nah, I've just tried to replace that with "file( "/dev/klog" owner(root) group(wheel) perm(0666) );", didn't work. Also I'm getting logs to "/var/log/all.log" from dovecot without any issue, it just this filter, I feel something is not right there.
Hello,
Is it possible that the *dovcot* application sends those logs via */dev/klog* ? Because in your configuration for that source the program is replaced with *kernel*.
I tried the *program* filter with freebsd 12 + syslog-ng 3.20.1 with the following configuration:
@version: 3.20
log { source { internal(); }; if { filter( program("syslog-ng"); }; rewrite { set(":)" value(".FILTER")); }; } else { rewrite { set(":(" value(".FILTER")); }; }
destination { file("/dev/stdout" template("${.FILTER}\n")); }; };
starting with syslog-ng -F
The result seemed to be positive => :)
-- Kokan
On Wed, Mar 20, 2019 at 4:41 AM Stanislav <me@rooty.name> wrote:
Greetings,
I'm getting this issue after my last package upgrade
====================================== Name : syslog-ng Version : 3.20.1 Installed on : Mon Mar 11 23:27:29 2019 EET Origin : sysutils/syslog-ng Architecture : FreeBSD:12:amd64 Prefix : /usr/local Categories : sysutils Licenses : Maintainer : cy@FreeBSD.org WWW : http://www.syslog-ng.org/ Comment : Powerful syslogd replacement Options : AMQP : off CURL : off DOCS : on GEOIP2 : off IPV6 : off JAVA : off JAVA_MOD : off JSON : on MONGO : off PYTHON : off REDIS : off RIEMANN : off SMTP : off SPOOF : off SQL : off TCP_WRAPPERS : off ======================================
I have following configuration:
options { chain_hostnames(off); flush_lines(0); threaded(yes); create_dirs(yes); }; source local { internal(); unix-dgram( "/var/run/log" owner(root) group(wheel) perm(0666) ); unix-dgram( "/var/run/logpriv" owner(root) group(wheel) perm(0600) ); file( "/dev/klog" program_override("kernel") ); }; ... destination all { file("/var/log/all.log"); }; destination maillog_mda { file("/var/log/maillog-mda"); }; ... filter p_mail_imap { program("dovecot"); }; ... log { source(local); destination(all); }; log { source(local); filter(p_mail_imap); destination(maillog_mda); }; ====================================== # ps auxww|grep dovecot root 9648 0.0 0.1 13268 4196 - Is 00:46 0:00.04 /usr/local/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf dovecot 9651 0.0 0.0 12724 3784 - I 00:46 0:00.01 anvil: [2 connections] (anvil) root 15259 0.0 0.0 12796 4168 - I 01:42 0:00.00 dovecot/log root 16126 0.0 0.1 13744 5020 - I 01:52 0:00.02 dovecot/config dovecot 16127 0.0 0.0 12724 4180 - I 01:52 0:00.01 stats: [3 connections] (stats) dovecot 17328 0.0 0.1 21284 12276 - I 02:05 0:00.01 auth: [0 wait, 0 passdb, 0 userdb] (auth) ====================================== # syslog-ng -s # echo $? 0 ======================================
I'm getting logs from dovecot program to /var/log/all.log but not /var/log/maillog-mda . As I mentioned before it was working on previous version of syslog-ng . Does anybody have this issue? Just me, lucky?
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq