yup, you can find the patch reference in bugzilla, but it also got integrated to mainline, github.com/balabit/syslog-ng-3.4 that is. the fix is quite recent, so you can cherry-pick it yourself, but Algernon had nightly builds for a number of platforms on madhouse.org ----- Original message -----
There was a patch with refarss to include statements tgat fixes this. Not a release yet but will be 3.4.2
---- Evan Rempel, 250-721-7691 Senior Systems Administrator Data Centre Services, University of Victoria
-------- Original message -------- From: "Fanselow, William" <William.Fanselow@Level3.com> Date: To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] flags(final) in version 3.4
According to this report, the flags(final) does not work in 3.4 as one got used to in prior versions. https://lists.balabit.hu/pipermail/syslog-ng/2013-February/020039.html
In version 3.3 I used flags(final) in each of my log{ } statements so that a message was not unnecessarily processed by anything beyond a matching filter. My last entry in the config used flags(fallback) so that any message not previously sent to a destination was caught by this final stanza.
With version 3.4, the same syntax does not work, and all messages appear to be passing through every filter and getting duplicated in the first match and my final log destination.
Surely, there must be another way to handle this sort of thing. Not only is it useful for processing efficiency, but it is also a useful way to identify "unmatched" filters in the config.
Any suggestions for replicating the 3.3 behavior would be appreciated.
Thanks Bill Fanselow ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq