Hi, 1) I found a bug in syslog-ng-1.6.12. If i use the MSGONLY macro the first char of the message is missing. Here is the patch: -snip-------------------------------- 426,427c426,428 < colon++; < ofs = (colon - (char *) msg->msg->data); ---
ofs = (colon - (char *) msg->msg->data) + 2; if (ofs > msg->msg->length) ofs = msg->msg->length;
-snap-------------------------------- 2) And I have an other problem with a regexp in a filter. I want to log all messages that contains the "[ERR]" string to a separate err log. My filter, destination and log looks like this: filter f_usererr { facility(user) and match('\[ERR\]'); }; destination d_usererr {file("/var/log/$SOURCEIP_$PROGRAM.err"); }; log { source(s_net); filter(f_usererr); destination(d_usererr); }; What I get is a line like test[1234]:[ERR] fopen failed but also test[1234]:Event 1 or test[1234]:Released So it seems to be that the backslash before the [ is ignored. If I change the filter to filter f_usererr { facility(user) and match('ERR\]'); }; I get only the line test[1234]:[ERR] fopen failed as expected 3) And I have a third problem with creation of a filename based on the IP destination d_usererr {file("/var/log/$SOURCEIP_$PROGRAM.err"); }; The created filename is "/var/log/bla.err" and the $SOURCEIP is missing If I change the destination to destination d_usererr {file("/var/log/$SOURCEIP-$PROGRAM.err"); }; the created filename is "/var/log/192.168.1.1-bla.err" as expected Best regards Stefan Schulz -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail