https://bugzilla.balabit.com/show_bug.cgi?id=218 --- Comment #4 from Balazs Scheidler <bazsi@balabit.hu> 2013-02-03 06:49:55 --- (In reply to comment #3)
Sorry if i omitted the entire syslog-ng.conf in my earlier mail , the log statement is there The issue is syslog-ng is not capturing the local6.info facility messages. So even if I give the filter it is of no use
This is my syslog-ng conf
source s_local { system(); sun-streams("/dev/log" door("/etc/.syslog_door")); }; destination d_messages { file("/var/adm/messages"); }; log { source(s_local); destination(d_messages); };
Same issue in another system where the websphere logs are written using local0.info , syslog-ng is not able to capture that.
I was of the view that system() in the source line should capture all the messages including local6 . but it is not so. Is there any other keyword to be included in the source section that can capture local*.* as well
your impression is correct, everything including local* should be included, assuming the applications are indeed using the local /dev/log interface (eg the syslog API) to submit messages. It may happen that they use some kind of network transport instead and send messages to localhost, port 514. To validate either, you can use tcpdump to check for network packets, or truss on the application as they submit new messsages. In any case you shouldn't need the sun-streams() part in your source as system() should be expanded to exactly that. To confirm that, you should run syslog-ng with --preprocess-into=/tmp/foo.conf argument and check what the preprocessed config looks like (there system is already expanded) hth -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.