On Tue, 2005-09-06 at 06:04 -0400, t_esting@excite.com wrote:

Hello, syslog-ng gurus. I have been trying unsuccessfully to replicate syslog-ng 1.5.26 behavior over to the current stable release. Specifically, here's what I can't seem to get to work from my config:

destination d_ipfilters_bymin { file ("/var/logser/$HOST/$YEAR/$MONTH/$DAY/ipfilters.log.$HOUR.$MIN" owner(root) perm(0600) create_dirs(yes) ); };

filter f_fwsm_misc { match(" \%FWSM-") and match(": (Teardown|Translation|Built)"); };

log { source(s_udp); filter(f_fwsm_misc); destination(d_ipfilters_bymin); };

With syslog-ng 1.5.26 (linked against libol 0.3.10 on Solaris 8 using GCC in 64-bit mode), this config writes my FWSM messages to /var/logser correctly. I have been unable to do the same using either 1.6.8; the messages just fall through to my catchall destination.

Can anyone offer some advice on how to reproduce the 1.5.x $HOST expansion behavior in 1.6.x?

I can't really understand. Do you have a problem with matching the log lines or the filename where the line is written to? -- Bazsi