Hi,
Hi, I have a problem with syslog-ng facilities.
I use a program called SEC to customize logs. so my logs come to my syslog-ng server, which send them to SEC by running it, and then, SEC gives them back to syslog-ng throught a pipe, and then, syslog-ng send them into a mysql database. in the config file, I have :
source src_reseau { udp(ip(0.0.0.0) port(513)); }; source src_solaris { sun-streams("/dev/log" door("/etc/.syslog_door")); }; destination d_sec { program("/var/hote/sec-2.4.1/sec.pl -input=- -conf=/etc/syslog-ng/sec.conf -log=/var/adm/sec.log"); }; log { source(src_reseau); source(src_solaris); destination(d_sec); };
and after SEC, it returns to syslog-ng
source src_sec { pipe("/tmp/src_sec.pipe"); }; destination d_mysql { program("mysql -h xxx -u xxx --password=xxx syslog
/dev/null" template ("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ('$HOST' , 'auth' , '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(src_sec); destination(da_mysql); };
The problem is : Before comming back throught the pipe, facilities and levels are corrects, but after a pipe (or a file, because I experienced the same problem with a file input), facilities and levels are user.notice in all cases...
Does syslog-ng incapable of reading facilities throught files and pipes, or did I missed something?
user.notice is the default facility/severity if the log message doesn't contain this information. My guess is that syslog-ng doesn't send this information to your script because your d_sec destination doesn't use a template. Try using a template like "<$PRI> $ISODATE $FULLHOST $MSG" Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.