[syslog-ng] Logs not identical.

[Andy Loughran]

Guys,

I have had some issues with my httpd server, therefore had to enable 
some Debug Logging. This is in a different format to the rest of the logs.

I have had the httpd.conf set logging to syslog:local1, and had the 
following in place to parse the logs

log { source(s_sys); fillter(f_fac1); destination(d_logserver); };

that worked fine.

However, I noticed it wasn't logging my Apache2::Resource debugs, here's 
an example of the two types of logs:

[Fri Jan 29 16:00:30 2010] [debug] prefork.c(991): AcceptMutex: sysvsem 
(default: sysvsem)
Apache2::Resource: PID 30247 attempting to set `DATA'=400:500 ...ok

the top line is logged, but the second line isn't.

I found this out, by setting httpd.conf to log to 
/var/log/httpd/error.log instead of syslog.  For some reason syslog 
isn't getting/is cutting out the Apache2:: lines.

So, I thought it prudent to get the httpd.conf to log to the file, and 
then get syslog-ng to read from this file.

source s_httpd_err { file("/var/log/httpd/error.log" follow_freq(1) 
flags(no-parse)); };

I then put that straight into a separate file, with no filters.

destination d_httpd_err { file("/logs/httpd_error.log"); };

log { source(s_httpd_err); destination(d_httpd_err); };

However, the destination is missing the Apache2:: logs - but has the 
normal formatted logs.

Is there a filter still being applied, even though I don't specify one?

Let me know if you need more information to help me solve my problem.

Thanks,

Andy