December 2003 - syslog-ng - lists.balabit.hu

AIX and Syslog-ng
by Russell Adams 16 Dec '03

16 Dec '03

I've got three new AIX systems, setup to log to my syslog-ng central logging host. I'm getting sporadic messages from both them, one has gone days without a message. Has anyone else had issues with AIX's syslog sending messages in an inconsistent manner? Russell

1 0

[PATCH] - $CONTENT macro
by Amodiovalerio Verde 16 Dec '03

16 Dec '03

I'm posting a patch against 1.6.0-RC3 This patch get you a new macro, $CONTENT, that match only the content part of a message ( without the program name and the pid ) I extensively used it, and I had no problem at all so I believe it's safe. Personally I found it really useful to match some message that starts in a certain way. If Barzi find it useful too, he could merge it in the next release of syslog-ng. Let me know if you find this patch of any use. Amodiovalerio [Hypo] Verde ------------------------------------------------------------------------------------------------------------------ diff -aurN syslog-ng-1.6.0rc3.orig/src/macros-gperf.c syslog-ng-1.6.0rc3/src/macros-gperf.c --- syslog-ng-1.6.0rc3.orig/src/macros-gperf.c Wed Apr 16 12:03:46 2003 +++ syslog-ng-1.6.0rc3/src/macros-gperf.c Tue Dec 16 15:49:38 2003 @@ -3,12 +3,12 @@ #include "macros.h" struct macro_def { char *name; int id; int len; }; -#define TOTAL_KEYWORDS 51 +#define TOTAL_KEYWORDS 52 #define MIN_WORD_LENGTH 2 #define MAX_WORD_LENGTH 13 #define MIN_HASH_VALUE 2 -#define MAX_HASH_VALUE 140 -/* maximum key range = 139, duplicates = 0 */ +#define MAX_HASH_VALUE 115 +/* maximum key range = 114, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -22,32 +22,32 @@ { static unsigned char asso_values[] = { - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 55, 141, 22, 60, 0, - 0, 35, 10, 15, 141, 141, 0, 11, 25, 5, - 25, 141, 50, 0, 0, 10, 15, 0, 141, 25, - 141, 141, 141, 141, 141, 0, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141, 141, 141, 141, 141, - 141, 141, 141, 141, 141, 141 + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 5, 116, 55, 20, 0, + 0, 20, 30, 35, 116, 116, 0, 62, 0, 5, + 25, 116, 35, 0, 0, 10, 15, 10, 116, 55, + 116, 116, 116, 116, 116, 20, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, + 116, 116, 116, 116, 116, 116 }; register int hval = len; @@ -68,23 +68,22 @@ } #ifdef __GNUC__ +__inline #endif struct macro_def * find_macro (register const char *str, register unsigned int len) { static unsigned char lengthtable[] = { - 0, 0, 2, 0, 4, 0, 0, 0, 0, 9, 10, 0, 0, 8, - 4, 10, 0, 0, 8, 9, 5, 0, 0, 13, 4, 3, 6, 5, - 0, 9, 8, 0, 0, 8, 0, 10, 0, 0, 3, 3, 8, 5, - 0, 7, 0, 0, 0, 0, 0, 3, 0, 5, 0, 0, 4, 0, - 0, 0, 0, 9, 10, 0, 0, 0, 4, 10, 6, 7, 8, 0, - 0, 0, 0, 7, 0, 0, 6, 5, 0, 9, 0, 0, 7, 0, - 4, 10, 6, 7, 3, 0, 5, 5, 0, 7, 0, 0, 0, 0, - 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, - 5 + 0, 0, 2, 0, 4, 0, 0, 0, 0, 0, 10, 0, 0, 8, + 0, 10, 0, 0, 0, 9, 5, 0, 0, 3, 4, 0, 6, 0, + 8, 0, 0, 0, 0, 0, 4, 0, 0, 7, 8, 4, 0, 0, + 0, 13, 4, 10, 6, 0, 0, 9, 10, 0, 7, 8, 9, 10, + 0, 0, 3, 9, 5, 6, 7, 8, 4, 3, 6, 5, 0, 7, + 0, 0, 7, 8, 7, 0, 0, 0, 3, 0, 5, 6, 0, 0, + 9, 3, 0, 0, 0, 0, 10, 0, 0, 0, 0, 5, 0, 5, + 0, 0, 0, 6, 5, 8, 7, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5 }; static struct macro_def wordlist[] = { @@ -92,82 +91,79 @@ {"TZ", M_TZ}, {""}, {"S_TZ", M_TZ_STAMP}, - {""}, {""}, {""}, {""}, - {"S_WEEKDAY", M_WEEKDAY_STAMP}, + {""}, {""}, {""}, {""}, {""}, {"S_FULLDATE", M_FULLDATE_STAMP}, {""}, {""}, {"TZOFFSET", M_TZOFFSET}, - {"HOST", M_HOST}, + {""}, {"S_TZOFFSET", M_TZOFFSET_STAMP}, - {""}, {""}, - {"FULLHOST", M_FULLHOST}, - {"HOST_FROM", M_HOST_FROM}, + {""}, {""}, {""}, + {"S_WEEKDAY", M_WEEKDAY_STAMP}, {"LEVEL", M_LEVEL}, {""}, {""}, + {"TAG", M_TAG}, + {"DATE", M_DATE}, + {""}, + {"S_DATE", M_DATE_STAMP}, + {""}, + {"FULLDATE", M_FULLDATE}, + {""}, {""}, {""}, {""}, {""}, + {"HOST", M_HOST}, + {""}, {""}, + {"WEEKDAY", M_WEEKDAY}, + {"FULLHOST", M_FULLHOST}, + {"R_TZ", M_TZ_RECVD}, + {""}, {""}, {""}, {"FULLHOST_FROM", M_FULLHOST_FROM}, {"HOUR", M_HOUR}, - {"SEC", M_SEC}, + {"R_FULLDATE", M_FULLDATE_RECVD}, {"S_HOUR", M_HOUR_STAMP}, - {"S_SEC", M_SEC_STAMP}, - {""}, - {"S_ISODATE", M_ISODATE_STAMP}, - {"FACILITY", M_FACILITY}, {""}, {""}, - {"UNIXTIME", M_UNIXTIME}, + {"S_ISODATE", M_ISODATE_STAMP}, + {"R_TZOFFSET", M_TZOFFSET_RECVD}, {""}, + {"ISODATE", M_ISODATE}, + {"UNIXTIME", M_UNIXTIME}, + {"R_WEEKDAY", M_WEEKDAY_RECVD}, {"S_UNIXTIME", M_UNIXTIME_STAMP}, {""}, {""}, - {"TAG", M_TAG}, + {"SEC", M_SEC}, + {"HOST_FROM", M_HOST_FROM}, + {"S_SEC", M_SEC_STAMP}, + {"R_DATE", M_DATE_RECVD}, + {"CONTENT", M_CONTENT}, + {"FACILITY", M_FACILITY}, + {"YEAR", M_YEAR}, {"MIN", M_MIN}, - {"SOURCEIP", M_SOURCE_IP}, + {"S_YEAR", M_YEAR_STAMP}, {"S_MIN", M_MIN_STAMP}, {""}, {"S_MONTH", M_MONTH_STAMP}, - {""}, {""}, {""}, {""}, {""}, - {"MSG", M_MESSAGE}, - {""}, - {"MONTH", M_MONTH}, {""}, {""}, - {"R_TZ", M_TZ_RECVD}, - {""}, {""}, {""}, {""}, - {"R_WEEKDAY", M_WEEKDAY_RECVD}, - {"R_FULLDATE", M_FULLDATE_RECVD}, - {""}, {""}, {""}, - {"DATE", M_DATE}, - {"R_TZOFFSET", M_TZOFFSET_RECVD}, - {"S_DATE", M_DATE_STAMP}, - {"WEEKDAY", M_WEEKDAY}, - {"FULLDATE", M_FULLDATE}, - {""}, {""}, {""}, {""}, + {"PROGRAM", M_PROGRAM}, + {"SOURCEIP", M_SOURCE_IP}, {"MESSAGE", M_MESSAGE}, - {""}, {""}, - {"R_HOUR", M_HOUR_RECVD}, - {"R_SEC", M_SEC_RECVD}, + {""}, {""}, {""}, + {"DAY", M_DAY}, {""}, - {"R_ISODATE", M_ISODATE_RECVD}, + {"S_DAY", M_DAY_STAMP}, + {"R_HOUR", M_HOUR_RECVD}, {""}, {""}, - {"ISODATE", M_ISODATE}, - {""}, - {"YEAR", M_YEAR}, + {"R_ISODATE", M_ISODATE_RECVD}, + {"MSG", M_MESSAGE}, + {""}, {""}, {""}, {""}, {"R_UNIXTIME", M_UNIXTIME_RECVD}, - {"S_YEAR", M_YEAR_STAMP}, - {"PROGRAM", M_PROGRAM}, - {"DAY", M_DAY}, + {""}, {""}, {""}, {""}, + {"R_SEC", M_SEC_RECVD}, {""}, - {"S_DAY", M_DAY_STAMP}, + {"MONTH", M_MONTH}, + {""}, {""}, {""}, + {"R_YEAR", M_YEAR_RECVD}, {"R_MIN", M_MIN_RECVD}, - {""}, - {"R_MONTH", M_MONTH_RECVD}, - {""}, {""}, {""}, {""}, {"PRIORITY", M_LEVEL}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"R_DATE", M_DATE_RECVD}, - {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {"R_MONTH", M_MONTH_RECVD}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, - {"R_YEAR", M_YEAR_RECVD}, - {""}, {""}, {""}, {"R_DAY", M_DAY_RECVD} }; diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.c syslog-ng-1.6.0rc3/src/macros.c --- syslog-ng-1.6.0rc3.orig/src/macros.c Wed Apr 16 12:15:02 2003 +++ syslog-ng-1.6.0rc3/src/macros.c Tue Dec 16 15:44:12 2003 @@ -351,7 +351,25 @@ length = append_string(dest, left, msg->msg->data, msg->msg->length, escape); break; } - default: + case M_CONTENT: { + /* message without program name and pid */ + char *test; + test = malloc(strlen(msg->msg->data)); + if (msg->program) { + char *index; + index = strstr(msg->msg->data," "); + if (index==NULL) + strcpy(test,msg->msg->data); + else + strcpy(test,index+1); + } + else + strcpy(test,msg->msg->data); + length = append_string(dest,left,test,strlen(test),escape); + free(test); + break; + } + default: break; } if (length < 0 || (unsigned int) length > *left) @@ -427,7 +445,8 @@ { "PROGRAM", M_PROGRAM }, { "MSG", M_MESSAGE }, { "MESSAGE", M_MESSAGE }, - { "SOURCEIP", M_SOURCE_IP } + { "SOURCEIP", M_SOURCE_IP }, + { "CONTENT", M_CONTENT } }; static int macro_cache[sizeof(macros) / sizeof(struct macro_def)]; diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.gprf syslog-ng-1.6.0rc3/src/macros.gprf --- syslog-ng-1.6.0rc3.orig/src/macros.gprf Thu Apr 10 12:51:00 2003 +++ syslog-ng-1.6.0rc3/src/macros.gprf Tue Dec 16 15:44:50 2003 @@ -54,3 +54,4 @@ MSG, M_MESSAGE MESSAGE, M_MESSAGE SOURCEIP, M_SOURCE_IP +CONTENT, M_CONTENT diff -aurN syslog-ng-1.6.0rc3.orig/src/macros.h syslog-ng-1.6.0rc3/src/macros.h --- syslog-ng-1.6.0rc3.orig/src/macros.h Thu Apr 10 20:22:54 2003 +++ syslog-ng-1.6.0rc3/src/macros.h Tue Dec 16 15:45:32 2003 @@ -81,6 +81,8 @@ #define M_SOURCE_IP 49 +#define M_CONTENT 50 + struct ol_string * expand_macros(struct syslog_config *cfg, struct ol_string *template, int template_escape, struct log_info *msg);

1 0

Spec file
by Hamilton Andrew 12 Dec '03

12 Dec '03

I seem to recall some traffic some time back about someone that had a spec file for building syslog-ng as an rpm. Could someone let me borrow a copy or point me to where I could find one? Thanks, Drew Andrew Hamilton Senior Systems Analyst Dynamics Research Corporation

1 0

syslog-ng doesn't handle builtin syslog messages correctly
by Joerg Michels 11 Dec '03

11 Dec '03

Hello together, I'm running a central syslog-ng server and about two dozens clients sending their logs to this server (all redhat). But on some clients syslog-ng doesn't catch the builtin syslog messages. syslog-version: 1.6.0rc4 on all hosts the conf file on my clients: --- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source src_sys { pipe ("/proc/kmsg"); unix-stream ("/dev/log"); internal (); }; destination dst_central { tcp('xxx.xxx.xxx.xxx'); }; destination dst_local { file ("/var/log/all"); }; log { source(src_sys); destination(dst_central); destination(dst_local); }; --- When I execute 'logger test' the message only reaches the local /var/log/all, but not the server. When I execute 'logger -u /dev/log test' the message reaches both destinations. I tried unix-dgram instead of unix-stream, but same problem. I tried udp as transport protocol, but also same problem. I tried same older versions of syslog-ng, but also same problem. Where is my mistake? With kind regards, Joerg Michels

3 4

kern messages not trapping correctly?
by dan＠eglifamily.dnsalias.net 08 Dec '03

08 Dec '03

I just moved from syslog to syslog-ng. It looks great, except that kernel messages don't seem to be getting passed into the logs. For example, I have my iptables rules set to log any connection that fails all ACCEPT rules. Under syslog the firewall log file got to be rather large very quickly (which is fine). I accomplished it with --log-level info and putting kern.info /var/log/firewall in my syslog.conf file. I translated that into syslog-ng, but my firewall log has not increased one bit, even when I purposly hit a blocked port from the outside. Here's the syslog-ng.conf file. Perhaps someone can see an issue? options { dir_perm(0755); perm(0644); chain_hostnames(no); keep_hostname(yes); }; source local { unix-stream("/dev/log"); udp(ip(0.0.0.0) port(514)); internal(); }; filter f_kern { facility(kern) and level(debug...emerg); }; filter f_notcron { not facility(cron); }; filter f_infoemerg { level(info...emerg); }; filter f_notmail { not facility(mail); }; filter f_notauth { not facility(authpriv); }; filter f_auth { facility(authpriv) and level(debug...emerg); }; filter f_mail { facility(mail) and level(debug...emerg); }; filter f_cron { facility(cron) and level(debug...emerg); }; filter f_emerg { level(emerg); }; filter f_newscrit { facility(uucp,news) and level(crit...emerg); }; filter f_boot { facility(local7) and level(debug...emerg); }; filter f_firewall { facility(kern) and match("IN="); }; destination d_firewall { file("/var/log/firewall" create_dirs(yes)); }; destination d_messages { file("/var/log/messages" create_dirs(yes)); }; destination d_spooler { file("/var/log/spooler" create_dirs(yes)); }; destination d_console { file("/dev/console" create_dirs(yes)); }; destination d_secure { file("/var/log/secure" create_dirs(yes)); }; destination d_maillog { file("/var/log/maillog" create_dirs(yes)); }; destination d_cron { file("/var/log/cron" create_dirs(yes)); }; destination d_panic { usertty("*"); }; destination d_boot { file("/var/log/boot.log" create_dirs(yes)); }; log { source(local); filter(f_newscrit); destination(d_spooler); }; log { source(local); filter(f_cron); destination(d_cron); }; log { source(local); filter(f_emerg); destination(d_panic); }; log { source(local); filter(f_boot); destination(d_boot); }; log { source(local); filter(f_mail); destination(d_maillog); }; log { source(local); filter(f_kern); destination(d_console); }; log { source(local); filter(f_notcron); filter(f_infoemerg); filter(f_notmail); filter(f_notauth); destination(d_messages); }; log { source(local); filter(f_auth); destination(d_secure); }; log { filter(f_firewall); destination(d_firewall); }; I even tried it without the match, so it was just anything from the kern facility. No go. Running RedHat linux 9. Thanks in advance! --- Dan

2 2

directory creation problem
by Sylvain Hubert 08 Dec '03

08 Dec '03

Hi, I am running syslog-ng 1.6r3 on a redhat linux 7.3. The central log server is receiving logs from solaris 2.8, aix 4/5 and windows 2k (using nt-syslog). Syslog-ng creates directories based on the $HOST variable, i.e., /var/syslog-ng/$HOST/.../logfiles. For some reason, the directories created is not always the $HOST, i.e, not an ip or a valid hostname (I am using the check_hostname option) but some left over of some syslog or nt-syslog messages. Here is an example of the content of the /var/syslog-ng/ directory: 10.10.10.1 10.10.10.2 10.10.10.3 adam (valid hostname) alex (valid hostname) ntds (not valid) service (not valid) windows (not valid) I am trying to figure out why these directories (the non valid ones) are created and how to prevent them. Right now, this seem to happen for nt-syslog and also for solaris 2.8. Any suggestions or help would be greatly appreciated. Thanks, Sylvain Hubert

2 1

Compiling syslog-ng for IRIX!
by JOrgen＠Home 05 Dec '03

05 Dec '03

Hi everyone! Has anyone compiled syslog-ng for IRIX? Is it possible to do? When looking around I have seen some old posts about this, but never a post that says that it has been done? Has anyone compiled it for IRIX? I have a coupled ot SGI's that is running 6.2 that I need to run the syslog-ng on! //JE

1 0

compile of syslog-ng-1.6.0rc4 fails
by jeff＠unixisgod.com 04 Dec '03

04 Dec '03

I can do a plain ./configure and then a make. Below is my output: --SNIP-- creating cache ./config.cache checking for a BSD compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working aclocal... found checking for working autoconf... found checking for working automake... found checking for working autoheader... found checking for working makeinfo... found checking whether build environment is sane... yes checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for bison... bison -y checking how to run the C preprocessor... gcc -E checking for flex... flex checking for flex... (cached) flex checking for yywrap in -lfl... yes checking lex output file root... lex.yy checking whether yytext is a pointer... yes checking whether make sets ${MAKE}... (cached) yes checking for ANSI C header files... yes checking for malloc.h... yes checking for unistd.h... yes checking for door.h... no checking for stropts.h... yes checking for sys/strlog.h... no checking for stdarg.h... yes checking for sys/klog.h... yes checking for arpa/nameser.h... yes checking for tcpd.h... yes checking for working const... yes checking whether time.h and sys/time.h may both be included... yes checking for modern utmp... yes checking whether to compile klogctl... yes checking size of short... 2 checking size of int... 4 checking size of long... 4 checking for I_CONSLOG... no checking for O_LARGEFILE... yes checking for res_init in <resolv.h>... yes checking for working alloca.h... yes checking for alloca... yes checking for vprintf... yes checking for res_init in -lresolv... no checking for __res_init in -lresolv... yes checking for door_create in -ldoor... no checking for socket in -lsocket... no checking for gethostbyname in -lnsl... yes checking for select... yes checking for snprintf... yes checking for vsnprintf... yes checking for strerror... yes checking for inet_aton... yes checking for strncpy... yes checking for getutent... yes checking for getopt_long... yes checking for strcasecmp... yes checking for strptime... yes checking for TCP wrapper library... -lwrap checking whether to enable Sun STREAMS support... no checking whether to enable Sun door support... no checking whether to enable TCP wrapper support... no checking libol version >= 0.3.10... ok updating cache ./config.cache creating ./config.status creating Makefile creating src/Makefile creating src/tests/Makefile creating doc/Makefile creating doc/sgml/Makefile creating contrib/Makefile creating syslog-ng.spec creating src/config.h make[1]: Entering directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4' Making all in src make[2]: Entering directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' cd /home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4 && autoheader WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' WARNING: and `config.h.top', to define templates for `config.h.in' WARNING: is deprecated and discouraged. WARNING: Using the third argument of `AC_DEFINE' and WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without WARNING: `acconfig.h': WARNING: AC_DEFINE([NEED_MAIN], 1, WARNING: [Define if a function `main' is needed.]) WARNING: More sophisticated templates can also be produced, see the WARNING: documentation. configure.in:61: warning: AC_PROG_LEX invoked multiple times cd .. \ && CONFIG_FILES= CONFIG_HEADERS=src/config.h \ /bin/sh ./config.status creating src/config.h make all-recursive make[3]: Entering directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' Making all in . make[4]: Entering directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' gcc -DHAVE_CONFIG_H -I. -I/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src -I. -g -O2 -Wall -I/home/jrod/basebuild/libol/libol-0.3.11/src -D_GNU_SOURCE -c main.c In file included from main.c:26: syslog-ng.h:31:21: objects.h: No such file or directory In file included from cfgfile.h:29, from main.c:27: sources.h:30:23: read_line.h: No such file or directory In file included from sources.h:32, from cfgfile.h:29, from main.c:27: log.h:30:16: io.h: No such file or directory In file included from sources.h:32, from cfgfile.h:29, from main.c:27: log.h:39: parse error before "UINT32" log.h:39: warning: no semicolon at end of struct or union log.h:43: parse error before "pri" log.h:43: warning: type defaults to `int' in declaration of `pri' log.h:43: warning: data definition has no type or storage class log.h:44: parse error before "flags" log.h:44: warning: type defaults to `int' in declaration of `flags' log.h:44: warning: data definition has no type or storage class log.h:51: parse error before '}' token In file included from log.h:54, from sources.h:32, from cfgfile.h:29, from main.c:27: log.h.x:4: field `super' has incomplete type log.h.x:9: confused by earlier errors, bailing out make[4]: *** [main.o] Error 1 make[4]: Leaving directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' make[2]: *** [all-recursive-am] Error 2 make[2]: Leaving directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/jrod/basebuild/syslog-ng/syslog-ng-1.6.0rc4' --SNIP-- Any ideas? Jeff

1 0

Variables with file destination
by Kenneth Webber 03 Dec '03

03 Dec '03

Question: The variables in my file destination are not working. file("/var/log/syslogng/$YEAR_$MONTH_$DAY_$WEEKDAY_$HOST.log"); I expect my log files to be something like: /var/log/syslogng/2003_12_03_WED_10.2.2.2.log Instead they are: /var/log/syslogng/10.2.2.2.log I had it working at one point but not any longer. Has anyone seen this? I am using libol-0.3.11+20030915 and syslog-ng 1.6.0rc4. My config is: # syslog-ng.conf options { long_hostnames(yes); use_dns(yes); use_fqdn(yes); dns_cache(yes); dns_cache_size(500); dns_cache_expire(3600); dns_cache_expire_failed(3600); check_hostname(yes); keep_hostname(yes); chain_hostnames(yes); log_msg_size(8192); sync(10); log_fifo_size(2048); time_reopen(10); use_time_recvd(yes); }; source src { udp(); internal(); }; destination syslogfile { file( "/var/log/syslogng/$YEAR_$MONTH_$DAY_$WEEKDAY_$HOST.log.log" create_dirs(yes) owner("bob") group("other") perm(644) remove_if_older(3600) ); }; log { source(src); destination(syslogfile); }; _________________________________________________________________ Take advantage of our best MSN Dial-up offer of the year six months @$9.95/month. Sign up now! http://join.msn.com/?page=dept/dialup

1 0

Null characters with PIX and Syslog-ng-1.6.Orc4
by Bill Miller 01 Dec '03

01 Dec '03

Hi, More of an observation than a cry for help... I had a problem grepping for information in my syslog-ng logs from PIX's. After alot of investigation I found a null character sitting (invisibly) at the end of the time field - /usr/bin/grep will not look past the null character. The PIXs timestamp the syslog message (in this case - not by default) and I could not see a syslog-ng configurable cause of this. So like the coward I am ;) I uninstalled 1.6 and went back to 1.4.17 - which did not have the problem. So really this is just a heads up for anyone seeing the same issue and maybe if anyone knows the cause and/or knows the fix. As long as you don't have to spend all morning trying to fix grep...If you think you might have this the command to check for null characters is cat <file> | perl -nge 's/\000/XXX/g' - XXX marks the spot. Probably can do it in sed or tr as well. Best Regards Bill Miller Internet Security Architect Energis ******************************************************** This e-mail is sent by Energis Communications Limited and its contents are confidential and may be legally privileged. ********************************************************

2 1