Hi list,

so, I am new to syslog-ng and I am struggling with the features regexp/store-matches and csv-parser macros. I searched the web and mailinglist archive for these two subjects, but that didn't answer my questions. The syslog-ng 3.1.3 I'm using is running on Debian Squeeze.

filter f_mytest {
    facility(local0) and
    level(debug) and
    match("^www" value("MSGHDR") flags("store-matches"));
};

template t_mytest {
    template("${MSG}--${1}\n");
}

destination d_mytest {
    file("/var/tmp/mytest.log");
};

log {
    source(s_src);
    filter(f_mytest);
    template(t_mytest);
    destination(f_mytest);
};


When I send a message to syslog-ng with: logger -p local0.debug -t www testmessage
nothing appears in the logfile. However, when flags("store-matches") is omitted, the message appears like expected. Why does this filter not work?


I am playing around with the csv-parser function as well. The (user-defined) macros can be used in file() functions, but I found out that they don't work in owner() and group() functions. Is that expected?

Thanks,
Remy