On Tue, 2009-06-02 at 12:42 +0200, Jakub Jankowski wrote:
On 2009-06-02, Robert Fekete wrote:
I think the problem is that you define a pattern in your xml for the program as well:
<program name='logger'> <pattern>param</pattern> The <pattern> tag overrides the <program name>, so instead of logger, syslog-ng thinks this rule applies to messages that have "param" in their PROGRAM field.
In addition to what you've quoted above, I also tried:
1. <program name='logger'> <pattern>logger</pattern>
2. <program name='somethingirrelevant'> <pattern>logger</pattern>
and even without <pattern>:
3. <program name='logger'>
All of these give me the same result - no match. Any other suggestions?
Sorry for not answering any sooner. I was somewhat distracted by other things (like preparing my presentation for Nordic Nagios Meet where I'm sitting right now :) The attribute value of the name attribute in the program element serves only to document the database, it is not used for matching. The important part is <pattern></pattern> inside the program element. I tested your db snippet, and the problems were: * if you don't specify, logger will send "<someone>" as the program name, so please use "logger -t logger" * you need to specify "logger" enclosed in "pattern" tags. In that way I got your pattern to match. Robert has worked on documenting db-parser(), I just didn't have time to review it yet, however he told me he'd publish a draft of the documentation, so you can have it earlier, and possible fix omissions/problems. Robi, can you post the URL for the draft docs here? -- Bazsi