Hi, I am currently using the Open Source edition of syslog-ng version 3.0.1 on RedHat Linux 5.3 and 3.9. So far, there are not too many problems, but one strangeness occurs when defining templates. When I define the template inside the 'destination' configuration, everything works as expected: # + # Definition 1: Works fine. # - source s_local { unix-stream( "/dev/log" ); file( "/proc/kmsg" ); udp( ip( "127.0.0.1" ) port(514) ); tcp( ip( "127.0.0.1" ) port(514) keep-alive(yes) ); }; destination d_test { file( "/opt/sec/var/log/test" template( "$ISODATE -- $FACILITY -- $PRIORITY -- $HOST -- $MESSAGE\n----------\n" ) ); }; log { source(s_local); destination(d_test); }; The log entries look like this:
2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105 ---------- 2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950 ---------- 2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163 ----------
So far, so good. But when I try global templates, I get a rather strange result: # + # Definition 2: Fails miserably. # - source s_local { unix-stream( "/dev/log" ); file( "/proc/kmsg" ); udp( ip( "127.0.0.1" ) port(514) ); tcp( ip( "127.0.0.1" ) port(514) keep-alive(yes) ); }; template t_test { template( "$ISODATE -- $FACILITY -- $PRIORITY -- $HOST -- $MESSAGE\n----------\n" ); }; destination d_test { file( "/opt/sec/var/log/test" template( t_test ) ); }; log { source(s_local); destination(d_test); }; What I'm getting is this (including marked blank lines):
---------- -- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020 09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105 ----------
---------- -- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020 09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950 ----------
---------- -- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020 09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163
It looks a bit as if all elements of the filled template are output twice: First in reverse order, then again from start in correct order. This is reproducable on several machines. The only difference is the use of the global template in the second case instead of the inline template in the first. Am I making some stupid mistake, or is this a bug in syslog-ng? Best regards and thanks in advance for any suggestions, Peter. -- ------------------------------------------------------------------------- Peter Eckel System- und Netzwerkmanagement Postfach 1463 D-61284 Bad Homburg v.d.H. Tel.: +49 6172 969495 Mobil: +49 172 6812107 Fax: +49 6172 969845 EMail: Peter.Eckel@Eckel-EDV.de -------------------------------------------------------------------------