<div dir="ltr">Hi, <div><br></div><div>Try adding a log path with the fallback flag: <a href="https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/49#TOPIC-956570">https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/49#TOPIC-956570</a></div><div><br></div><div>Regards, </div><div><br></div><div>Robert</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 14, 2018 at 11:48 AM, Michael Thénault <span dir="ltr"><<a href="mailto:michael.thenault@gmail.com" target="_blank">michael.thenault@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
Indeed it works with unix-dgram("/dev/log" ); Thanks !<br>
<br>
I have another question : I have a system with different packages.<br>
Each package brings its own syslog-ng conf file to define its filters<br>
and log { } blocks. All those conf files are in a directory which is<br>
included by the main syslog-ng conf file.<br>
<br>
In the main syslog-ng conf file I want to log all the unfiltered lines<br>
into /var/log/messages.<br>
Problem: I cannot reference previously defined filters without knowing<br>
their name. The main conf file doesn't know those names. Is there a<br>
way to solve this ? Sadly wildcards don't work on filter names...<br>
<br>
Regards,<br>
Michael<br>
<br>
<br>
Le ven. 10 août 2018 à 20:06, Scheidler, Balázs<br>
<<a href="mailto:balazs.scheidler@oneidentity.com">balazs.scheidler@oneidentity.<wbr>com</a>> a écrit :<br>
<div class="HOEnZb"><div class="h5">><br>
> Hi,<br>
><br>
> this is probably because syslogd used SOCK_DGRAM socket for /dev/log whereas your syslog-ng configuration tells syslog-ng to use SOCK_STREAM. The libc implementation supports both. Make sure you use unix-dgram() in syslog-ng. the system() source in syslog-ng defaults to unix-dgram() if I remember correctly.<br>
><br>
> btw: multi-line log messages are not supported over syslog network transports in general, though its original UDP transport may work.<br>
><br>
> Bazsi<br>
><br>
> On Fri, Aug 10, 2018 at 5:36 PM, Jim Hendrick <<a href="mailto:james.r.hendrick@gmail.com">james.r.hendrick@gmail.com</a>> wrote:<br>
>><br>
>> Don't give up quite yet. There are better people than I by far on this list :-)<br>
>><br>
>> Btw ... the program destination ran pretty well with no performance impact or anything. "Use the source young padawan "<br>
>><br>
>><br>
>> On Fri, Aug 10, 2018, 10:51 AM Michael Thénault <<a href="mailto:michael.thenault@gmail.com">michael.thenault@gmail.com</a>> wrote:<br>
>>><br>
>>> Ok, well that cannot be a solution for us because of different<br>
>>> reasons: performance (embedded environment), probability to add bugs<br>
>>> ...<br>
>>> I guess we'll have to go reconsider keeping syslogd which doesn't have<br>
>>> this issue.<br>
>>><br>
>>> Regards,<br>
>>> Michael<br>
>>> ______________________________<wbr>______________________________<wbr>__________________<br>
>>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
>>> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
>>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
>>><br>
>><br>
>> ______________________________<wbr>______________________________<wbr>__________________<br>
>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
>> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
>><br>
>><br>
><br>
> ______________________________<wbr>______________________________<wbr>__________________<br>
> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
><br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div>