syslog-ng
Threads by month
- ----- 2025 -----
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
October 2018
- 19 participants
- 15 discussions
CentOS syslog-ng using tls won't start via systemd but runs fine manually (sort of)
by craig bowser 12 Oct '18
by craig bowser 12 Oct '18
12 Oct '18
I'm been trying to figure this out for several days now.
I have Centos 7 installed on two servers and I want to use syslog-ng to
send logs between them securely using TLS.
On both I installed syslog-ng 3.5 using this method:
https://www.syslog-ng.com/community/b/blog/posts/installing-latest-syslog-n…
I have been following these methods as a starting point to set up:
https://www.nineproductions.com/syslog-ng-with-tls-setup-for-centralized-lo…
https://www.linux.com/blog/tls-encryption-and-mutual-authentication-using-s…
https://www.flyn.org/notes/logging/index.html
On the receiving server, I have syslog-ng with the following config
file:
----------------------------------------------------------
@version:3.5
@include "scl.conf"
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: it also sources additional configuration files (*.conf)
# located in /etc/syslog-ng/conf.d/
options {
flush_lines (0);
time_reopen (10);
# log_fifo_size (1000);
# chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (1);
keep_hostname (yes);
};
source s_sys {
system();
internal();
# udp(ip(0.0.0.0) port(514));
};
source s_net { tcp(ip(10.1.0.2) port(5441) tls(
ca_dir("/etc/syslog-ng/ca.d")
key_file("/etc/syslog-ng/newCA/serverkey.pem")
cert_file("/etc/syslog-ng/newCA/servercert.pem")
peer_verify(optional-untrusted)) ); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" flush_lines(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };
destination d_log { file("/opt/syslog/$YEAR$MONTH$DAY-logs.log"
create_dirs(yes) dir_group(logstash) dir_owner(logstash) owner(logstash)
group(logstash));};
filter f_kernel { facility(kern); };
filter f_default { level(info..emerg) and
not (facility(mail)
or facility(authpriv)
or facility(cron)); };
filter f_auth { facility(authpriv); };
filter f_mail { facility(mail); };
filter f_emergency { level(emerg); };
filter f_news { facility(uucp) or
(facility(news)
and level(crit..emerg)); };
filter f_boot { facility(local7); };
filter f_cron { facility(cron); };
#log { source(s_sys); filter(f_kernel); destination(d_cons); };
log { source(s_sys); filter(f_kernel); destination(d_kern); };
log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_auth); destination(d_auth); };
log { source(s_sys); filter(f_mail); destination(d_mail); };
log { source(s_sys); filter(f_emergency); destination(d_mlal); };
log { source(s_sys); filter(f_news); destination(d_spol); };
log { source(s_sys); filter(f_boot); destination(d_boot); };
log { source(s_sys); filter(f_cron); destination(d_cron); };
log { source(s_net); destination(d_log); };
# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"
# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
------------------------------------------------------
Here is my java verison:
# java -version
openjdk version "1.8.0_181"
OpenJDK Runtime Environment (build 1.8.0_181-b13)
OpenJDK 64-Bit Server VM (build 25.181-b13, mixed mode)
This is my OS version:
# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.2.1511 (Core)
CentOS Linux release 7.2.1511 (Core)
If I try to start syslog-ng via systemctl, this is what happens:
# systemctl start syslog-ng
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl
-xe" for details.
# systemctl status syslog-ng.service
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
Active: failed (Result: start-limit) since Fri 2018-10-12 11:57:09
EDT; 13s ago
Docs: man:syslog-ng(8)
Process: 5706 ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
(code=exited, status=2)
Main PID: 5706 (code=exited, status=2)
Status: "Starting up... (Fri Oct 12 11:57:09 2018"
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:09 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
#journalctl -xe
Oct 12 11:57:08 logger.com polkitd[818]: Registered Authentication Agent
for unix-process:5693:6083335 (system bus name :1.97
[/usr/bin/pkttyagent --notify-fd 5 -
Oct 12 11:57:08 logger.com systemd[1]: Listening on Syslog Socket.
-- Subject: Unit syslog.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog.socket has finished starting up.
--
-- The start-up result is done.
Oct 12 11:57:08 logger.com systemd[1]: Starting Syslog Socket.
-- Subject: Unit syslog.socket has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog.socket has begun starting up.
Oct 12 11:57:08 logger.com systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service: main process
exited, code=exited, status=2/INVALIDARGUMENT
Oct 12 11:57:08 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:08 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:08 logger.com polkitd[818]: Unregistered Authentication
Agent for unix-process:5693:6083335 (system bus name :1.97, object path
/org/freedesktop/Poli
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:08 logger.com systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service: main process
exited, code=exited, status=2/INVALIDARGUMENT
Oct 12 11:57:08 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:08 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:08 logger.com systemd-journal[494]: Forwarding to syslog
missed 3 messages.
-- Subject: One or more messages could not be forwarded to syslog
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- One or more messages could not be forwarded to the syslog service
-- running side-by-side with journald. This usually indicates that the
-- syslog implementation has not been able to keep up with the speed of
-- messages queued.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:08 logger.com systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service: main process
exited, code=exited, status=2/INVALIDARGUMENT
Oct 12 11:57:08 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:08 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:08 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:09 logger.com systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service: main process
exited, code=exited, status=2/INVALIDARGUMENT
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:09 logger.com systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service: main process
exited, code=exited, status=2/INVALIDARGUMENT
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 11:57:09 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 11:57:09 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 11:57:09 logger.com systemd[1]: Failed to start System Logger
Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Oct 12 11:57:09 logger.com systemd[1]: Unit syslog.socket entered failed
state.
Oct 12 11:57:09 logger.com systemd[1]: syslog-ng.service failed.
But if I start with the command line:
# /usr/sbin/syslog-ng -Fedv -p /var/run/syslogd.pid
Starting to read include file; filename='/etc/syslog-ng/scl.conf',
depth='1'
Global value changed; define='scl-root',
value='/usr/share/syslog-ng/include/scl'
Global value changed; define='include-path',
value='/etc/syslog-ng:/usr/share/syslog-ng/include'
Starting to read include file;
filename='/usr/share/syslog-ng/include/scl/system/plugin.conf',
depth='2'
Module loaded and initialized successfully; module='system-source'
Finishing include;
filename='/usr/share/syslog-ng/include/scl/system/plugin.conf',
depth='2'
Starting to read include file;
filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Reading path for candidate modules; path='//usr/lib64/syslog-ng'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='affile.so', module='affile'
Registering candidate plugin; module='affile', context='source',
name='file', preference='0'
Registering candidate plugin; module='affile', context='source',
name='pipe', preference='0'
Registering candidate plugin; module='affile', context='destination',
name='file', preference='0'
Registering candidate plugin; module='affile', context='destination',
name='pipe', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afprog.so', module='afprog'
Registering candidate plugin; module='afprog', context='source',
name='program', preference='0'
Registering candidate plugin; module='afprog', context='destination',
name='program', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afsocket-notls.so',
module='afsocket-notls'
Registering candidate plugin; module='afsocket-notls', context='source',
name='unix-stream', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='unix-stream', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='unix-dgram', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='unix-dgram', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='tcp', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='tcp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='tcp6', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='tcp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='udp', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='udp', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='udp6', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='udp6', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='syslog', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='syslog', preference='0'
Registering candidate plugin; module='afsocket-notls', context='source',
name='network', preference='0'
Registering candidate plugin; module='afsocket-notls',
context='destination', name='network', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afsocket-tls.so',
module='afsocket-tls'
Registering candidate plugin; module='afsocket-tls', context='source',
name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='tcp', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='tcp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='tcp6', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='tcp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='udp', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='udp', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='udp6', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='udp6', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='syslog', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='syslog', preference='100'
Registering candidate plugin; module='afsocket-tls', context='source',
name='network', preference='100'
Registering candidate plugin; module='afsocket-tls',
context='destination', name='network', preference='100'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afsocket.so', module='afsocket'
Registering candidate plugin; module='afsocket', context='source',
name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='unix-stream', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='unix-dgram', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='tcp', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='tcp', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='tcp6', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='tcp6', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='udp', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='udp', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='udp6', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='udp6', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='syslog', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='syslog', preference='100'
Registering candidate plugin; module='afsocket', context='source',
name='network', preference='100'
Registering candidate plugin; module='afsocket', context='destination',
name='network', preference='100'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afstomp.so', module='afstomp'
Registering candidate plugin; module='afstomp', context='destination',
name='stomp', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='afuser.so', module='afuser'
Registering candidate plugin; module='afuser', context='destination',
name='usertty', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='basicfuncs.so', module='basicfuncs'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='grep', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='if', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='echo', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='length', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='substr', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='strip', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='sanitize', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='lowercase', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='uppercase', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='replace-delimiter', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='+', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='-', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='*', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='/', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='%', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='ipv4-to-int', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='indent-multi-line', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='context-length', preference='0'
Registering candidate plugin; module='basicfuncs',
context='template-func', name='env', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='confgen.so', module='confgen'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='cryptofuncs.so',
module='cryptofuncs'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='uuid', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='hash', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='sha1', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='sha256', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='sha512', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='md4', preference='0'
Registering candidate plugin; module='cryptofuncs',
context='template-func', name='md5', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='csvparser.so', module='csvparser'
Registering candidate plugin; module='csvparser', context='parser',
name='csv-parser', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='dbparser.so', module='dbparser'
Registering candidate plugin; module='dbparser', context='parser',
name='db-parser', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='linux-kmsg-format.so',
module='linux-kmsg-format'
Registering candidate plugin; module='linux-kmsg-format',
context='format', name='linux-kmsg', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='syslogformat.so',
module='syslogformat'
Registering candidate plugin; module='syslogformat', context='format',
name='syslog', preference='0'
Registering candidate plugin; module='syslogformat', context='parser',
name='syslog-parser', preference='0'
Reading shared object for a candidate module;
path='//usr/lib64/syslog-ng', fname='system-source.so',
module='system-source'
Finishing include;
filename='/usr/share/syslog-ng/include/scl/pacct/plugin.conf', depth='2'
Starting to read include file;
filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
depth='2'
Module loaded and initialized successfully; module='confgen'
Finishing include;
filename='/usr/share/syslog-ng/include/scl/syslogconf/plugin.conf',
depth='2'
Finishing include; filename='/etc/syslog-ng/scl.conf', depth='1'
Module loaded and initialized successfully; module='afsocket-tls'
Module loaded and initialized successfully; module='affile'
Finishing include; content='source confgen system', depth='1'
Module loaded and initialized successfully; module='afuser'
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:5]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling s_sys sequence [source] at
[/etc/syslog-ng/syslog-ng.conf:2]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:2]
Compiling #unnamed single [log] at [#buffer:1:1]
Compiling #unnamed single [log] at [#buffer:2:1]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:2]
Compiling f_kernel reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling f_kernel sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling d_kern reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_kern sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_default reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_default sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling d_mesg reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_mesg sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_auth reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_auth sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling d_auth reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_auth sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_mail reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_mail sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_mail reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_mail sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_emergency reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_emergency sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_mlal reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_mlal sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_news reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_news sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_spol reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_spol sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_boot reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_boot sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_boot reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_boot sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_sys reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_cron reference [filter] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling f_cron sequence [filter] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:5]
Compiling d_cron reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_cron sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed sequence [log] at [/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_net reference [source] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling s_net sequence [source] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:3]
Compiling d_log reference [destination] at
[/etc/syslog-ng/syslog-ng.conf:6]
Compiling d_log sequence [destination] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed junction [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Compiling #unnamed single [log] at
[/etc/syslog-ng/syslog-ng.conf:4]
Module loaded and initialized successfully; module='syslogformat'
Module loaded and initialized successfully; module='linux-kmsg-format'
Running application hooks; hook='1'
Running application hooks; hook='3'
syslog-ng starting up; version='3.5.6'
If I comment out this line from syslog-ng.conf:
# log { source(s_net); destination(d_log); };
Then restart syslog-ng (I know, I should use restart...)
# systemctl start syslog-ng
Starts no problem.
# systemctl status syslog-ng.service
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
Active: active (running) since Fri 2018-10-12 12:00:47 EDT; 38s ago
Docs: man:syslog-ng(8)
Main PID: 5727 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
└─5727 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
Oct 12 12:00:47 logger.com systemd[1]: Starting System Logger Daemon...
Oct 12 12:00:47 logger.com systemd[1]: Started System Logger Daemon.
It just won't stop (I guess by design)
# systemctl stop syslog-ng
Warning: Stopping syslog-ng.service, but it can still be activated by:
syslog.socket
# systemctl status syslog-ng.service
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
Active: active (running) since Fri 2018-10-12 12:01:55 EDT; 1s ago
Docs: man:syslog-ng(8)
Main PID: 5755 (syslog-ng)
CGroup: /system.slice/syslog-ng.service
└─5755 /usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
Oct 12 12:01:55 logger.com systemd[1]: Starting System Logger Daemon...
Oct 12 12:01:55 logger.com systemd[1]: Started System Logger Daemon.
But if I uncomment that line and restart:
# systemctl restart syslog-ng
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl
-xe" for details.
# service syslog-ng status
Redirecting to /bin/systemctl status syslog-ng.service
● syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled;
vendor preset: enabled)
Active: failed (Result: start-limit) since Fri 2018-10-12 12:04:18
EDT; 2s ago
Docs: man:syslog-ng(8)
Process: 5811 ExecStart=/usr/sbin/syslog-ng -F -p /var/run/syslogd.pid
(code=exited, status=2)
Main PID: 5811 (code=exited, status=2)
Status: "Starting up... (Fri Oct 12 12:04:18 2018"
Oct 12 12:04:18 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 12:04:18 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 12:04:18 logger.com systemd[1]: syslog-ng.service holdoff time
over, scheduling restart.
Oct 12 12:04:18 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 12:04:18 logger.com systemd[1]: Failed to start System Logger
Daemon.
Oct 12 12:04:18 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 12:04:18 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 12:04:18 logger.com systemd[1]: start request repeated too
quickly for syslog-ng.service
Oct 12 12:04:18 logger.com systemd[1]: Failed to start System Logger
Daemon.
Oct 12 12:04:18 logger.com systemd[1]: syslog-ng.service failed.
It won't work.
If I change syslog-ng.conf to a specific IP in the source I get nearly
the same results.
One note: Occasionally, in the journalctl -xe, I get the following:
Oct 12 12:08:55 logger.com systemd[1]: Unit syslog-ng.service entered
failed state.
Oct 12 12:08:55 logger.com systemd[1]: syslog-ng.service failed.
Oct 12 12:08:55 logger.com systemd-journal[494]: Forwarding to syslog
missed 3 messages.
-- Subject: One or more messages could not be forwarded to syslog
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- One or more messages could not be forwarded to the syslog service
-- running side-by-side with journald. This usually indicates that the
-- syslog implementation has not been able to keep up with the speed of
-- messages queued.
But that doesn't show up all the time.
As far as options, it doesn't look like
https://www.centos.org/forums/viewtopic.php?t=58296
https://www.syslog-ng.com/community/b/blog/posts/troubleshooting-java-suppo…
rsyslog is disabled
# systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Oct 11 19:03:17 logger.com systemd[1]: Starting System Logging
Service...
Oct 11 19:03:17 logger.com systemd[1]: Started System Logging Service.
Oct 11 20:52:56 logger.com systemd[1]: Stopping System Logging
Service...
Oct 11 20:52:56 logger.com systemd[1]: Stopped System Logging Service.
https://www.centos.org/forums/viewtopic.php?t=57379
Nothing seems to be blocking access to the log directory:
# lsof /dev/log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 42u unix 0xffff8800368952c0 0t0 9277 /dev/log
systemd-j 494 root 5u unix 0xffff8800368952c0 0t0 9277 /dev/log
https://www.reddit.com/r/linuxadmin/comments/5ezj5c/syslogng_service_doesnt…
I've also looked at
https://unix.stackexchange.com/questions/202044/syslog-ng-service-not-start…
and
https://lists.balabit.hu/pipermail/syslog-ng/2017-September/024024.html
1
0
Hi,
*issue*: syslog-ng is not starting if we configure IPV6 IP along with
RFC-5424 format
Using below command to run syslog-ng:
/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -R /var/syslog-ng.persist
-p /var/syslog-ng.pid
Getting the below error:
------------------------------
*syslog-ng: Error changing to Unknown syslog transport specified, please
use one of udp, tcp, or tls; transport='udp6', id='df_remote_0#0'*
Could anyone please let me know what should be the configuration in
syslog-ng.conf for IPV6 syslog-ng server IP with RFC-5424 format.
we are using syslog-ng-3.3.7 version.
*If the below configuration is correct, will it work if we upgrade to newer
version with the below configuration?*
I am using the below configuration in syslog-ng.conf:
========================================
options {
stats_freq (0);
flush_lines (0);
time_reopen (10);
log_fifo_size (10000);
chain_hostnames (off);
use_dns (no);
create_dirs (no);
keep_hostname (no);
perm(0640);
group("root");
};
# sources
source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" program_override("kernel: "));
};
filter f_remote { facility(local7); };
destination df_remote_0 {syslog("xxxx:xxxx:xxxx:xxxx:xxxx"
transport("udp6"));};
log { source(s_all); filter(f_remote); destination(df_remote_0
Please help if there is any issue in the above configuration?
Regards,
V/
2
8
Hello
I am trying to log named to syslog_ng and it is not set up by default on
arch or artex.
I set up named for logging, I think
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
};
in the config file for syslog_ng I had added
destination d_mail { file("/var/log/mail.log"); };
destination d_named { file("/var/log/named.log"); };
destination d_news { file("/var/log/news.log"); };
I am looking at filters and have no idea what to do
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { program(syslog-ng); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern) and not filter(f_iptables); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_ppp { facility(local2); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv,
mail, news, cron) and not program(syslog-ng) and not filter(f_iptables); };
filter f_everything { level(debug..emerg) and not facility(auth,
authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("IN=" value("MESSAGE")) and match("OUT="
value("MESSAGE")); };
filter f_acpid { program("acpid"); };
I don't know if there is a built in facilty for named. The docs for the
server and very detailed and rich, and overwhelming.
Ruben
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
2
2
Hi,
I have a question regarding how to specify a network destination when using a hostname when the hostname can be resolved to either IPv4 or IPv6. In particular what should be specified by the ip-protocol() parameter? There are some configuration scenarios and/or target installations that don't know a priori whether the DNS configuration will resolve to an IPv4 or IPv6 address.
E.g.,
destination d_tcp6 {
network(
"myhost"
port(514)
transport(udp)
ip-protocol(6 or 4 or ??)
);
};
It seems like it would simple enough to have syslog-ng simply validate the resulting IP address string to determine which of ip-protocol(4) or ip-protocol(6) is actually needed. In fact, I would argue that specifying an IP address string (as the "<destination-address>" value) could result in the same determination (the address string necessarily unambiguously determines whether the reference is an IPv4 or an IPv6 address and I would think there is a 1-1 relationship between this determination and whether ip-protocol(4) or ip-protocol(6) is used - (in other words it would never make sense to have these mixed: "::1" and ip-protocol(4) would be invalid).
Thanks,
-David
3
12
Hi,
I want to parse my sshd logs to store information in a remote database.
I already did it using logstash. But I just discovered syslog-ng can do
such things using patterndb.
I could manage to setup a few <pattern> but I have difficulties building
generic rules.
I end up with 4 or 5 rules where I can only deal with one or two using
logstash.
So I expect to be missing something with patterns :)
Here's a log example:
Disconnected from user joe 192.168.0.5 port 50121
Disconnected from invalid user www 192.168.0.7 port 6794 [preauth]
Disconnected from authenticating user root 192.168.0.3 port 52591
[preauth]
So I wrote those three patterns:
<!-- Disconnected from user joe 192.168.0.5 port 50121 -->
<pattern>@ESTRING:EVENT: from @user @ESTRING:USERNAME: @@ESTRING:IP:
@port @NUMBER:PORT:@</pattern>
<!-- Disconnected from invalid user www 192.168.0.7 port 6794 [preauth]
-->
<pattern>@ESTRING:EVENT: from @invalid user @ESTRING:USERNAME:
@@ESTRING:IP: @port @NUMBER:PORT:@@ANYSTRING:EXTRA:@</pattern>
<!-- Disconnected from authenticating user root 192.168.0.3 port 52591
[preauth] -->
<pattern>@ESTRING:EVENT: from @authenticating user @ESTRING:USERNAME:
@@ESTRING:IP: @port @NUMBER:PORT:@@ANYSTRING:EXTRA:@</pattern>
To me, those 3 lines can be described using a single expression this way
:
("Disconnected from") ("user"|"invalid user"|"authenticating user")
(username) (ip_host) port (ip_port)(empty|extra_stuff)
Basically, the features I couldn't find are :
- "match a defined string and affect to variable"
- "match a string or another and affect to variable"
- "match a string or EOL and affect to variable if not empty".
Is it possible to have a single pattern that would lead to have:
- EVENT = "Disconnected from"
- METHOD = "user" | "invalid user" | "authenticating user"
- USERNAME = <parsed username>
- IP = <parsed ip address>
- PORT = <parsed port number>
- EXTRA = <empty> | <parsed extra information>
Thanks for you help.
2
3