Hi,
I've released syslog-ng version 1.4.0rc2, fixing all known bugs in previous versions.
bad luck, I found some probleme:
this sample configuration
destination all { file( "/tmp/messages"); file( "/opt/syslog/var/log/syslogs/$HOST_$FACILITY_$LEVEL_$PROGRAM_$YEAR_$MONTH_$DAY"); };
generate on hostname ts ( SunOS ts 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-60) (those file when starting syslogd ( which dump dmsg):
Hope this information help.
( I guess program macro is matched against a given field in the syslog line so that there is nothing to do...)
The problem basically is that Linux sysklogd sends messages without date and host info, thus if no date is found the first word is taken as programname. I don't think clean solution exists. I added a workaround so that when a message from LOG_KERN arrives, it has "kernel" as programname. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt