Hi all,

I installed syslog-ng for central logging in a company. The remote logging works perfectly.

The syslog-ng machine should log its own logs to central repository and to typical /var/log by syslogd as well.

I changed the original syslogd port  to different one (510/udp) and created a pipe device which will be used for transport between syslogd and syslog-ng.

 

/etc/syslog.conf

-----------------------

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

*.*                                                                      |/dev/log-syslog-ng

-----------------------

 

 

Generally the pipe is working the events are logged in by syslogd and syslog-ng as well.

BUT if I apply any standard filter for the pipe source the statement is false in spite of should being true.

 

Part of /etc/syslog-ng/syslog-ng.conf

-----------------------------------------------------

options {

…….

}source s_local {

         pipe("/dev/log-syslog-ng");

         file("/proc/kmsg");

};

destination d_mesg_XXXX { file("/local/messages"); };

destination d_null  { file("/dev/null"); };

filter f_mail_XXXX    { level(debug); };

log { source(s_local); filter(f_mail_XXXX); destination(d_mesg_XXXX); };

log { source(s_local);  destination(d_null); flags(final); };

----------------------------------------------------

 

 

It’s looking like the facility, priority information has been lost after syslogd evaluation or by going through the pipe. (All events go only to /dev/null destination)

 

 

Any help is appreciated.

 

Thanks

 

 

Lumir Unzeitig