Hi, It does work for me in 3.1. What version do you run, what is your destination template? Do you use any rewrite in your config? Marton On Tue, 2009-08-25 at 13:53 -0400, Jan Schaumann wrote:
Hello,
It appears that syslog-ng does not correctly identify the 'security' facility:
$ logger -p security.info oink
yields:
Aug 25 10:46:43 <d.info> syslog1 oink
Note the false facility "d".
In src/syslog-names.c, the mapping for 'security' is done thusly:
{"security", LOG_AUTH}, /* DEPRECATED */
FreeBSD, however, appears to still use LOG_SECURITY, which leads to syslog-ng falsely categorizing the incoming messages. I'd be able to deal with this if it actually did fall back to LOG_AUTH, but for some reason it shows up as facility "d" (which seems like a string comparison gone awry).
-Jan ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Key fingerprint = F78C 25CA 5F88 6FAF EA21 779D 3279 9F9E 1155 670D