https://bugzilla.balabit.com/show_bug.cgi?id=124 Summary: [regression] broken $FULLHOST after upgrade to 3.2.4 Product: syslog-ng Version: 3.2.x Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: enrico.scholz@informatik.tu-chemnitz.de Type of the Report: --- Estimated Hours: 0.0 syslog-ng 3.2.4 sets the chained hostname from local sources always to 'hostname/hostname'. Previous version (2.x and 3.1.4) used 'localhost@hostname' for this resp. '<sourcename>@hostname'. This breaks existing setups because * destination filenames which contain $FULLHOST can not be used anymore because the '/' prevents their creation; e.g. my remote logserver has | destination d_iptables { file("/var/log/remote/IPTABLES/log.$FULLHOST" sync(10)); }; which created e.g. 'log.localhost@walther'. Now, it fails with | Error opening file for writing; filename='/var/log/remote/IPTABLES/log.walther/walther', error='No such file or directory (2)' * originating sources can not be identified anymore; e.g. I use syslog-ng to log events within chroot environments. E.g. I have | source kerberos { unix-dgram ("/vservers/kerberos/dev/log" keep-alive(no)); }; | source ldap { unix-dgram ("/vservers/ldap/dev/log" keep-alive(no)); }; Previously, messages could be identified because they were reported to come from 'kerberos@<host>' or 'ldap@<host>'. Now, the source is reported as '<host>/<host>' for both environments. 'strace' shows that the syslog client creates '<host>/<host>' strings. The syslog-ng client is configured as ----- @version:3.2 ################################################################### #### #### DO NOT EDIT THIS FILE! #### This file is managed by cfengine; any manual changes will be overridden #### ################################################################### options { flush_lines (0); time_reopen (10); log_fifo_size (16384); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); chain_hostnames (yes); }; source localhost { unix-stream ("/dev/log"); file("/proc/kmsg" program_override("kernel")); internal(); }; destination stunnel { tcp("127.0.0.1" port(520)); tcp("127.0.0.1" port(521)); }; ## Common block for kernel-logging filter f_kern { facility(kern); }; filter f_min_emerg { level(emerg); }; filter f_min_alert { level(alert..emerg); }; filter f_min_crit { level(crit..emerg); }; filter f_min_err { level(err..emerg); }; filter f_min_warn { level(warn..emerg); }; filter f_kern_err { filter(f_kern) and filter(f_min_warn); }; filter f_kern_crit { filter(f_kern) and filter(f_min_crit); }; destination d_kern { file("/var/log/kernel" fsync(yes) perm(0644)); }; destination d_cons { file("/dev/console"); }; log { filter(f_kern_err); source(localhost); destination(d_kern); }; log { filter(f_kern_crit); source(localhost); destination(d_cons); }; ## End kernel-logging block} log { destination(stunnel); flags(catch-all); }; ----- I am using the syslog-ng package from Fedora EPEL6 (http://koji.fedoraproject.org/koji/buildinfo?buildID=245187) -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.