth''X''" and "wlan''X''"''', because this may lead to race conditions between the kernel and udev during boot. Instead, it is better to use interface names that are not used by the kernel as default, e.g.: {{ic|net0}}, {{ic|net1}}, {{ic|wifi0}}, {{ic|wifi1}}. For further details please see the [http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames systemd] documentation.}}<br />
<br />
=== Set device MTU and queue length ===<br />
<br />
You can change the device MTU and queue length by defining manually with an udev-rule. For example:<br />
<br />
{{hc|/etc/udev/rules.d/10-network.rules|<nowiki><br />
ACTION=="add", SUBSYSTEM=="net", KERNEL=="wl*", ATTR{mtu}="1480", ATTR{tx_queue_len}="2000"<br />
</nowiki>}}<br />
<br />
=== Enabling and disabling network interfaces ===<br />
<br />
You can activate or deactivate network interfaces using:<br />
<br />
# ip link set eth0 up<br />
# ip link set eth0 down<br />
<br />
To check the result:<br />
<br />
{{hc|$ ip link show dev eth0|<br />
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT qlen 1000<br />
...<br />
}}<br />
<br />
== Configure the IP address ==<br />
<br />
You have two options: a dynamically assigned address using [[Wikipedia:Dynamic Host Configuration Protocol|DHCP]], or an unchanging "static" address.<br />
<br />
=== Dynamic IP address ===<br />
<br />
==== systemd-networkd ====<br />
<br />
An easy way to setup DHCP for simple requirements is to use [[systemd-networkd]] service provided by systemd. See [[systemd-networkd#Basic DHCP network]]. <br />
<br />
==== dhcpcd ====<br />
<br />
[[dhcpcd]] is used as default client in Arch Linux to setup DHCP on the installation ISO. It is a more powerful tool and allows to configure more DHCP client options. See [[dhcpcd#Running]] on how to activate it for an interface.<br />
<br />
=== Static IP address ===<br />
<br />
There are various reasons why you may wish to assign static IP addresses on your network. For instance, one may gain a certain degree of predictability with unchanging addresses, or you may not have a DHCP server available. <br />
<br />
A static address can be configured with most networking tools standard in Arch Linux, for example see [[netctl]], [[systemd-networkd]], [[dhcpcd]]. <br />
<br />
The following describes how to configure a static IP address '''manually'''. You need:<br />
<br />
* Static IP address<br />
* Subnet mask in [[wikipedia:Classless Inter-Domain Routing#CIDR notation|CIDR notation]], for example {{ic|/24}} is the CIDR notation of {{ic|255.255.255.0}} netmask.<br />
* [[Wikipedia:Broadcast_address|Broadcast address]]<br />
* [[Wikipedia:Default_gateway|Gateway]]'s IP address<br />
* Name server (DNS) IP addresses. See also [[resolv.conf]].<br />
<br />
If you are running a private network, it is safe to use IP addresses in 192.168.*.* for your IP addresses, with a subnet mask of 255.255.255.0 and a broadcast address of 192.168.*.255. The gateway is usually 192.168.*.1 or 192.168.*.254.<br />
<br />
{{Warning|<br />
* Make sure manually assigned IP addresses do not conflict with DHCP assigned ones. See [http://www.raspberrypi.org/forums/viewtopic.php?f&#61;28&t&#61;16797 this forum thread]<br />
* If you share your Internet connection from a Windows machine without a router, be sure to use static IP addresses on both computers to avoid LAN problems.}}<br />
<br />
==== Manual assignment ====<br />
<br />
Enable the [[#Network_Interfaces|network interface]]:<br />
<br />
# ip link set ''interface'' up<br />
<br />
Assign a static IP address in the console:<br />
<br />
# ip addr add ''IP_address''/''subnet_mask'' broadcast ''broadcast_address'' dev ''interface''<br />
<br />
For example:<br />
<br />
# ip addr add 192.168.1.2/24 broadcast 192.168.1.255 dev ''interface''<br />
<br />
For more options, see {{ic|man ip}}.<br />
<br />
Add your gateway IP address like so:<br />
<br />
# ip route add default via ''default_gateway''<br />
<br />
For example:<br />
<br />
# ip route add default via 192.168.1.1<br />
<br />
==== Persistent configuration on boot using systemd-networkd ====<br />
<br />
It is easy to configure static network assignemnts using the [[systemd-networkd]] service provided by systemd. Ony one file as to be modified. See [[systemd-networkd#Wired_adapter_using_a_static_IP]] <br />
<br />
==== Persistent configuration on boot using systemd ====<br />
<br />
First create a configuration file for the [[systemd]] service, replace {{ic|''interface''}} with the proper network interface name:<br />
<br />
{{hc|/etc/conf.d/net-conf-''interface''|<nowiki><br />
address=192.168.1.2<br />
netmask=24<br />
broadcast=192.168.1.255<br />
gateway=192.168.1.1<br />
</nowiki>}}<br />
<br />
Create a network start script:<br />
<br />
{{hc|/usr/local/bin/net-up.sh|<nowiki><br />
#!/bin/bash<br />
ip link set dev "$1" up<br />
ip addr add ${address}/${netmask} broadcast ${broadcast} dev "$1"<br />
<br />
[[ -z ${gateway} ]] || { <br />
ip route add default via ${gateway}<br />
}</nowiki><br />
}}<br />
<br />
Network stop script:<br />
<br />
{{hc|/usr/local/bin/net-down.sh|<br />
#!/bin/bash<br />
ip addr flush dev "$1"<br />
ip route flush dev "$1"<br />
ip link set dev "$1" down<br />
}}<br />
<br />
Make both scripts executable:<br />
<br />
# chmod +x /usr/local/bin/net-{up,down}.sh<br />
<br />
''systemd'' service file:<br />
<br />
{{hc|/etc/systemd/system/network@.service|<nowiki><br />
[Unit]<br />
Description=Network connectivity (%i)<br />
Wants=network.target<br />
Before=network.target<br />
BindsTo=sys-subsystem-net-devices-%i.device<br />
After=sys-subsystem-net-devices-%i.device<br />
<br />
[Service]<br />
Type=oneshot<br />
RemainAfterExit=yes<br />
EnvironmentFile=/etc/conf.d/net-conf-%i<br />
ExecStart=/usr/local/bin/net-up.sh %i<br />
ExecStop=/usr/local/bin/net-down.sh %i<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
[[systemd#Using units|Enable and start]] the unit {{ic|network@''interface''}}, replacing {{ic|''interface''}} with the [[#Get_current_device_names|name of your interface]].<br />
<br />
{{Tip|If you prefer so, you can skip the scripts and add the commands as additional {{ic|1=ExecStart=}} and {{ic|1=ExecStop=}} lines; see the [[Wireless_network_configuration#Systemd_with_wpa_supplicant_and_static_IP|wireless network example]].}}<br />
<br />
==== Calculating addresses ====<br />
<br />
You can use {{ic|ipcalc}} provided by the {{Pkg|ipcalc}} package to calculate IP broadcast, network, netmask, and host ranges for more advanced configurations. An example is using Ethernet over Firewire to connect a Windows machine to Linux. To improve security and organization, both machines have their own network with the netmask and broadcast configured accordingly. <br />
<br />
Finding out the respective netmask and broadcast addresses is done with {{ic|ipcalc}}, by specifying the IP of the Linux NIC {{ic|10.66.66.1}} and the number of hosts (here two):<br />
<br />
{{hc|$ ipcalc -nb 10.66.66.1 -s 1|<nowiki><br />
Address: 10.66.66.1<br />
<br />
Netmask: 255.255.255.252 = 30<br />
Network: 10.66.66.0/30<br />
HostMin: 10.66.66.1<br />
HostMax: 10.66.66.2<br />
Broadcast: 10.66.66.3<br />
Hosts/Net: 2 Class A, Private Internet<br />
</nowiki>}}<br />
<br />
== Additional settings ==<br />
<br />
=== ifplugd for laptops ===<br />
<br />
{{Tip|[[dhcpcd]] provides the same feature out of the box.}}<br />
<br />
{{Pkg|ifplugd}} in [[official repositories]] is a daemon which will automatically configure your Ethernet device when a cable is plugged in and automatically unconfigure it if the cable is pulled. This is useful on laptops with onboard network adapters, since it will only configure the interface when a cable is really connected. Another use is when you just need to restart the network but do not want to restart the computer or do it from the shell.<br />
<br />
By default it is configured to work for the {{ic|eth0}} device. This and other settings like delays can be configured in {{ic|/etc/ifplugd/ifplugd.conf}}.<br />
<br />
{{Note|[[netctl]] package includes {{ic|netctl-ifplugd@.service}}, otherwise you can use {{ic|ifplugd@.service}} from {{Pkg|ifplugd}} package. Use for example {{ic|systemctl enable ifplugd@eth0.service}}.}}<br />
<br />
=== Bonding or LAG ===<br />
<br />
See [[netctl#Bonding]].<br />
<br />
=== IP address aliasing ===<br />
<br />
{{Expansion|Manual method using [[Core utilities#ip|ip]] should be added; then move current example using ''netctl'' into [[netctl]].|Talk:Network_configuration#IP_address_aliasing_with_netctl}}<br />
<br />
IP aliasing is the process of adding more than one IP address to a network interface. With this, one node on a network can have multiple connections to a network, each serving a different purpose. Typical uses are virtual hosting of Web and FTP servers, or reorganizing servers without having to update any other machines (this is especially useful for nameservers).<br />
<br />
==== Example ====<br />
<br />
You will need {{Pkg|netctl}} from the [[official repositories]].<br />
<br />
Prepare the configuration:<br />
<br />
{{hc|/etc/netctl/''mynetwork''|<nowiki><br />
Connection='ethernet'<br />
Description='Six different addresses on the same NIC.'<br />
Interface='eth0'<br />
IP='static'<br />
Address=('192.168.1.10/24' '192.168.178.11/24' '192.168.1.12/24' '192.168.1.13/24' '192.168.1.14/24' '192.168.1.15/24')<br />
Gateway='192.168.1.1'<br />
DNS=('192.168.1.1')<br />
</nowiki>}}<br />
<br />
Then simply execute: <br />
<br />
$ netctl start ''mynetwork''<br />
<br />
=== Change MAC/hardware address ===<br />
<br />
See [[MAC address spoofing]].<br />
<br />
=== Internet sharing ===<br />
<br />
See [[Internet sharing]].<br />
<br />
=== Router configuration ===<br />
<br />
See [[Router]].<br />
<br />
=== Local network hostname resolution ===<br />
<br />
The pre-requisite is to [[#Set the hostname]] after which hostname resolution works on the local system itself:<br />
<br />
{{hc|$ ping ''myhostname''|2=<br />
PING myhostname (192.168.1.2) 56(84) bytes of data.<br />
64 bytes from myhostname (192.168.1.2): icmp_seq=1 ttl=64 time=0.043 ms}}<br />
<br />
To enable other machines to address the host by name, either a manual configuration of the respective {{ic|/etc/hosts}} files or a service to propagate/resolve the name is required. With systemd the latter is done via the {{ic|myhostname}} nss module. However, not all network services (on the same system; examples: [https://bbs.archlinux.org/viewtopic.php?id=176761], [https://bbs.archlinux.org/viewtopic.php?id=186967]) or other clients with different operating systems use the same methods to try resolve the hostname. <br />
<br />
A first work-around that can be tried is to add the following line to {{ic|/etc/hosts}}:<br />
<br />
127.0.1.1 ''myhostname''.localdomain ''myhostname'' <br />
<br />
As a result the system resolves to both entries: <br />
$ getent hosts <br />
127.0.0.1 localhost<br />
127.0.1.1 myhostname.localdomain myhostname<br />
<br />
For a system with a permanent IP address, that permanent IP address should be used instead of {{ic|127.0.1.1}}. <br />
<br />
Another possibility is to set up a full DNS server such as [[BIND]] or [[Unbound]], but that is overkill and too complex for most systems. For small networks and dynamic flexibility with hosts joining and leaving the network [[Wikipedia:Zero-configuration_networking|zero-configuration networking]] services may be more applicable. There are two options available: <br />
<br />
*[[Samba]] provides hostname resolution via Microsoft's '''NetBIOS'''. It only requires installation of {{Pkg|samba}} and enabling of the {{ic|nmbd.service}} service. Computers running Windows, OS X, or Linux with {{ic|nmbd}} running, will be able to find your machine.<br />
<br />
*[[Avahi]] provides hostname resolution via '''zeroconf''', also known as Avahi or Bonjour. It requires slightly more complex configuration than Samba: see [[Avahi#Hostname resolution]] for details. Computers running OS X, or Linux with an Avahi daemon running, will be able to find your machine. Windows does not have an built-in Avahi client or daemon.<br />
<br />
=== Promiscuous mode ===<br />
<br />
Toggling [[wikipedia:Promiscuous_mode|promiscuous mode]] will make a (wireless) NIC forward all traffic it receives to the OS for further processing. This is opposite to "normal mode" where a NIC will drop frames it is not intended to receive. It is most often used for advanced network troubleshooting and [[wikipedia:Packet_sniffing|packet sniffing]].<br />
<br />
{{hc|/etc/systemd/system/promiscuous@.service|<nowiki><br />
[Unit]<br />
Description=Set %i interface in promiscuous mode<br />
After=network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/bin/ip link set dev %i promisc on<br />
RemainAfterExit=yes<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
If you want to enable promiscuous mode on interface {{ic|eth0}} run:<br />
<br />
# systemctl enable promiscuous@eth0.service<br />
<br />
== Troubleshooting ==<br />
<br />
=== Swapping computers on the cable modem ===<br />
<br />
Some cable ISPs (videotron for example) have the cable modem configured to recognize only one client PC, by the MAC address of its network interface. Once the cable modem has learned the MAC address of the first PC or equipment that talks to it, it will not respond to another MAC address in any way. Thus if you swap one PC for another (or for a router), the new PC (or router) will not work with the cable modem, because the new PC (or router) has a MAC address different from the old one. To reset the cable modem so that it will recognise the new PC, you must power the cable modem off and on again. Once the cable modem has rebooted and gone fully online again (indicator lights settled down), reboot the newly connected PC so that it makes a DHCP request, or manually make it request a new DHCP lease.<br />
<br />
If this method does not work, you will need to clone the MAC address of the original machine. See also [[#Change MAC/hardware address]].<br />
<br />
=== The TCP window scaling problem ===<br />
<br />
TCP packets contain a "window" value in their headers indicating how much data the other host may send in return. This value is represented with only 16 bits, hence the window size is at most 64Kb. TCP packets are cached for a while (they have to be reordered), and as memory is (or used to be) limited, one host could easily run out of it.<br />
<br />
Back in 1992, as more and more memory became available, [http://www.faqs.org/rfcs/rfc1323.html RFC 1323] was written to improve the situation: Window Scaling. The "window" value, provided in all packets, will be modified by a Scale Factor defined once, at the very beginning of the connection. That 8-bit Scale Factor allows the Window to be up to 32 times higher than the initial 64Kb.<br />
<br />
It appears that some broken routers and firewalls on the Internet are rewriting the Scale Factor to 0 which causes misunderstandings between hosts. The Linux kernel 2.6.17 introduced a new calculation scheme generating higher Scale Factors, virtually making the aftermaths of the broken routers and firewalls more visible.<br />
<br />
The resulting connection is at best very slow or broken.<br />
<br />
==== How to diagnose the problem ====<br />
<br />
First of all, let's make it clear: this problem is odd. In some cases, you will not be able to use TCP connections (HTTP, FTP, ...) at all and in others, you will be able to communicate with some hosts (very few).<br />
<br />
When you have this problem, the {{ic|dmesg}}'s output is OK, logs are clean and {{ic|ip addr}} will report normal status... and actually everything appears normal.<br />
<br />
If you cannot browse any website, but you can ping some random hosts, chances are great that you're experiencing this problem: ping uses ICMP and is not affected by TCP problems.<br />
<br />
You can try to use [[Wireshark]]. You might see successful UDP and ICMP communications but unsuccessful TCP communications (only to foreign hosts).<br />
<br />
==== Ways of fixing it ====<br />
<br />
===== Bad =====<br />
<br />
To fix it the bad way, you can change the {{ic|tcp_rmem}} value, on which Scale Factor calculation is based. Although it should work for most hosts, it is not guaranteed, especially for very distant ones.<br />
<br />
# echo "4096 87380 174760" > /proc/sys/net/ipv4/tcp_rmem<br />
<br />
===== Good =====<br />
<br />
Simply disable Window Scaling. Since Window Scaling is a nice TCP feature, it may be uncomfortable to disable it, especially if you cannot fix the broken router. There are several ways to disable Window Scaling, and it seems that the most bulletproof way (which will work with most kernels) is to add the following line to {{ic|/etc/sysctl.d/99-disable_window_scaling.conf}} (see also [[sysctl]]):<br />
<br />
net.ipv4.tcp_window_scaling = 0<br />
<br />
===== Best =====<br />
<br />
This problem is caused by broken routers/firewalls, so let's change them. Some users have reported that the broken router was their very own DSL router.<br />
<br />
==== More about it ====<br />
<br />
This section is based on the LWN article [http://lwn.net/Articles/92727/ TCP window scaling and broken routers] and a Kernel Trap article: [http://kerneltrap.org/node/6723 Window Scaling on the Internet].<br />
<br />
There are also several relevant threads on the LKML.<br />
<br />
=== Realtek no link / WOL problem ===<br />
<br />
Users with Realtek 8168 8169 8101 8111(C) based NICs (cards / and on-board) may notice a problem where the NIC seems to be disabled on boot and has no Link light. This can usually be found on a dual boot system where Windows is also installed. It seems that using the offical Realtek drivers (dated anything after May 2007) under Windows is the cause. These newer drivers disable the Wake-On-LAN feature by disabling the NIC at Windows shutdown time, where it will remain disabled until the next time Windows boots. You will be able to notice if this problem is affecting you if the Link light remains off until Windows boots up; during Windows shutdown the Link light will switch off. Normal operation should be that the link light is always on as long as the system is on, even during POST. This problem will also affect other operating systems without newer drivers (eg. Live CDs). Here are a few fixes for this problem.<br />
<br />
==== Method 1: enable the NIC directly in Linux ====<br />
<br />
Get the ethernet NIC name from the output of:<br />
<br />
$ ip a<br />
<br />
Bring up the device as root using the NIC name:<br />
<br />
# ip link set dev ''NIC_name'' up<br />
<br />
For ex, if ''NIC_name'' is enp7s0:<br />
<br />
# ip link set dev enp7s0 up<br />
<br />
If it worked and the card is powered on, you should see {{ic|state UP}} for the given interface in the output of {{ic|ip link}}.<br />
<br />
==== Method 2: rollback/change Windows driver ====<br />
<br />
You can roll back your Windows NIC driver to the Microsoft provided one (if available), or roll back/install an official Realtek driver pre-dating May 2007 (may be on the CD that came with your hardware).<br />
<br />
==== Method 3: enable WOL in Windows driver ====<br />
<br />
Probably the best and the fastest fix is to change this setting in the Windows driver. This way it should be fixed system-wide and not only under Arch (eg. live CDs, other operating systems). In Windows, under Device Manager, find your Realtek network adapter and double-click it. Under the "Advanced" tab, change "Wake-on-LAN after shutdown" to "Enable".<br />
<br />
In Windows XP (example):<br />
<br />
Right click my computer and choose "Properties"<br />
--> "Hardware" tab<br />
--> Device Manager<br />
--> Network Adapters<br />
--> "double click" Realtek ...<br />
--> Advanced tab<br />
--> Wake-On-Lan After Shutdown<br />
--> Enable<br />
<br />
{{Note|Newer Realtek Windows drivers (tested with ''Realtek 8111/8169 LAN Driver v5.708.1030.2008'', dated 2009/01/22, available from GIGABYTE) may refer to this option slightly differently, like ''Shutdown Wake-On-LAN --> Enable''. It seems that switching it to {{ic|Disable}} has no effect (you will notice the Link light still turns off upon Windows shutdown). One rather dirty workaround is to boot to Windows and just reset the system (perform an ungraceful restart/shutdown) thus not giving the Windows driver a chance to disable LAN. The Link light will remain on and the LAN adapter will remain accessible after POST - that is until you boot back to Windows and shut it down properly again.}}<br />
<br />
==== Method 4: newer Realtek Linux driver ====<br />
<br />
Any newer driver for these Realtek cards can be found for Linux on the realtek site (untested but believed to also solve the problem).<br />
<br />
==== Method 5: enable ''LAN Boot ROM'' in BIOS/CMOS ====<br />
<br />
It appears that setting ''Integrated Peripherals --> Onboard LAN Boot ROM --> Enabled'' in BIOS/CMOS reactivates the Realtek LAN chip on system boot-up, despite the Windows driver disabling it on OS shutdown.<br />
<br />
{{Note|This was tested several times on a GIGABYTE GA-G31M-ES2L motherboard, BIOS version F8 released on 2009/02/05.}}<br />
<br />
=== No interface with Atheros chipsets ===<br />
<br />
Users of some Atheros ethernet chips are reporting it does not work out-of-the-box (with installation media of February 2014). The working solution for this is to install the package {{AUR|backports-patched}} from AUR.<br />
<br />
=== Broadcom BCM57780 ===<br />
<br />
This Broadcom chipset sometimes does not behave well unless you specify the order of the modules to be loaded. The modules are {{ic|broadcom}} and {{ic|tg3}}, the former needing to be loaded first.<br />
<br />
These steps should help if your computer has this chipset:<br />
<br />
* Find your NIC in ''lspci'' output:<br />
<br />
$ lspci | grep Ethernet<br />
02:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe (rev 01)<br />
<br />
* If your wired networking is not functioning in some way or another, try unplugging your cable then doing the following:<br />
<br />
# modprobe -r tg3<br />
# modprobe broadcom<br />
# modprobe tg3<br />
<br />
* Plug you network cable in. If this solves your problems you can make this permanent by adding {{ic|broadcom}} and {{ic|tg3}} (in this order) to the {{ic|MODULES}} array in {{ic|/etc/mkinitcpio.conf}}:<br />
<br />
MODULES=".. broadcom tg3 .."<br />
<br />
* Rebuild the initramfs:<br />
<br />
# mkinitcpio -p linux<br />
<br />
* Alternatively, you can create an {{ic|/etc/modprobe.d/broadcom.conf}}:<br />
<br />
softdep tg3 pre: broadcom<br />
<br />
{{Note|These methods may work for other chipsets, such as BCM57760.}}<br />
<br />
=== Realtek RTL8111/8168B ===<br />
<br />
{{hc|<nowiki># lspci | grep Ethernet</nowiki>|<br />
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 02)<br />
}}<br />
<br />
The adapter should be recognized by the {{ic|r8169}} module. However, with some chip revisions the connection may go off and on all the time. The alternative {{Pkg|r8168}} can be found in the [[official repositories]] and should be used for a reliable connection in this case. [[Kernel_modules#Blacklisting|Blacklist]] {{ic|r8169}}, if {{Pkg|r8168}} is not automatically loaded by [[udev]] add it to your list of user specified [[Kernel_modules#Loading|modules]].</div>Drencromhttps://wiki.archlinux.org/index.php?title=Remastering_the_Install_ISO&diff=150082Remastering the Install ISO2011-07-27T20:42:01Z<p>Drencrom: Typo</p>
<hr />
<div>{{out of date}}<br />
[[Category:Getting and installing Arch (English)]]<br />
<br />
== Introduction ==<br />
Remastering the official Arch Linux install ISO image is not necessary for most applications. However, in some circumstances it is desirable. A short, and non-inclusive list includes:<br />
* Basic hardware is not supported by the core install. (A rare circumstance)<br />
* Installation on a non-internet capable machine.<br />
* Deployment of Arch Linux on many similar machines, requiring the same installation procedure, and the administrator does not have the time (or desire) to install each machine manually.<br />
<br />
== Preparation ==<br />
To remaster the Arch Linux ISO, you will need a copy of the original ISO image. Download it from the [http://www.archlinux.org/download/ download page]<br />
<br />
{{ Tip | remember that # means that it must be done by root, while $ means that it should be done by a user.}}<br />
<br />
Now, create a new directory to mount the ISO:<br />
# mkdir /mnt/archiso<br />
<br />
Mount the ISO to this directory (note that it is mounted read-only):<br />
# mount -o loop /path/to/archISO /mnt/archiso<br />
<br />
Now that the ISO is mounted, we must copy its contents to another directory, where they can be edited:<br />
$ cp -a /mnt/archiso ~/customiso<br />
<br />
== Customizations ==<br />
'''5.''' Edit the contents of newiso as needed.<br />
*Some helpful hints:<br />
** The kernels (IDE and scsi) that are booted by the cd are found at <code>isolinux/vmlinuz</code> and <code>isolinux/vmlinuz_scsi</code>, you may want to replace them with home-brewed ones. I recomend that you don't use your own, completely new, configs, but instead fetch the ones out of the kernels that already exist and edit as desired, this can be done using <code>scripts/extract-ikconfig</code> from any kernel source tree<br />
** Kernel sources, as well as default Arch kernel configs, which are used if a user chooses to build a kernel at install time are located at <code>arch/</code><br />
** The filesystem you are given while in the install environment is at <code>root-image.sqfs</code>, if you'd like to edit this:<br />
a. Copy it to another location<br />
<pre><br />
cp root-image.sqfs ~<br />
</pre><br />
b. Extract the sqfs image from the file (the package ''squashfs-tools'' is needed for this)<br />
<pre><br />
unsquashfs root-image.sqfs <br />
</pre><br />
c. This will generate a new folder called squashfs-root whith the root file system in it. You can do a chroot into this folder to be able to install new software in the image using pacman.<br />
<pre><br />
chroot squashfs-root<br />
</pre><br />
d. When you're done fiddling around, create the new squashfs image<br />
<pre><br />
mksquashfs squashfs-root root-image.sqfs<br />
</pre><br />
e. You'll now have a new <code>root-image.sqfs</code>, which you can copy back to your ISO, replacing the old one<br />
<pre><br />
cp root-image.sqfs newiso/root-image.sqfs<br />
</pre><br />
* The packages which are included on the cd are found at <code>arch/pkg</code>, if you mess with these, don't forget to run <code>gensync</code> and create a new <code>current.db.tar.gz</code><br />
* Various tools and kernel modules can be found at <code>addons/</code><br />
<br />
== Creating a new ISO ==<br />
Once you have edited your custom ISO to your needs, you must create a new ISO image. This can be done with the '''genisoimage''' command.<br />
genisoimage -l -r -J -V "ARCH_201005" -b boot/isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -c boot/isolinux/boot.cat -o ~/arch-custom.iso newiso<br />
<br />
There should now be a file called <tt>arch-custom.iso</tt> in the home folder of the user that created the iso. This can now be burned to a CD (DVD) and used as intended. Enjoy your very own, customized, Arch Install CD. Remeber that the iso label must be the same as the one from the original ISO (in this case ARCH_201005) or otherwise the image will not work<br />
<br />
If installing the image into a pen drive with '''unetbootin''' remember also that the label of the pen drive partition must be ARCH_201005. This can be changed with '''e2label''' for ext3 partitions.<br />
<br />
==== Further Reading and Related Resources====<br />
http://www.knoppix.net/wiki/KnoppixRemasteringHowto <br><br />
http://syslinux.zytor.com/iso.php <br><br />
http://busybox.net/ <br><br />
http://xentac.net/svn/arch-jc/trunk/bin/mkiso <br></div>Drencromhttps://wiki.archlinux.org/index.php?title=Remastering_the_Install_ISO&diff=150081Remastering the Install ISO2011-07-27T20:41:17Z<p>Drencrom: Update some information for the las iso of arch</p>
<hr />
<div>{{out of date}}<br />
[[Category:Getting and installing Arch (English)]]<br />
<br />
== Introduction ==<br />
Remastering the official Arch Linux install ISO image is not necessary for most applications. However, in some circumstances it is desirable. A short, and non-inclusive list includes:<br />
* Basic hardware is not supported by the core install. (A rare circumstance)<br />
* Installation on a non-internet capable machine.<br />
* Deployment of Arch Linux on many similar machines, requiring the same installation procedure, and the administrator does not have the time (or desire) to install each machine manually.<br />
<br />
== Preparation ==<br />
To remaster the Arch Linux ISO, you will need a copy of the original ISO image. Download it from the [http://www.archlinux.org/download/ download page]<br />
<br />
{{ Tip | remember that # means that it must be done by root, while $ means that it should be done by a user.}}<br />
<br />
Now, create a new directory to mount the ISO:<br />
# mkdir /mnt/archiso<br />
<br />
Mount the ISO to this directory (note that it is mounted read-only):<br />
# mount -o loop /path/to/archISO /mnt/archiso<br />
<br />
Now that the ISO is mounted, we must copy its contents to another directory, where they can be edited:<br />
$ cp -a /mnt/archiso ~/customiso<br />
<br />
== Customizations ==<br />
'''5.''' Edit the contents of newiso as needed.<br />
*Some helpful hints:<br />
** The kernels (IDE and scsi) that are booted by the cd are found at <code>isolinux/vmlinuz</code> and <code>isolinux/vmlinuz_scsi</code>, you may want to replace them with home-brewed ones. I recomend that you don't use your own, completely new, configs, but instead fetch the ones out of the kernels that already exist and edit as desired, this can be done using <code>scripts/extract-ikconfig</code> from any kernel source tree<br />
** Kernel sources, as well as default Arch kernel configs, which are used if a user chooses to build a kernel at install time are located at <code>arch/</code><br />
** The filesystem you are given while in the install environment is at <code>root-image.sqfs</code>, if you'd like to edit this:<br />
a. Copy it to another location<br />
<pre><br />
cp root-image.sqfs ~<br />
</pre><br />
b. Extract the sqfs image from the file (the package ''squashfs-tools'' is needed for this)<br />
<pre><br />
unsquashfs root-image.sqfs <br />
</pre><br />
c. This will generate a new folder called squashfs-root whith the root file system in it. You can do a chroot into this folder to be able to install new software in the image using pacman.<br />
<pre><br />
chroot squashfs-root<br />
</pre><br />
d. When you're done fiddling around, create the new squashfs image<br />
<pre><br />
mksquashfs squashfs-root root-image.sqfs<br />
</pre><br />
e. You'll now have a new <code>root-image.sqfs</code>, which you can copy back to your ISO, replacing the old one<br />
<pre><br />
cp root-image.sqfs newiso/root-image.sqfs<br />
</pre><br />
* The packages which are included on the cd are found at <code>arch/pkg</code>, if you mess with these, don't forget to run <code>gensync</code> and create a new <code>current.db.tar.gz</code><br />
* Various tools and kernel modules can be found at <code>addons/</code><br />
<br />
== Creating a new ISO ==<br />
Once you have edited your custom ISO to your needs, you must create a new ISO image. This can be done with the '''genisoimage''' command.<br />
genisoimage -l -r -J -V "ARCH_201005" -b boot/isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -c boot/isolinux/boot.cat -o ~/arch-custom.iso newiso<br />
<br />
There should now be a file called <tt>arch-custom.iso</tt> in the home folder of the user that created the iso. This can now be burned to a CD (DVD) and used as intended. Enjoy your very own, customized, Arch Install CD. Remeber that the iso label must be the same as the one from the original ISO (in this case ARCH_201005) or otherwise the image will not work<br />
<br />
If installing the image into a pen drive with '''unetbootin''' remember also that the label of the pen drive partition must be ARCH_201005. This can be changes with '''e2label''' for ext3 partitions.<br />
<br />
==== Further Reading and Related Resources====<br />
http://www.knoppix.net/wiki/KnoppixRemasteringHowto <br><br />
http://syslinux.zytor.com/iso.php <br><br />
http://busybox.net/ <br><br />
http://xentac.net/svn/arch-jc/trunk/bin/mkiso <br></div>Drencromhttps://wiki.archlinux.org/index.php?title=Syslog-ng&diff=135702Syslog-ng2011-04-02T19:36:58Z<p>Drencrom: Fix typo</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
==Quick Start==<br />
Syslog-ng is a great logging replacement/enhancement for syslog. I used to use rsyslog, now I only use syslog-ng. The power of syslog-ng lies in the configuration file syslog-ng.conf.<br />
<br />
For a quick start, here there is a classic configuration file slightly modified from the one in the <br />
[http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3#doc_chap4 Gentoo Security Guide], the default syslog-ng.conf provided with the source distribution, and my own personal preferences. [[User:AskApache|AskApache]] 22:10, 14 September 2010 (EDT)<br />
<br />
== syslog-ng.conf ==<br />
<pre><br />
@version: 3.0<br />
# For a description of syslog-ng configuration file directives, please read<br />
# the syslog-ng Administrator's guide at:<br />
#<br />
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html<br />
#<br />
<br />
##########################################################<br />
# OPTIONS<br />
#<br />
options {<br />
create_dirs(yes);<br />
# use_dns(no);<br />
use_dns(persist_only);<br />
dns_cache_hosts(/etc/hosts);<br />
dns_cache_expire(87600);<br />
<br />
# disable the chained hostname format in logs (default is enabled)<br />
chain_hostnames(0);<br />
<br />
# the number of lines fitting in the output queue<br />
log_fifo_size(512);<br />
<br />
# enable or disable directory creation for destination files<br />
create_dirs(yes);<br />
<br />
# default owner, group, and permissions for log files (defaults are 0, 0, 0600)<br />
owner(root);<br />
group(log);<br />
perm(0640);<br />
<br />
# default owner, group, and permissions for created directories (defaults are 0, 0, 0700)<br />
dir_owner(root);<br />
dir_group(root);<br />
dir_perm(0740); <br />
<br />
# the time to wait before a died connection is re-established (default is 60)<br />
time_reopen(10);<br />
<br />
# the time to wait before an idle destination file is closed (default is 60)<br />
time_reap(360);<br />
<br />
# default no<br />
use_fqdn(no);<br />
<br />
keep_hostname(yes);<br />
<br />
# disable stats<br />
stats_freq(0);<br />
}; <br />
<br />
<br />
##########################################################<br />
# SOURCES<br />
#<br />
source local_src {<br />
# message generated by Syslog-NG<br />
internal();<br />
<br />
# standard Linux log source (this is the default place for the syslog() function to send logs to)<br />
unix-stream("/dev/log");<br />
<br />
# from a chrooted bind install<br />
unix-stream("/var/named/chroot/dev/log");<br />
<br />
# messages from the kernel<br />
file("/proc/kmsg" program_override("kernel: "));<br />
};<br />
<br />
# source s_syslog { syslog(ip(127.0.0.1) port(1999) transport("tcp")); };<br />
# source s_pipe { pipe("/dev/pipe" pad_size(2048)); };<br />
<br />
<br />
<br />
##########################################################<br />
# DESTINATIONS<br />
#<br />
destination d_file { file("/var/log/$YEAR.$MONTH.$DAY/everything.log" template("$HOUR:$MIN:$SEC [$LEVEL] [$FACILITY] [$PROGRAM] $MSG\n") template_escape(no)); };<br />
<br />
destination d_askapacheloghost {<br />
tcp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(514));<br />
};<br />
<br />
destination d_authlog { file("/var/log/auth.log"); };<br />
destination d_cron { file("/var/log/cron.log"); };<br />
destination d_daemon { file("/var/log/daemon.log"); };<br />
destination d_kern { file("/var/log/kern.log"); };<br />
destination d_lpr { file("/var/log/lpr.log"); };<br />
destination d_user { file("/var/log/user.log"); };<br />
destination d_uucp { file("/var/log/uucp.log"); };<br />
destination d_ppp { file("/var/log/ppp.log"); };<br />
<br />
destination d_mail { file("/var/log/mail.log"); };<br />
destination d_mailinfo { file("/var/log/mail.info"); };<br />
destination d_mailwarn { file("/var/log/mail.warn"); };<br />
destination d_mailerr { file("/var/log/mail.err"); };<br />
<br />
destination d_newscrit { file("/var/log/news/news.crit"); };<br />
destination d_newserr { file("/var/log/news/news.err"); };<br />
destination d_newsnotice { file("/var/log/news/news.notice"); };<br />
<br />
destination d_debug { file("/var/log/debug"); };<br />
destination d_messages { file("/var/log/messages"); };<br />
<br />
destination d_everything { file("/var/log/everything"); };<br />
destination d_console { usertty("root"); };<br />
destination d_console_all { file("/dev/tty12"); };<br />
destination d_loghost { udp("loghost" port(999)); };<br />
destination d_xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
<br />
##########################################################<br />
# FILTERS<br />
#<br />
filter f_auth { facility(auth); };<br />
filter f_authpriv { facility(auth, authpriv); }; <br />
filter f_syslog { program(syslog-ng); };<br />
filter f_cron { facility(cron); };<br />
filter f_daemon { facility(daemon); };<br />
filter f_kernel { facility(kern) and not filter(f_iptables); };<br />
filter f_lpr { facility(lpr); };<br />
filter f_mail { facility(mail); };<br />
filter f_news { facility(news); };<br />
filter f_user { facility(user); };<br />
filter f_uucp { facility(cron); };<br />
filter f_news { facility(news); };<br />
filter f_ppp { facility(local2); };<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };<br />
filter f_everything { level(debug..emerg); };<br />
filter f_emergency { level(emerg); };<br />
filter f_info { level(info); };<br />
filter f_notice { level(notice); };<br />
filter f_warn { level(warn); };<br />
filter f_crit { level(crit); };<br />
filter f_err { level(err); };<br />
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };<br />
filter f_acpid { program("acpid"); };<br />
filter f_failed { match("regex" value("failed")); };<br />
filter f_denied { match("regex" value("denied")); };<br />
filter f_noshorewall { not match("regex" value("Shorewall")); }; # Filter everything except regex keyword Shorewall<br />
filter f_shorewall { match("regex" value("Shorewall")); }; # Filter regex keyword Shorewall<br />
<br />
<br />
<br />
<br />
##########################################################<br />
# LOG<br />
#<br />
log { source(local_src); destination(d_askapacheloghost); };<br />
log { source(local_src); destination(d_file); };<br />
<br />
log { source(local_src); filter(f_authpriv); destination(d_authlog); };<br />
log { source(local_src); filter(f_user); destination(d_user); };<br />
<br />
log { source(local_src); filter(f_cron); destination(d_cron); };<br />
log { source(local_src); filter(f_daemon); destination(d_daemon); };<br />
log { source(local_src); filter(f_kern); destination(d_kern); };<br />
log { source(local_src); filter(f_lpr); destination(d_lpr); };<br />
log { source(local_src); filter(f_mail); destination(d_mail); };<br />
log { source(local_src); filter(f_uucp); destination(d_uucp); };<br />
log { source(local_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };<br />
log { source(local_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };<br />
log { source(local_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<br />
log { source(local_src); filter(f_news); filter(f_crit); destination(d_newscrit); };<br />
log { source(local_src); filter(f_news); filter(f_err); destination(d_newserr); };<br />
log { source(local_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };<br />
log { source(local_src); filter(f_debug); destination(d_debug); };<br />
log { source(local_src); filter(f_messages); destination(d_messages); };<br />
log { source(local_src); filter(f_ppp); destination(d_ppp); };<br />
log { source(local_src); destination(d_messages); };<br />
<br />
#default log<br />
log { source(local_src); destination(console_all); };<br />
</pre><br />
<br />
== Sources ==<br />
Syslog-ng receives log messages from a source. To define a source you should follow the following syntax:<br />
<br />
source <identifier> { source-driver(params); source-driver(params); ... };<br />
<br />
<br />
You can look at the identifiers and source-drivers in the [http://www.balabit.com/support/documentation/ official manuals]. <br />
This will follow the manual to explain the configuration file above. The unix-stream() source-driver opens the given AF_UNIX<br />
[http://en.wikipedia.org/wiki/Berkeley_sockets socket] and starts listening on it for messages. <br />
The internal() source-driver gets messages generated by syslog-ng.<br />
<br />
Therefore, the following means: src gets messages from /dev/log socket and syslog-ng.<br />
<br />
source src { unix-stream("/dev/log"); internal(); };<br />
<br />
<br />
The kernel sends log messages to /proc/kmsg and the file() driver reads log messages from files. Therefore, the following means:<br />
kernsrc gets messages from file /proc/kmsg<br />
<br />
source kernsrc { file("/proc/kmsg"); };<br />
<br />
<br />
In the default configuration file after emerging syslog-ng, the source is defined as:<br />
<br />
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };<br />
<br />
Reading messages by pipe("/proc/kmsg") gives a better performance but because it opens its argument in read-write mode can be a security<br />
hazard as the [http://www.balabit.com/dl/white_papers/syslog_admin_guide_en.pdf syslog-ng admin guide] states in section 7.1.6:<br />
<br />
"Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg." (You can follow this discussion in [http://forums.gentoo.org/viewtopic-t-558161.html this post].)<br />
<br />
To open a port to read data from a remote server a source must be defined with this syntax:<br />
<br />
source s_net { udp(); };<br />
<br />
for UDP or<br />
<br />
source s_net { tcp(); };<br />
<br />
to receive log messages via TCP. Both listen in port 514<br />
<br />
== Destinations ==<br />
In syslog-ng log messages are sent to files. The syntax is very similar to sources:<br />
<br />
destination <identifier> {destination-driver(params); destination-driver(params); ... };<br />
<br />
<br />
You will be normally logging to a file, but you could log to a different destination-driver: pipe, unix socket, TCP-UDP ports,<br />
terminals or to specific programs. Therefore, this means sending authlog messages to /var/log/auth.log:<br />
<br />
destination authlog { file("/var/log/auth.log"); };<br />
<br />
<br />
If the user is logged in, usertty() sends messages to the terminal of the specified user. If you want to send console messages<br />
to root's terminal if it is logged in:<br />
<br />
destination console { usertty("root"); };<br />
<br />
<br />
Messages can be sent to a pipe with pipe(). The following sends xconsole messages to the pipe /dev/xconsole. <br />
This needs some more configuration, so you could look at the sub-section xconsole below.<br />
<br />
destination xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
To send messages on the network, use udp(). The following will send your log data out to another server.<br />
<br />
destination remote_server { udp("10.0.0.2" port(514)); };<br />
<br />
<br />
<br />
<br />
== Creating Filters for Messages ==<br />
The syntax for the filter statement is:<br />
<br />
filter <identifier> { expression; };<br />
<br />
<br />
Functions can be used in the expression, such as the fuction facility() which selects messages based on the facility codes. <br />
The linux kernel has a few facilities you can use for logging. Each facility has a log-level; where debug is the most verbose,<br />
and panic only shows serious errors. You can find the facilities, log levels and priority names in /usr/include/sys/syslog.h.<br />
To filter those messages coming from authorisation, like <br />
''<nowiki>May 11 23:42:31 mimosinnet su(pam_unix)[18569]: session opened for user root by (uid=1000)</nowiki>'', use the following:<br />
<br />
filter f_auth { facility(auth); };<br />
<br />
<br />
The facility expression can use the boolean operators ''and'', ''or'', and ''not'', so the following filter<br />
selects those messages not coming from authorisation, network news or mail:<br />
<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
<br />
<br />
The function level() selects messages based on its priority level, so if you want to select informational levels:<br />
<br />
filter f_info { level(info); };<br />
<br />
<br />
Functions and boolean operators can be combined in more complex expressions. The following line filters messages with a priority level from<br />
informational to warning not coming from atuh, authpriv, mail and news facilities:<br />
<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };<br />
<br />
<br />
Messages can also be selected by matching a regular expression in the message with the function match("regex" value("keyword")). For example:<br />
<br />
filter f_failed { match("regex" value("failed")); };<br />
<br />
<br />
To filter messages received from a paticular remote host the host() function must be used:<br />
<br />
filter f_host { host( "192.168.1.1" ); };<br />
<br />
== Log Paths ==<br />
Syslog-ng connects sources, filters and destinations with log statements. The syntax is:<br />
<pre>log {source(s1); source(s2); ...<br />
filter(f1); filter(f2); ...<br />
destination(d1); destination(d2); ...<br />
flags(flag1[, flag2...]); };</pre><br />
<br />
<br />
The following for example sends messages from 'src' source to 'mailinfo' destination filtered by 'f_info' filter.<br />
<br />
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };<br />
<br />
<br />
== Tips and Tricks ==<br />
After understanding the logic behind syslog-ng, many possible and complex configuration are possible. Here there are some examples.<br />
<br />
=== Failover Logging to Remote Host ===<br />
This setup shows how to send the default unencrypted syslog packets across both tcp and udp protocols, using the standard port (514) and an alternate port. This is sending the same output to the same machine 4 different ways to try and make sure packets make it. Mostly useful if you are debugging a remote server that fails to reboot. The different ports and protocols are to make it past any firewall filters or other network problems. Also useful for port-forwarding and using tunnels. Something like this setup is ideal to tunnel across an ssh connection that the prone-to-failover host initiates through a reverse connection.<br />
<br />
<pre><br />
#sending to a remote syslog server on tcp and udp ports (not encrypted)<br />
destination askapache_failover_loghost {<br />
tcp("208.86.158.195" port(25214));<br />
udp("208.86.158.195" port(25214));<br />
udp("mysyslog1.dyndns.org" port(514));<br />
};<br />
log { <br />
source(src); <br />
destination(askapache_failover_loghost);<br />
};<br />
</pre><br />
<br />
<br />
And then on the loghost receiving these logs:<br />
<pre><br />
#a usb redirected console for flexible viewing<br />
destination debugging_console {<br />
file("/dev/ttyU1");<br />
};<br />
<br />
# listens on ips and ports, sets the incoming settings<br />
source prone_to_failover_host {<br />
tcp(ip(208.86.158.195),port(25214));<br />
udp(ip(208.86.158.195) port(25214));<br />
<br />
udp(default-facility(syslog) default-priority(emerg));<br />
tcp(default-facility(syslog) default-priority(emerg));<br />
}<br />
<br />
# log it<br />
log {<br />
source(prone_to_failover_host); <br />
destination(debugging_console);<br />
};<br />
</pre><br />
<br />
=== Log directly to MySQL ===<br />
[[Syslog-ng directly to MySQL]]<br />
<br />
=== Move log to another file ===<br />
In order to move some log from /var/log/messages to another file:<br />
<br />
<pre><br />
#sshd configuration<br />
destination ssh { file("/var/log/ssh.log"); };<br />
filter f_ssh { program("sshd"); };<br />
log { source(src); filter(f_ssh); destination(ssh); };<br />
</pre><br />
<br />
<br />
=== Configuring as a loghost ===<br />
Configuring your system to be a loghost is quite simple. Drop the following into your configuration, and create the needed directory.<br />
With this simple configuration, log filenames will be based on the [http://en.wikipedia.org/wiki/FQDN FQDN] of the remote host,<br />
and located in /var/log/remote/. After creating the remote directory, reload your syslog-ng configuration.<br />
<br />
<br />
<pre><br />
source net { udp(); };<br />
destination remote { file("/var/log/remote/$FULLHOST"); };<br />
log { source(net); destination(remote); };<br />
</pre><br />
<br />
<br />
=== Improve Performance ===<br />
Syslog-ng's performance can be improved in different ways:<br />
<br />
==== Avoid redundant processing and disk space ====<br />
A single log message can be sent to different log files several times. For example, in the initial configuration file, we have the following definitions:<br />
<br />
<pre><br />
destination cron { file("/var/log/cron.log"); };<br />
destination messages { file("/var/log/messages"); };<br />
filter f_cron { facility(cron); };<br />
filter f_messages { level(info..warn) <br />
and not facility(auth, authpriv, mail, news); };<br />
log { source(src); filter(f_cron); destination(cron); };<br />
log { source(src); filter(f_messages); destination(messages); };<br />
</pre><br />
<br />
<br />
The same message from the 'cron' facility will end up in both the cron.log and messages file. To change this behavior we can use the final flag, <br />
ending up further processing with the message. Therefore, in this example, if we want messages from the 'cron' facility not ending up in the<br />
messages file, we should change the cron's log sentence by:<br />
<br />
log { source(src); filter(f_cron); destination(cron); flags(final); };<br />
<br />
another way is to exclude the cron facility from f_messages filter:<br />
filter f_messages { level(info..warn) and not facility(cron, auth, authpriv, mail, news); };<br />
<br />
=== Postgresql Destination ===<br />
This section will use two roles: ''syslog'' and ''logwriter''. ''syslog'' will be the administrator of the database ''syslog'' and ''logwriter'' will only be able to add records to the ''logs'' table.<br />
<br />
No longer needed to create table for logs. Syslog-ng will create automatically.<br />
<br />
psql -U postgres<br />
<br />
postgres=# CREATE ROLE syslog WITH LOGIN;<br />
postgres=# \password syslog # Using the \password function is secure because<br />
postgres=# \password logwriter # the password isn't saved in history.<br />
postgres=# CREATE DATABASE syslog OWNER syslog;<br />
postgres=# \q # You're done here for the moment<br />
<br />
Edit pg_hba.conf to allow ''syslog'' and ''logwriter'' to establish a connection to PostgreSQL.<br />
<br />
/var/lib/postgresql/8.4/data/pg_hba.conf<br />
<pre><br />
# TYPE DATABASE USER CIDR-ADDRESS METHOD<br />
<br />
host syslog logwriter 192.168.0.1/24 md5<br />
host syslog syslog 192.168.0.10/32 md5<br />
</pre><br />
<br />
<br />
Tell PostgreSQL to reload the configuration files:<br />
/etc/rc.d/postgresql-8.4 reload<br />
<br />
<br />
Edit /etc/syslog-ng.conf so that it knows where and how to write to PostgreSQL. Syslog-ng will utilize the ''logwriter'' role.<br />
<br />
<pre><br />
...<br />
#<br />
# SQL logging support<br />
#<br />
<br />
destination d_pgsql {<br />
sql(type(pgsql)<br />
host("127.0.0.1") username("logwriter") password("password")<br />
database("syslog")<br />
table("logs_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}") #or whatever you want, example ${HOST}" for hosts, ${LEVEL}" for levels.. etc<br />
columns("datetime varchar(16)", "host varchar(32)", "program varchar(8)", "message varchar(200)")<br />
values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSG")<br />
indexes("datetime", "host", "program", "pid", "message"));<br />
};<br />
<br />
<br />
log { source(src); destination(d_pgsql); };<br />
</pre><br />
<br />
<br />
Finally, restart Syslog-ng.<br />
/etc/rc.d/syslog-ng restart<br />
<br />
<br />
And check to see if things are being logged.<br />
psql -U logwriter -d syslog<br />
syslog=> SELECT * FROM <your table name> ORDER BY datetime DESC LIMIT 10;<br />
<br />
=== ISO 8601 timestamps ===<br />
'''Before''' :<br />
#logger These timestamps are not optimal.<br />
#tail -n 1 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
#<br />
<br />
Add <tt>ts_format(iso);</tt><br />
to ''/etc/syslog-ng.conf'' in the options section. Example:<br />
options {<br />
stats_freq (0);<br />
flush_lines (0);<br />
time_reopen (10);<br />
log_fifo_size (1000);<br />
long_hostnames(off); <br />
use_dns (no);<br />
use_fqdn (no);<br />
create_dirs (no);<br />
keep_hostname (yes);<br />
perm(0640);<br />
group("log");<br />
ts_format(iso); #make ISO8601 timestamps<br />
};<br />
<br />
Then :<br />
# killall -HUP syslog-ng<br />
<br />
'''After''' :<br />
#logger Now THAT is a timestamp!<br />
#tail -n 2 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
2010-02-18T20:23:58-05:00 electron logger: Now THAT is a timestamp!<br />
#<br />
<br />
=== RFC 3339 timestamps ===<br />
same as above, except use ''rfc3339'' instead of ''iso'' for <tt>ts_format</tt><br />
<br />
<br />
== External Links ==<br />
* [http://en.gentoo-wiki.com/wiki/Syslog-ng Syslog-ng Gentoo wiki]<br />
* [http://en.wikipedia.org/wiki/ISO_8601 ISO_8601] Wikipedia page for ISO 8601<br />
* [http://tools.ietf.org/html/rfc3339 RFC3339] Text of RFC 3339<br />
* [http://www.syslog.org/syslog-ng/v2/#reference_destinationdrivers syslog-ng_manual] syslog-ng v2.0 reference manual<br />
* [http://freshmeat.net/projects/syslog-ng/ Syslog-ng Project Page on Freshmeat]<br />
* [http://www.balabit.com/support/documentation/ Portal to Syslog-ng Documentation]<br />
* [http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3 Gentoo's Security Handbook on Logging]<br />
* [http://www.kdough.net/docs/syslog_postgresql/ Syslog Logging with PostgreSQL HOWTO]</div>Drencromhttps://wiki.archlinux.org/index.php?title=Syslog-ng&diff=135701Syslog-ng2011-04-02T19:36:09Z<p>Drencrom: Added filter fo remote host log, fixed a typo</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
==Quick Start==<br />
Syslog-ng is a great logging replacement/enhancement for syslog. I used to use rsyslog, now I only use syslog-ng. The power of syslog-ng lies in the configuration file syslog-ng.conf.<br />
<br />
For a quick start, here there is a classic configuration file slightly modified from the one in the <br />
[http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3#doc_chap4 Gentoo Security Guide], the default syslog-ng.conf provided with the source distribution, and my own personal preferences. [[User:AskApache|AskApache]] 22:10, 14 September 2010 (EDT)<br />
<br />
== syslog-ng.conf ==<br />
<pre><br />
@version: 3.0<br />
# For a description of syslog-ng configuration file directives, please read<br />
# the syslog-ng Administrator's guide at:<br />
#<br />
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html<br />
#<br />
<br />
##########################################################<br />
# OPTIONS<br />
#<br />
options {<br />
create_dirs(yes);<br />
# use_dns(no);<br />
use_dns(persist_only);<br />
dns_cache_hosts(/etc/hosts);<br />
dns_cache_expire(87600);<br />
<br />
# disable the chained hostname format in logs (default is enabled)<br />
chain_hostnames(0);<br />
<br />
# the number of lines fitting in the output queue<br />
log_fifo_size(512);<br />
<br />
# enable or disable directory creation for destination files<br />
create_dirs(yes);<br />
<br />
# default owner, group, and permissions for log files (defaults are 0, 0, 0600)<br />
owner(root);<br />
group(log);<br />
perm(0640);<br />
<br />
# default owner, group, and permissions for created directories (defaults are 0, 0, 0700)<br />
dir_owner(root);<br />
dir_group(root);<br />
dir_perm(0740); <br />
<br />
# the time to wait before a died connection is re-established (default is 60)<br />
time_reopen(10);<br />
<br />
# the time to wait before an idle destination file is closed (default is 60)<br />
time_reap(360);<br />
<br />
# default no<br />
use_fqdn(no);<br />
<br />
keep_hostname(yes);<br />
<br />
# disable stats<br />
stats_freq(0);<br />
}; <br />
<br />
<br />
##########################################################<br />
# SOURCES<br />
#<br />
source local_src {<br />
# message generated by Syslog-NG<br />
internal();<br />
<br />
# standard Linux log source (this is the default place for the syslog() function to send logs to)<br />
unix-stream("/dev/log");<br />
<br />
# from a chrooted bind install<br />
unix-stream("/var/named/chroot/dev/log");<br />
<br />
# messages from the kernel<br />
file("/proc/kmsg" program_override("kernel: "));<br />
};<br />
<br />
# source s_syslog { syslog(ip(127.0.0.1) port(1999) transport("tcp")); };<br />
# source s_pipe { pipe("/dev/pipe" pad_size(2048)); };<br />
<br />
<br />
<br />
##########################################################<br />
# DESTINATIONS<br />
#<br />
destination d_file { file("/var/log/$YEAR.$MONTH.$DAY/everything.log" template("$HOUR:$MIN:$SEC [$LEVEL] [$FACILITY] [$PROGRAM] $MSG\n") template_escape(no)); };<br />
<br />
destination d_askapacheloghost {<br />
tcp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(514));<br />
};<br />
<br />
destination d_authlog { file("/var/log/auth.log"); };<br />
destination d_cron { file("/var/log/cron.log"); };<br />
destination d_daemon { file("/var/log/daemon.log"); };<br />
destination d_kern { file("/var/log/kern.log"); };<br />
destination d_lpr { file("/var/log/lpr.log"); };<br />
destination d_user { file("/var/log/user.log"); };<br />
destination d_uucp { file("/var/log/uucp.log"); };<br />
destination d_ppp { file("/var/log/ppp.log"); };<br />
<br />
destination d_mail { file("/var/log/mail.log"); };<br />
destination d_mailinfo { file("/var/log/mail.info"); };<br />
destination d_mailwarn { file("/var/log/mail.warn"); };<br />
destination d_mailerr { file("/var/log/mail.err"); };<br />
<br />
destination d_newscrit { file("/var/log/news/news.crit"); };<br />
destination d_newserr { file("/var/log/news/news.err"); };<br />
destination d_newsnotice { file("/var/log/news/news.notice"); };<br />
<br />
destination d_debug { file("/var/log/debug"); };<br />
destination d_messages { file("/var/log/messages"); };<br />
<br />
destination d_everything { file("/var/log/everything"); };<br />
destination d_console { usertty("root"); };<br />
destination d_console_all { file("/dev/tty12"); };<br />
destination d_loghost { udp("loghost" port(999)); };<br />
destination d_xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
<br />
##########################################################<br />
# FILTERS<br />
#<br />
filter f_auth { facility(auth); };<br />
filter f_authpriv { facility(auth, authpriv); }; <br />
filter f_syslog { program(syslog-ng); };<br />
filter f_cron { facility(cron); };<br />
filter f_daemon { facility(daemon); };<br />
filter f_kernel { facility(kern) and not filter(f_iptables); };<br />
filter f_lpr { facility(lpr); };<br />
filter f_mail { facility(mail); };<br />
filter f_news { facility(news); };<br />
filter f_user { facility(user); };<br />
filter f_uucp { facility(cron); };<br />
filter f_news { facility(news); };<br />
filter f_ppp { facility(local2); };<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };<br />
filter f_everything { level(debug..emerg); };<br />
filter f_emergency { level(emerg); };<br />
filter f_info { level(info); };<br />
filter f_notice { level(notice); };<br />
filter f_warn { level(warn); };<br />
filter f_crit { level(crit); };<br />
filter f_err { level(err); };<br />
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };<br />
filter f_acpid { program("acpid"); };<br />
filter f_failed { match("regex" value("failed")); };<br />
filter f_denied { match("regex" value("denied")); };<br />
filter f_noshorewall { not match("regex" value("Shorewall")); }; # Filter everything except regex keyword Shorewall<br />
filter f_shorewall { match("regex" value("Shorewall")); }; # Filter regex keyword Shorewall<br />
<br />
<br />
<br />
<br />
##########################################################<br />
# LOG<br />
#<br />
log { source(local_src); destination(d_askapacheloghost); };<br />
log { source(local_src); destination(d_file); };<br />
<br />
log { source(local_src); filter(f_authpriv); destination(d_authlog); };<br />
log { source(local_src); filter(f_user); destination(d_user); };<br />
<br />
log { source(local_src); filter(f_cron); destination(d_cron); };<br />
log { source(local_src); filter(f_daemon); destination(d_daemon); };<br />
log { source(local_src); filter(f_kern); destination(d_kern); };<br />
log { source(local_src); filter(f_lpr); destination(d_lpr); };<br />
log { source(local_src); filter(f_mail); destination(d_mail); };<br />
log { source(local_src); filter(f_uucp); destination(d_uucp); };<br />
log { source(local_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };<br />
log { source(local_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };<br />
log { source(local_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<br />
log { source(local_src); filter(f_news); filter(f_crit); destination(d_newscrit); };<br />
log { source(local_src); filter(f_news); filter(f_err); destination(d_newserr); };<br />
log { source(local_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };<br />
log { source(local_src); filter(f_debug); destination(d_debug); };<br />
log { source(local_src); filter(f_messages); destination(d_messages); };<br />
log { source(local_src); filter(f_ppp); destination(d_ppp); };<br />
log { source(local_src); destination(d_messages); };<br />
<br />
#default log<br />
log { source(local_src); destination(console_all); };<br />
</pre><br />
<br />
== Sources ==<br />
Syslog-ng receives log messages from a source. To define a source you should follow the following syntax:<br />
<br />
source <identifier> { source-driver(params); source-driver(params); ... };<br />
<br />
<br />
You can look at the identifiers and source-drivers in the [http://www.balabit.com/support/documentation/ official manuals]. <br />
This will follow the manual to explain the configuration file above. The unix-stream() source-driver opens the given AF_UNIX<br />
[http://en.wikipedia.org/wiki/Berkeley_sockets socket] and starts listening on it for messages. <br />
The internal() source-driver gets messages generated by syslog-ng.<br />
<br />
Therefore, the following means: src gets messages from /dev/log socket and syslog-ng.<br />
<br />
source src { unix-stream("/dev/log"); internal(); };<br />
<br />
<br />
The kernel sends log messages to /proc/kmsg and the file() driver reads log messages from files. Therefore, the following means:<br />
kernsrc gets messages from file /proc/kmsg<br />
<br />
source kernsrc { file("/proc/kmsg"); };<br />
<br />
<br />
In the default configuration file after emerging syslog-ng, the source is defined as:<br />
<br />
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };<br />
<br />
Reading messages by pipe("/proc/kmsg") gives a better performance but because it opens its argument in read-write mode can be a security<br />
hazard as the [http://www.balabit.com/dl/white_papers/syslog_admin_guide_en.pdf syslog-ng admin guide] states in section 7.1.6:<br />
<br />
"Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg." (You can follow this discussion in [http://forums.gentoo.org/viewtopic-t-558161.html this post].)<br />
<br />
To open a port to read data from a remote server a source must be defined with this syntax:<br />
<br />
source s_net { udp(); };<br />
<br />
for UDP or<br />
<br />
source s_net { tcp(); };<br />
<br />
to receive log messages via TCP. Both listen in port 514<br />
<br />
== Destinations ==<br />
In syslog-ng log messages are sent to files. The syntax is very similar to sources:<br />
<br />
destination <identifier> {destination-driver(params); destination-driver(params); ... };<br />
<br />
<br />
You will be normally logging to a file, but you could log to a different destination-driver: pipe, unix socket, TCP-UDP ports,<br />
terminals or to specific programs. Therefore, this means sending authlog messages to /var/log/auth.log:<br />
<br />
destination authlog { file("/var/log/auth.log"); };<br />
<br />
<br />
If the user is logged in, usertty() sends messages to the terminal of the specified user. If you want to send console messages<br />
to root's terminal if it is logged in:<br />
<br />
destination console { usertty("root"); };<br />
<br />
<br />
Messages can be sent to a pipe with pipe(). The following sends xconsole messages to the pipe /dev/xconsole. <br />
This needs some more configuration, so you could look at the sub-section xconsole below.<br />
<br />
destination xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
To send messages on the network, use udp(). The following will send your log data out to another server.<br />
<br />
destination remote_server { udp("10.0.0.2" port(514)); };<br />
<br />
<br />
<br />
<br />
== Creating Filters for Messages ==<br />
The syntax for the filter statement is:<br />
<br />
filter <identifier> { expression; };<br />
<br />
<br />
Functions can be used in the expression, such as the fuction facility() which selects messages based on the facility codes. <br />
The linux kernel has a few facilities you can use for logging. Each facility has a log-level; where debug is the most verbose,<br />
and panic only shows serious errors. You can find the facilities, log levels and priority names in /usr/include/sys/syslog.h.<br />
To filter those messages coming from authorisation, like <br />
''<nowiki>May 11 23:42:31 mimosinnet su(pam_unix)[18569]: session opened for user root by (uid=1000)</nowiki>'', use the following:<br />
<br />
filter f_auth { facility(auth); };<br />
<br />
<br />
The facility expression can use the boolean operators ''and'', ''or'', and ''not'', so the following filter<br />
selects those messages not coming from authorisation, network news or mail:<br />
<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
<br />
<br />
The funcion level() selects messages based on its priority level, so if you want to select informational levels:<br />
<br />
filter f_info { level(info); };<br />
<br />
<br />
Functions and boolean operators can be combined in more complex expressions. The following line filters messages with a priority level from<br />
informational to warning not coming from atuh, authpriv, mail and news facilities:<br />
<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };<br />
<br />
<br />
Messages can also be selected by matching a regular expression in the message with the function match("regex" value("keyword")). For example:<br />
<br />
filter f_failed { match("regex" value("failed")); };<br />
<br />
<br />
To filter messages received from a paticular remote host the host() function must be used:<br />
<br />
filter f_host { host( "192.168.1.1" ); };<br />
<br />
== Log Paths ==<br />
Syslog-ng connects sources, filters and destinations with log statements. The syntax is:<br />
<pre>log {source(s1); source(s2); ...<br />
filter(f1); filter(f2); ...<br />
destination(d1); destination(d2); ...<br />
flags(flag1[, flag2...]); };</pre><br />
<br />
<br />
The following for example sends messages from 'src' source to 'mailinfo' destination filtered by 'f_info' filter.<br />
<br />
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };<br />
<br />
<br />
== Tips and Tricks ==<br />
After understanding the logic behind syslog-ng, many possible and complex configuration are possible. Here there are some examples.<br />
<br />
=== Failover Logging to Remote Host ===<br />
This setup shows how to send the default unencrypted syslog packets across both tcp and udp protocols, using the standard port (514) and an alternate port. This is sending the same output to the same machine 4 different ways to try and make sure packets make it. Mostly useful if you are debugging a remote server that fails to reboot. The different ports and protocols are to make it past any firewall filters or other network problems. Also useful for port-forwarding and using tunnels. Something like this setup is ideal to tunnel across an ssh connection that the prone-to-failover host initiates through a reverse connection.<br />
<br />
<pre><br />
#sending to a remote syslog server on tcp and udp ports (not encrypted)<br />
destination askapache_failover_loghost {<br />
tcp("208.86.158.195" port(25214));<br />
udp("208.86.158.195" port(25214));<br />
udp("mysyslog1.dyndns.org" port(514));<br />
};<br />
log { <br />
source(src); <br />
destination(askapache_failover_loghost);<br />
};<br />
</pre><br />
<br />
<br />
And then on the loghost receiving these logs:<br />
<pre><br />
#a usb redirected console for flexible viewing<br />
destination debugging_console {<br />
file("/dev/ttyU1");<br />
};<br />
<br />
# listens on ips and ports, sets the incoming settings<br />
source prone_to_failover_host {<br />
tcp(ip(208.86.158.195),port(25214));<br />
udp(ip(208.86.158.195) port(25214));<br />
<br />
udp(default-facility(syslog) default-priority(emerg));<br />
tcp(default-facility(syslog) default-priority(emerg));<br />
}<br />
<br />
# log it<br />
log {<br />
source(prone_to_failover_host); <br />
destination(debugging_console);<br />
};<br />
</pre><br />
<br />
=== Log directly to MySQL ===<br />
[[Syslog-ng directly to MySQL]]<br />
<br />
=== Move log to another file ===<br />
In order to move some log from /var/log/messages to another file:<br />
<br />
<pre><br />
#sshd configuration<br />
destination ssh { file("/var/log/ssh.log"); };<br />
filter f_ssh { program("sshd"); };<br />
log { source(src); filter(f_ssh); destination(ssh); };<br />
</pre><br />
<br />
<br />
=== Configuring as a loghost ===<br />
Configuring your system to be a loghost is quite simple. Drop the following into your configuration, and create the needed directory.<br />
With this simple configuration, log filenames will be based on the [http://en.wikipedia.org/wiki/FQDN FQDN] of the remote host,<br />
and located in /var/log/remote/. After creating the remote directory, reload your syslog-ng configuration.<br />
<br />
<br />
<pre><br />
source net { udp(); };<br />
destination remote { file("/var/log/remote/$FULLHOST"); };<br />
log { source(net); destination(remote); };<br />
</pre><br />
<br />
<br />
=== Improve Performance ===<br />
Syslog-ng's performance can be improved in different ways:<br />
<br />
==== Avoid redundant processing and disk space ====<br />
A single log message can be sent to different log files several times. For example, in the initial configuration file, we have the following definitions:<br />
<br />
<pre><br />
destination cron { file("/var/log/cron.log"); };<br />
destination messages { file("/var/log/messages"); };<br />
filter f_cron { facility(cron); };<br />
filter f_messages { level(info..warn) <br />
and not facility(auth, authpriv, mail, news); };<br />
log { source(src); filter(f_cron); destination(cron); };<br />
log { source(src); filter(f_messages); destination(messages); };<br />
</pre><br />
<br />
<br />
The same message from the 'cron' facility will end up in both the cron.log and messages file. To change this behavior we can use the final flag, <br />
ending up further processing with the message. Therefore, in this example, if we want messages from the 'cron' facility not ending up in the<br />
messages file, we should change the cron's log sentence by:<br />
<br />
log { source(src); filter(f_cron); destination(cron); flags(final); };<br />
<br />
another way is to exclude the cron facility from f_messages filter:<br />
filter f_messages { level(info..warn) and not facility(cron, auth, authpriv, mail, news); };<br />
<br />
=== Postgresql Destination ===<br />
This section will use two roles: ''syslog'' and ''logwriter''. ''syslog'' will be the administrator of the database ''syslog'' and ''logwriter'' will only be able to add records to the ''logs'' table.<br />
<br />
No longer needed to create table for logs. Syslog-ng will create automatically.<br />
<br />
psql -U postgres<br />
<br />
postgres=# CREATE ROLE syslog WITH LOGIN;<br />
postgres=# \password syslog # Using the \password function is secure because<br />
postgres=# \password logwriter # the password isn't saved in history.<br />
postgres=# CREATE DATABASE syslog OWNER syslog;<br />
postgres=# \q # You're done here for the moment<br />
<br />
Edit pg_hba.conf to allow ''syslog'' and ''logwriter'' to establish a connection to PostgreSQL.<br />
<br />
/var/lib/postgresql/8.4/data/pg_hba.conf<br />
<pre><br />
# TYPE DATABASE USER CIDR-ADDRESS METHOD<br />
<br />
host syslog logwriter 192.168.0.1/24 md5<br />
host syslog syslog 192.168.0.10/32 md5<br />
</pre><br />
<br />
<br />
Tell PostgreSQL to reload the configuration files:<br />
/etc/rc.d/postgresql-8.4 reload<br />
<br />
<br />
Edit /etc/syslog-ng.conf so that it knows where and how to write to PostgreSQL. Syslog-ng will utilize the ''logwriter'' role.<br />
<br />
<pre><br />
...<br />
#<br />
# SQL logging support<br />
#<br />
<br />
destination d_pgsql {<br />
sql(type(pgsql)<br />
host("127.0.0.1") username("logwriter") password("password")<br />
database("syslog")<br />
table("logs_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}") #or whatever you want, example ${HOST}" for hosts, ${LEVEL}" for levels.. etc<br />
columns("datetime varchar(16)", "host varchar(32)", "program varchar(8)", "message varchar(200)")<br />
values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSG")<br />
indexes("datetime", "host", "program", "pid", "message"));<br />
};<br />
<br />
<br />
log { source(src); destination(d_pgsql); };<br />
</pre><br />
<br />
<br />
Finally, restart Syslog-ng.<br />
/etc/rc.d/syslog-ng restart<br />
<br />
<br />
And check to see if things are being logged.<br />
psql -U logwriter -d syslog<br />
syslog=> SELECT * FROM <your table name> ORDER BY datetime DESC LIMIT 10;<br />
<br />
=== ISO 8601 timestamps ===<br />
'''Before''' :<br />
#logger These timestamps are not optimal.<br />
#tail -n 1 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
#<br />
<br />
Add <tt>ts_format(iso);</tt><br />
to ''/etc/syslog-ng.conf'' in the options section. Example:<br />
options {<br />
stats_freq (0);<br />
flush_lines (0);<br />
time_reopen (10);<br />
log_fifo_size (1000);<br />
long_hostnames(off); <br />
use_dns (no);<br />
use_fqdn (no);<br />
create_dirs (no);<br />
keep_hostname (yes);<br />
perm(0640);<br />
group("log");<br />
ts_format(iso); #make ISO8601 timestamps<br />
};<br />
<br />
Then :<br />
# killall -HUP syslog-ng<br />
<br />
'''After''' :<br />
#logger Now THAT is a timestamp!<br />
#tail -n 2 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
2010-02-18T20:23:58-05:00 electron logger: Now THAT is a timestamp!<br />
#<br />
<br />
=== RFC 3339 timestamps ===<br />
same as above, except use ''rfc3339'' instead of ''iso'' for <tt>ts_format</tt><br />
<br />
<br />
== External Links ==<br />
* [http://en.gentoo-wiki.com/wiki/Syslog-ng Syslog-ng Gentoo wiki]<br />
* [http://en.wikipedia.org/wiki/ISO_8601 ISO_8601] Wikipedia page for ISO 8601<br />
* [http://tools.ietf.org/html/rfc3339 RFC3339] Text of RFC 3339<br />
* [http://www.syslog.org/syslog-ng/v2/#reference_destinationdrivers syslog-ng_manual] syslog-ng v2.0 reference manual<br />
* [http://freshmeat.net/projects/syslog-ng/ Syslog-ng Project Page on Freshmeat]<br />
* [http://www.balabit.com/support/documentation/ Portal to Syslog-ng Documentation]<br />
* [http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3 Gentoo's Security Handbook on Logging]<br />
* [http://www.kdough.net/docs/syslog_postgresql/ Syslog Logging with PostgreSQL HOWTO]</div>Drencromhttps://wiki.archlinux.org/index.php?title=Syslog-ng&diff=135700Syslog-ng2011-04-02T19:29:54Z<p>Drencrom: Add syntax for receiving remote log</p>
<hr />
<div>[[Category:Daemons and system services (English)]]<br />
==Quick Start==<br />
Syslog-ng is a great logging replacement/enhancement for syslog. I used to use rsyslog, now I only use syslog-ng. The power of syslog-ng lies in the configuration file syslog-ng.conf.<br />
<br />
For a quick start, here there is a classic configuration file slightly modified from the one in the <br />
[http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3#doc_chap4 Gentoo Security Guide], the default syslog-ng.conf provided with the source distribution, and my own personal preferences. [[User:AskApache|AskApache]] 22:10, 14 September 2010 (EDT)<br />
<br />
== syslog-ng.conf ==<br />
<pre><br />
@version: 3.0<br />
# For a description of syslog-ng configuration file directives, please read<br />
# the syslog-ng Administrator's guide at:<br />
#<br />
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html<br />
#<br />
<br />
##########################################################<br />
# OPTIONS<br />
#<br />
options {<br />
create_dirs(yes);<br />
# use_dns(no);<br />
use_dns(persist_only);<br />
dns_cache_hosts(/etc/hosts);<br />
dns_cache_expire(87600);<br />
<br />
# disable the chained hostname format in logs (default is enabled)<br />
chain_hostnames(0);<br />
<br />
# the number of lines fitting in the output queue<br />
log_fifo_size(512);<br />
<br />
# enable or disable directory creation for destination files<br />
create_dirs(yes);<br />
<br />
# default owner, group, and permissions for log files (defaults are 0, 0, 0600)<br />
owner(root);<br />
group(log);<br />
perm(0640);<br />
<br />
# default owner, group, and permissions for created directories (defaults are 0, 0, 0700)<br />
dir_owner(root);<br />
dir_group(root);<br />
dir_perm(0740); <br />
<br />
# the time to wait before a died connection is re-established (default is 60)<br />
time_reopen(10);<br />
<br />
# the time to wait before an idle destination file is closed (default is 60)<br />
time_reap(360);<br />
<br />
# default no<br />
use_fqdn(no);<br />
<br />
keep_hostname(yes);<br />
<br />
# disable stats<br />
stats_freq(0);<br />
}; <br />
<br />
<br />
##########################################################<br />
# SOURCES<br />
#<br />
source local_src {<br />
# message generated by Syslog-NG<br />
internal();<br />
<br />
# standard Linux log source (this is the default place for the syslog() function to send logs to)<br />
unix-stream("/dev/log");<br />
<br />
# from a chrooted bind install<br />
unix-stream("/var/named/chroot/dev/log");<br />
<br />
# messages from the kernel<br />
file("/proc/kmsg" program_override("kernel: "));<br />
};<br />
<br />
# source s_syslog { syslog(ip(127.0.0.1) port(1999) transport("tcp")); };<br />
# source s_pipe { pipe("/dev/pipe" pad_size(2048)); };<br />
<br />
<br />
<br />
##########################################################<br />
# DESTINATIONS<br />
#<br />
destination d_file { file("/var/log/$YEAR.$MONTH.$DAY/everything.log" template("$HOUR:$MIN:$SEC [$LEVEL] [$FACILITY] [$PROGRAM] $MSG\n") template_escape(no)); };<br />
<br />
destination d_askapacheloghost {<br />
tcp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(65514));<br />
udp("askapacheloghost.dyndns.org" port(514));<br />
};<br />
<br />
destination d_authlog { file("/var/log/auth.log"); };<br />
destination d_cron { file("/var/log/cron.log"); };<br />
destination d_daemon { file("/var/log/daemon.log"); };<br />
destination d_kern { file("/var/log/kern.log"); };<br />
destination d_lpr { file("/var/log/lpr.log"); };<br />
destination d_user { file("/var/log/user.log"); };<br />
destination d_uucp { file("/var/log/uucp.log"); };<br />
destination d_ppp { file("/var/log/ppp.log"); };<br />
<br />
destination d_mail { file("/var/log/mail.log"); };<br />
destination d_mailinfo { file("/var/log/mail.info"); };<br />
destination d_mailwarn { file("/var/log/mail.warn"); };<br />
destination d_mailerr { file("/var/log/mail.err"); };<br />
<br />
destination d_newscrit { file("/var/log/news/news.crit"); };<br />
destination d_newserr { file("/var/log/news/news.err"); };<br />
destination d_newsnotice { file("/var/log/news/news.notice"); };<br />
<br />
destination d_debug { file("/var/log/debug"); };<br />
destination d_messages { file("/var/log/messages"); };<br />
<br />
destination d_everything { file("/var/log/everything"); };<br />
destination d_console { usertty("root"); };<br />
destination d_console_all { file("/dev/tty12"); };<br />
destination d_loghost { udp("loghost" port(999)); };<br />
destination d_xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
<br />
##########################################################<br />
# FILTERS<br />
#<br />
filter f_auth { facility(auth); };<br />
filter f_authpriv { facility(auth, authpriv); }; <br />
filter f_syslog { program(syslog-ng); };<br />
filter f_cron { facility(cron); };<br />
filter f_daemon { facility(daemon); };<br />
filter f_kernel { facility(kern) and not filter(f_iptables); };<br />
filter f_lpr { facility(lpr); };<br />
filter f_mail { facility(mail); };<br />
filter f_news { facility(news); };<br />
filter f_user { facility(user); };<br />
filter f_uucp { facility(cron); };<br />
filter f_news { facility(news); };<br />
filter f_ppp { facility(local2); };<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };<br />
filter f_everything { level(debug..emerg); };<br />
filter f_emergency { level(emerg); };<br />
filter f_info { level(info); };<br />
filter f_notice { level(notice); };<br />
filter f_warn { level(warn); };<br />
filter f_crit { level(crit); };<br />
filter f_err { level(err); };<br />
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT=" value("MESSAGE")); };<br />
filter f_acpid { program("acpid"); };<br />
filter f_failed { match("regex" value("failed")); };<br />
filter f_denied { match("regex" value("denied")); };<br />
filter f_noshorewall { not match("regex" value("Shorewall")); }; # Filter everything except regex keyword Shorewall<br />
filter f_shorewall { match("regex" value("Shorewall")); }; # Filter regex keyword Shorewall<br />
<br />
<br />
<br />
<br />
##########################################################<br />
# LOG<br />
#<br />
log { source(local_src); destination(d_askapacheloghost); };<br />
log { source(local_src); destination(d_file); };<br />
<br />
log { source(local_src); filter(f_authpriv); destination(d_authlog); };<br />
log { source(local_src); filter(f_user); destination(d_user); };<br />
<br />
log { source(local_src); filter(f_cron); destination(d_cron); };<br />
log { source(local_src); filter(f_daemon); destination(d_daemon); };<br />
log { source(local_src); filter(f_kern); destination(d_kern); };<br />
log { source(local_src); filter(f_lpr); destination(d_lpr); };<br />
log { source(local_src); filter(f_mail); destination(d_mail); };<br />
log { source(local_src); filter(f_uucp); destination(d_uucp); };<br />
log { source(local_src); filter(f_mail); filter(f_info); destination(d_mailinfo); };<br />
log { source(local_src); filter(f_mail); filter(f_warn); destination(d_mailwarn); };<br />
log { source(local_src); filter(f_mail); filter(f_err); destination(d_mailerr); };<br />
log { source(local_src); filter(f_news); filter(f_crit); destination(d_newscrit); };<br />
log { source(local_src); filter(f_news); filter(f_err); destination(d_newserr); };<br />
log { source(local_src); filter(f_news); filter(f_notice); destination(d_newsnotice); };<br />
log { source(local_src); filter(f_debug); destination(d_debug); };<br />
log { source(local_src); filter(f_messages); destination(d_messages); };<br />
log { source(local_src); filter(f_ppp); destination(d_ppp); };<br />
log { source(local_src); destination(d_messages); };<br />
<br />
#default log<br />
log { source(local_src); destination(console_all); };<br />
</pre><br />
<br />
== Sources ==<br />
Syslog-ng receives log messages from a source. To define a source you should follow the following syntax:<br />
<br />
source <identifier> { source-driver(params); source-driver(params); ... };<br />
<br />
<br />
You can look at the identifiers and source-drivers in the [http://www.balabit.com/support/documentation/ official manuals]. <br />
This will follow the manual to explain the configuration file above. The unix-stream() source-driver opens the given AF_UNIX<br />
[http://en.wikipedia.org/wiki/Berkeley_sockets socket] and starts listening on it for messages. <br />
The internal() source-driver gets messages generated by syslog-ng.<br />
<br />
Therefore, the following means: src gets messages from /dev/log socket and syslog-ng.<br />
<br />
source src { unix-stream("/dev/log"); internal(); };<br />
<br />
<br />
The kernel sends log messages to /proc/kmsg and the file() driver reads log messages from files. Therefore, the following means:<br />
kernsrc gets messages from file /proc/kmsg<br />
<br />
source kernsrc { file("/proc/kmsg"); };<br />
<br />
<br />
In the default configuration file after emerging syslog-ng, the source is defined as:<br />
<br />
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };<br />
<br />
Reading messages by pipe("/proc/kmsg") gives a better performance but because it opens its argument in read-write mode can be a security<br />
hazard as the [http://www.balabit.com/dl/white_papers/syslog_admin_guide_en.pdf syslog-ng admin guide] states in section 7.1.6:<br />
<br />
"Pipe is very similar to the file() driver, but there are a few differences, for example pipe() opens its argument in read-write mode, therefore it is not recommended to be used on special files like /proc/kmsg." (You can follow this discussion in [http://forums.gentoo.org/viewtopic-t-558161.html this post].)<br />
<br />
To open a port to read data from a remote server a source must be defined with this syntax:<br />
<br />
source s_net { udp(); };<br />
<br />
for UDP or<br />
<br />
source s_net { tcp(); };<br />
<br />
to receive log messages via TCP. Both listen in port 514<br />
<br />
== Destinations ==<br />
In syslog-ng log messages are sent to files. The syntax is very similar to sources:<br />
<br />
destination <identifier> {destination-driver(params); destination-driver(params); ... };<br />
<br />
<br />
You will be normally logging to a file, but you could log to a different destination-driver: pipe, unix socket, TCP-UDP ports,<br />
terminals or to specific programs. Therefore, this means sending authlog messages to /var/log/auth.log:<br />
<br />
destination authlog { file("/var/log/auth.log"); };<br />
<br />
<br />
If the user is logged in, usertty() sends messages to the terminal of the specified user. If you want to send console messages<br />
to root's terminal if it is logged in:<br />
<br />
destination console { usertty("root"); };<br />
<br />
<br />
Messages can be sent to a pipe with pipe(). The following sends xconsole messages to the pipe /dev/xconsole. <br />
This needs some more configuration, so you could look at the sub-section xconsole below.<br />
<br />
destination xconsole { pipe("/dev/xconsole"); };<br />
<br />
<br />
To send messages on the network, use udp(). The following will send your log data out to another server.<br />
<br />
destination remote_server { udp("10.0.0.2" port(514)); };<br />
<br />
<br />
<br />
<br />
== Creating Filters for Messages ==<br />
The syntax for the filter statement is:<br />
<br />
filter <identifier> { expression; };<br />
<br />
<br />
Functions can be used in the expression, such as the fuction facility() which selects messages based on the facility codes. <br />
The linux kernel has a few facilities you can use for logging. Each facility has a log-level; where debug is the most verbose,<br />
and panic only shows serious errors. You can find the facilities, log levels and priority names in /usr/include/sys/syslog.h.<br />
To filter those messages coming from authorisation, like <br />
''<nowiki>May 11 23:42:31 mimosinnet su(pam_unix)[18569]: session opened for user root by (uid=1000)</nowiki>'', use the following:<br />
<br />
filter f_auth { facility(auth); };<br />
<br />
<br />
The facility expression can use the boolean operators ''and'', ''or'', and ''not'', so the following filter<br />
selects those messages not coming from authorisation, network news or mail:<br />
<br />
filter f_debug { not facility(auth, authpriv, news, mail); };<br />
<br />
<br />
The funciont level() selects messages based on its priority level, so if you want to select informational levels:<br />
<br />
filter f_info { level(info); };<br />
<br />
<br />
Functions and boolean operators can be combined in more complex expressions. The following line filters messages with a priority level from<br />
informational to warning not coming from atuh, authpriv, mail and news facilities:<br />
<br />
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };<br />
<br />
<br />
Messages can also be selected by matching a regular expression in the message with the function match("regex" value("keyword")). For example:<br />
<br />
filter f_failed { match("regex" value("failed")); };<br />
<br />
== Log Paths ==<br />
Syslog-ng connects sources, filters and destinations with log statements. The syntax is:<br />
<pre>log {source(s1); source(s2); ...<br />
filter(f1); filter(f2); ...<br />
destination(d1); destination(d2); ...<br />
flags(flag1[, flag2...]); };</pre><br />
<br />
<br />
The following for example sends messages from 'src' source to 'mailinfo' destination filtered by 'f_info' filter.<br />
<br />
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };<br />
<br />
<br />
== Tips and Tricks ==<br />
After understanding the logic behind syslog-ng, many possible and complex configuration are possible. Here there are some examples.<br />
<br />
=== Failover Logging to Remote Host ===<br />
This setup shows how to send the default unencrypted syslog packets across both tcp and udp protocols, using the standard port (514) and an alternate port. This is sending the same output to the same machine 4 different ways to try and make sure packets make it. Mostly useful if you are debugging a remote server that fails to reboot. The different ports and protocols are to make it past any firewall filters or other network problems. Also useful for port-forwarding and using tunnels. Something like this setup is ideal to tunnel across an ssh connection that the prone-to-failover host initiates through a reverse connection.<br />
<br />
<pre><br />
#sending to a remote syslog server on tcp and udp ports (not encrypted)<br />
destination askapache_failover_loghost {<br />
tcp("208.86.158.195" port(25214));<br />
udp("208.86.158.195" port(25214));<br />
udp("mysyslog1.dyndns.org" port(514));<br />
};<br />
log { <br />
source(src); <br />
destination(askapache_failover_loghost);<br />
};<br />
</pre><br />
<br />
<br />
And then on the loghost receiving these logs:<br />
<pre><br />
#a usb redirected console for flexible viewing<br />
destination debugging_console {<br />
file("/dev/ttyU1");<br />
};<br />
<br />
# listens on ips and ports, sets the incoming settings<br />
source prone_to_failover_host {<br />
tcp(ip(208.86.158.195),port(25214));<br />
udp(ip(208.86.158.195) port(25214));<br />
<br />
udp(default-facility(syslog) default-priority(emerg));<br />
tcp(default-facility(syslog) default-priority(emerg));<br />
}<br />
<br />
# log it<br />
log {<br />
source(prone_to_failover_host); <br />
destination(debugging_console);<br />
};<br />
</pre><br />
<br />
=== Log directly to MySQL ===<br />
[[Syslog-ng directly to MySQL]]<br />
<br />
=== Move log to another file ===<br />
In order to move some log from /var/log/messages to another file:<br />
<br />
<pre><br />
#sshd configuration<br />
destination ssh { file("/var/log/ssh.log"); };<br />
filter f_ssh { program("sshd"); };<br />
log { source(src); filter(f_ssh); destination(ssh); };<br />
</pre><br />
<br />
<br />
=== Configuring as a loghost ===<br />
Configuring your system to be a loghost is quite simple. Drop the following into your configuration, and create the needed directory.<br />
With this simple configuration, log filenames will be based on the [http://en.wikipedia.org/wiki/FQDN FQDN] of the remote host,<br />
and located in /var/log/remote/. After creating the remote directory, reload your syslog-ng configuration.<br />
<br />
<br />
<pre><br />
source net { udp(); };<br />
destination remote { file("/var/log/remote/$FULLHOST"); };<br />
log { source(net); destination(remote); };<br />
</pre><br />
<br />
<br />
=== Improve Performance ===<br />
Syslog-ng's performance can be improved in different ways:<br />
<br />
==== Avoid redundant processing and disk space ====<br />
A single log message can be sent to different log files several times. For example, in the initial configuration file, we have the following definitions:<br />
<br />
<pre><br />
destination cron { file("/var/log/cron.log"); };<br />
destination messages { file("/var/log/messages"); };<br />
filter f_cron { facility(cron); };<br />
filter f_messages { level(info..warn) <br />
and not facility(auth, authpriv, mail, news); };<br />
log { source(src); filter(f_cron); destination(cron); };<br />
log { source(src); filter(f_messages); destination(messages); };<br />
</pre><br />
<br />
<br />
The same message from the 'cron' facility will end up in both the cron.log and messages file. To change this behavior we can use the final flag, <br />
ending up further processing with the message. Therefore, in this example, if we want messages from the 'cron' facility not ending up in the<br />
messages file, we should change the cron's log sentence by:<br />
<br />
log { source(src); filter(f_cron); destination(cron); flags(final); };<br />
<br />
another way is to exclude the cron facility from f_messages filter:<br />
filter f_messages { level(info..warn) and not facility(cron, auth, authpriv, mail, news); };<br />
<br />
=== Postgresql Destination ===<br />
This section will use two roles: ''syslog'' and ''logwriter''. ''syslog'' will be the administrator of the database ''syslog'' and ''logwriter'' will only be able to add records to the ''logs'' table.<br />
<br />
No longer needed to create table for logs. Syslog-ng will create automatically.<br />
<br />
psql -U postgres<br />
<br />
postgres=# CREATE ROLE syslog WITH LOGIN;<br />
postgres=# \password syslog # Using the \password function is secure because<br />
postgres=# \password logwriter # the password isn't saved in history.<br />
postgres=# CREATE DATABASE syslog OWNER syslog;<br />
postgres=# \q # You're done here for the moment<br />
<br />
Edit pg_hba.conf to allow ''syslog'' and ''logwriter'' to establish a connection to PostgreSQL.<br />
<br />
/var/lib/postgresql/8.4/data/pg_hba.conf<br />
<pre><br />
# TYPE DATABASE USER CIDR-ADDRESS METHOD<br />
<br />
host syslog logwriter 192.168.0.1/24 md5<br />
host syslog syslog 192.168.0.10/32 md5<br />
</pre><br />
<br />
<br />
Tell PostgreSQL to reload the configuration files:<br />
/etc/rc.d/postgresql-8.4 reload<br />
<br />
<br />
Edit /etc/syslog-ng.conf so that it knows where and how to write to PostgreSQL. Syslog-ng will utilize the ''logwriter'' role.<br />
<br />
<pre><br />
...<br />
#<br />
# SQL logging support<br />
#<br />
<br />
destination d_pgsql {<br />
sql(type(pgsql)<br />
host("127.0.0.1") username("logwriter") password("password")<br />
database("syslog")<br />
table("logs_${HOST}_${R_YEAR}${R_MONTH}${R_DAY}") #or whatever you want, example ${HOST}" for hosts, ${LEVEL}" for levels.. etc<br />
columns("datetime varchar(16)", "host varchar(32)", "program varchar(8)", "message varchar(200)")<br />
values("$R_DATE", "$HOST", "$PROGRAM", "$PID", "$MSG")<br />
indexes("datetime", "host", "program", "pid", "message"));<br />
};<br />
<br />
<br />
log { source(src); destination(d_pgsql); };<br />
</pre><br />
<br />
<br />
Finally, restart Syslog-ng.<br />
/etc/rc.d/syslog-ng restart<br />
<br />
<br />
And check to see if things are being logged.<br />
psql -U logwriter -d syslog<br />
syslog=> SELECT * FROM <your table name> ORDER BY datetime DESC LIMIT 10;<br />
<br />
=== ISO 8601 timestamps ===<br />
'''Before''' :<br />
#logger These timestamps are not optimal.<br />
#tail -n 1 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
#<br />
<br />
Add <tt>ts_format(iso);</tt><br />
to ''/etc/syslog-ng.conf'' in the options section. Example:<br />
options {<br />
stats_freq (0);<br />
flush_lines (0);<br />
time_reopen (10);<br />
log_fifo_size (1000);<br />
long_hostnames(off); <br />
use_dns (no);<br />
use_fqdn (no);<br />
create_dirs (no);<br />
keep_hostname (yes);<br />
perm(0640);<br />
group("log");<br />
ts_format(iso); #make ISO8601 timestamps<br />
};<br />
<br />
Then :<br />
# killall -HUP syslog-ng<br />
<br />
'''After''' :<br />
#logger Now THAT is a timestamp!<br />
#tail -n 2 /var/log/messages.log<br />
Feb 18 14:25:01 hostname logger: These timestamps are not optimal.<br />
2010-02-18T20:23:58-05:00 electron logger: Now THAT is a timestamp!<br />
#<br />
<br />
=== RFC 3339 timestamps ===<br />
same as above, except use ''rfc3339'' instead of ''iso'' for <tt>ts_format</tt><br />
<br />
<br />
== External Links ==<br />
* [http://en.gentoo-wiki.com/wiki/Syslog-ng Syslog-ng Gentoo wiki]<br />
* [http://en.wikipedia.org/wiki/ISO_8601 ISO_8601] Wikipedia page for ISO 8601<br />
* [http://tools.ietf.org/html/rfc3339 RFC3339] Text of RFC 3339<br />
* [http://www.syslog.org/syslog-ng/v2/#reference_destinationdrivers syslog-ng_manual] syslog-ng v2.0 reference manual<br />
* [http://freshmeat.net/projects/syslog-ng/ Syslog-ng Project Page on Freshmeat]<br />
* [http://www.balabit.com/support/documentation/ Portal to Syslog-ng Documentation]<br />
* [http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=3 Gentoo's Security Handbook on Logging]<br />
* [http://www.kdough.net/docs/syslog_postgresql/ Syslog Logging with PostgreSQL HOWTO]</div>Drencrom