syslog-ng.conf example

This is how i configure my syslog-ng.conf file:

options { chain_hostnames(off); sync(0); };

#source where to read log
source src { unix-stream("/dev/log"); internal(); };
source kernsrc { file("/proc/kmsg"); };

#define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };

destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination xconsole { pipe("/dev/xconsole"); };

#create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news, cron); };
filter f_emergency { level(emerg); };

filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { match("failed"); };
filter f_denied { match("denied"); };

#connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };

#default log
log { source(src); destination(console_all); };

mounting an SMB share from VMware ESX

This is how I mount an SMB share in ESX, for example to copy files to/from and external USB drive:

esxcfg-firewall -enableService smbClient

mkdir /tmp/smbname

chkconfig netfs on

service netfs start

mount -t smbfs -o username=USER,password=PASSWORD //x.x.x.x/share /tmp/smbname/

rmdir /mnt/myshare

installing VMware tools in a gentoo/linux virtual machine

In VMware (ESX/Workstation) select the option to install vmware tools - usually found in the menus (VM -> Install VMware Tools).

1. log into the virtual machine and mount the cd-rom drive.
2. ~#mount /dev/cdrom /mnt/cdrom
3. untar the vmware tools to a temporary location like /tmp
4. ~#tar xvzf /mnt/cdrom/*.tar.gz /tmp
5. Create a set of empty rcX.d directories so the tools installer thinks they exist
   
6. ~#mkdir /etc/init.d/rc{0,1,2,3,4,5,6}.d
7. Run the vmware-tools installer and go with the defaults
8. ~#cd vmware-tools-distrib
9. ~#./vmware-install.pl
10. Add vmware tools to startup when the machine boots
    
11. ~#rc-update add vmware-tools default

Installing gentoo in a VMware virtual machine

In order to install Gentoo linux into a VMware virtual machines, the following needs to be compiled into the kernel:

Fusion MPT ScsiHost drivers for SPI
SCSI low-level drivers - SYM53C8XX Version 2 SCSI support
Intel(R) PRO/1000 Gigabit Ethernet support

cloning a linux virtual machines

After cloning a linux virtual machine, there are a few things that need to be changed:

Edit this file and remove the first network adapter:
/etc/udev/rules.d/70-persistent-net.rules

Then:
rm /etc/ssh/ssh_host_key*
rm /etc/ssh/ssh_host_dsa_key*
rm /etc/ssh/ssh_host_rsa_key*
/etc/init.d/sshd restart

rm /var/lib/dhcpcd/dhcpcd-eth0.info
rm /var/lib/dhcpcd/dhcpcd.duid
/etc/init.d/net.eth0 restart

nano -w /etc/conf.d/hostname

nano -w /etc/conf.d/net
config_eth0=( "x.x.x.x netmask 255.255.255.0 brd x.x.0.255" )
routes_eth0=( "default via x.x.x.x" )
dns_domain="abc.xyz.com"
dns_search=( "abc.xyz.com xyz.com" )
dns_servers_eth0="x.x.x.x x.x.x.x x.x.x.x"

Then edit the following files:

/etc/conf.d/hostname

/etc/conf.d/net

using sysprep with virtual machines

This is how the sysprep.inf file looks that I use in VMware, VirtualCenter, and virtual machines:

;SetupMgrTag
[Unattended]
OemSkipEula=Yes
InstallFilesPath=C:\sysprep\i386
KeepPageFile = 1

[GuiUnattended]
AdminPassword=****
EncryptedAdminPassword=No
AutoLogon=Yes
AutoLogonCount=1
OEMSkipRegional=1
TimeZone=35
OemSkipWelcome=1

[UserData]
ProductKey=xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
FullName="Name"
OrgName="Company"
ComputerName=

[Display]
BitsPerPel=32
Xresolution=1024
YResolution=768

[LicenseFilePrintData]
AutoMode=PerServer
AutoUsers=9999

[RegionalSettings]
LanguageGroup=1
SystemLocale=00000409
UserLocale=00000409
InputLocale=0409:00000409

[SetupMgr]
DistFolder=C:\sysprep\i386
DistShare=windist

[Identification]
JoinWorkgroup=THEWORKGROUP

[Networking]
InstallDefaultComponents=Yes

[MS_Server parameters]
Optimization=MaxThroughputForNetworkApps

rename a SQL Server host

When you rename a machine with SQL Server running, you also need to rename it in SQL:

select @@servername

sp_dropserver 'old name'
GO
sp_addserver 'new name', local
GO

stop cron from logging to syslog

If this is annoying to you every 5 minutes (for example with cacti)

localhost cron[23731]:(cactiuser) CMD (php /var/www/localhost/htdocs/cacti/poller.php > /dev/null 2>&1)

localhost cron[28722]:(cactiuser) CMD (php /var/www/localhost/htdocs/cacti/poller.php > /dev/null 2>&1)

localhost cron[28723]:(root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )

in /etc/syslog-ng/syslog-ng.conf add:
filter f_croninfo { level(info) and not facility(cron); };

and modified the logging lines:
log { source(src); filter(f_croninfo); destination(serial_console); };
log { source(src); filter(f_croninfo); destination(messages); };

exposing spam confidence level in Exchange

Is there a way to expose the SCL of the messages in the Archive Folder, OWA or Outlook?

Yes, it's possible. You need to create the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter
To archive the SCL rating with archived messages

1. In Registry Editor (regedit), right-click ContentFilter, click New, and then click DWORD value.
2. Type ArchiveSCL for the registry key value.
3. Right-click ArchiveSCL, and then click Modify.
4. In Edit DWORD, under Value Data, type 1.
5. When this registry key value is set to 1, Intelligent Message Filter saves the SCL rating with the archived messages. The SCL rating is persisted in the message as an extended message header (X-SCL).

When this registry key is set to 0, or if the registry key value does not exist, Intelligent Message Filter archives the message, but does not save its associated SCL rating.

Now, your messages are receiving have an X-SCL message header with SCL Level. Then, you can see SCL in Archived Folder, Outlook and OWA.

For exposing SCL in Outlook or OWA, see below:
Exposing SCL in Outlook
Exposing SCL in OWA
Microsoft Exchange Intelligent Message Filter Deployment Guide