[syslog-ng] program_override("kernel") not working in 3.0.4

5 Jan 2010

      I'm trying to upgrade from 2.1.3 to 3.0.4 under Linux, and am having
trouble getting my kernel messages tagged appropriately.

My previous configuration had the following:

-----
source k_src { pipe("/proc/kmsg" log_prefix("kernel: ")); };

destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { match("iptables:"); };
log { source(k_src); filter(f_iptables); destination(iptables); flags(final); };

destination messages { file("/var/log/messages"); };
log { source(src); source(k_src); destination(messages); };
-----

All of my kernel messages showed up with the "kernel:" prefix, and anything
coming from iptables was dropped in a separate log.

Based on the documentation, I modified my configuration to the following
for 3.0.4:

-----
source k_src { file("/proc/kmsg" program_override("kernel")); };

destination iptables { file("/var/log/iptables.log"); };
filter f_iptables { program("^kernel$") and message("^iptables:"); };
log { source(k_src); filter(f_iptables); destination(iptables);
flags(final); };

destination messages { file("/var/log/messages"); };
log { source(src); source(k_src); destination(messages); };
-----

However, my kernel messages show up with no prefix. I tried starting up in
debug mode:

-----
syslog-ng starting up; version='3.0.4'
Incoming log entry; line='<6>usb 2-7: USB disconnect, address 8'
Filter rule evaluation begins; filter_rule='f_iptables'
Filter node evaluation result; filter_result='not-match'
Filter node evaluation result; filter_result='not-match', filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_iptables'
Initializing destination file writer; template='/var/log/messages',
filename='/var/log/messages'
Incoming log entry; line='<4>iptables: IN=eth0 OUT=
MAC=0:05:00:10:97:43:00:0SC147.5.2 S=2... E=8TS00 RC0C T= D363POO2'
Filter rule evaluation begins; filter_rule='f_iptables'
Filter node evaluation result; filter_result='not-match'
Filter node evaluation result; filter_result='not-match', filter_type='AND'
Filter rule evaluation result; filter_result='not-match',
filter_rule='f_iptables'
-----

This didn't help me. Am I doing something wrong? I didn't find any
complaints of this nature on the mailing list, which leads me to suspect
I'm somehow being stupid, any pointers much appreciated.

Thanks...

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768