https://bugzilla.balabit.com/show_bug.cgi?id=88 Summary: rewrite FACILITY does not work. Product: syslog-ng Version: 3.0.x Platform: PC OS/Version: Windows Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: alex-pub.balabit@reflexion.net Type of the Report: --- Estimated Hours: 0.0 Here is the fragment of my syslog-ng.conf file that demonstrates the problem source remote_sys { tcp( ip( "0.0.0.0" ) port( 514 ) max-connections( 1152 ) ); udp( ip( "0.0.0.0" ) port( 514 ) ); }; destination d_remote_consolidated_log { file( "/var/log/remote/$FACILITY/$FACILITY.log" create_dirs( yes ) perm( 0644 ) dir_perm( 0755 ) template( "$R_ISODATE $HOST -$LEVEL- $PROGRAM[$PID]: $MSGONLY\n" ) frac_digits( 6 ) template_escape( no ) ); }; filter f_apache { facility( local1 ); }; rewrite r_rewrite_apache_facility { set("apache" value("FACILITY")); }; log { source( remote_sys ); filter( f_apache ); rewrite( r_rewrite_apache_facility ); destination( d_remote_consolidated_log ); flags( final ); }; If I issue the following command from the host connected to this syslog-ng server: $ echo this is apache log test | logger -t apache-test -p local1.info Then the output is sent to "/var/log/remote/local1/local1.log" instead of expected "/var/log/remote/apache/apache.log". Also, if I include $FACILITY into the destination template it prints "local1" If I run syslog-ng with -d flag I see this in output:
Rewrite expression evaluation result; value='FACILITY', new_value='apache'
Below is a full log for this test
Incoming log entry; line='<142>Jun 22 17:36:11 host-1 apache-test: this is a test 2' Filter rule evaluation begins; filter_rule='f_filter1' Filter node evaluation result; filter_result='not-match', filter_type='facility' Filter rule evaluation result; filter_result='not-match', filter_rule='f_filter1' Filter rule evaluation begins; filter_rule='f_filter2' Filter node evaluation result; filter_result='not-match', filter_type='facility' Filter rule evaluation result; filter_result='not-match', filter_rule='f_filter2' Filter rule evaluation begins; filter_rule='f_apache' Filter node evaluation result; filter_result='match', filter_type='facility' Filter rule evaluation result; filter_result='match', filter_rule='f_apache' Rewrite expression evaluation result; value='FACILITY', new_value='apache'
So this makes me believe that rewrite does happen, but the value is not picked up later. BTW, the documentation for `set` command says that there should be a comma between "apache" and value, but other samples do not put it there. I've tried it both ways to no avail. -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.