Syslog-ng version 2. Can anyone please explain the purpose of the backslash being added before each quote in syslog output ? Is there any way to disable this feature ? Is this flags(noparse) ? Is there any other way to do it (other than stripping it out on an output process)? Regards Philip =============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ===============================================================================
Hi, On Wed, Jun 10, 2009 at 4:04 PM, Pennington, Philip<philip.pennington@credit-suisse.com> wrote:
Syslog-ng version 2.
Can anyone please explain the purpose of the backslash being added before each quote in syslog output ?
i guess you're referring to template_escape() which is used mostly for SQL backends - thus protecting from SQL injections. Regards, Sandor
On Wed, 2009-06-10 at 15:04 +0100, Pennington, Philip wrote:
Syslog-ng version 2.
Can anyone please explain the purpose of the backslash being added before each quote in syslog output ?
Is there any way to disable this feature ? Is this flags(noparse) ?
Is there any other way to do it (other than stripping it out on an output process)?
you probably need template-escape(no) this is the default setting starting from 3.0 and was introduced to avoid SQL injections if using templates to format SQL INSERT statements. since that use is replaced by the native SQL destination, the default was changed with 3.0. -- Bazsi
Bazsi, Ok thanks, I think that does look like what I need. I assume you meant template_escape(no) (underscore not hyphen). I've tried a bit of experimentation and for some reason I can't seem to get it to drop the backslashes Is it correct to say this is required on the first and every "tcp" destination syslog relay in a chain as well as the final "file" destination? (I was trying with relays). The admin guide does suggest that template_escape is a common option for every destination (presumably including tcp), are you aware of any known issues with this on version 2.0.5 ? Regards Philip -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: 10 June 2009 15:56 To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Backslash before quote On Wed, 2009-06-10 at 15:04 +0100, Pennington, Philip wrote:
Syslog-ng version 2.
Can anyone please explain the purpose of the backslash being added before each quote in syslog output ?
Is there any way to disable this feature ? Is this flags(noparse) ?
Is there any other way to do it (other than stripping it out on an output process)?
you probably need template-escape(no) this is the default setting starting from 3.0 and was introduced to avoid SQL injections if using templates to format SQL INSERT statements. since that use is replaced by the native SQL destination, the default was changed with 3.0. -- Bazsi ________________________________________________________________________ ______ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html =============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ===============================================================================
On Wed, 2009-06-10 at 19:14 +0100, Pennington, Philip wrote:
Bazsi,
Ok thanks, I think that does look like what I need. I assume you meant template_escape(no) (underscore not hyphen).
it does not matter, '-' and '_' are equivalent. The reason being that these were inconsistent right from the start and I didn't want to break compatibility over this. So, you can write template-escape() or template_escape() they are the same. (and the same rule applies for anything that has an underscore in it). This way at least you can be consistent in your configuration file which one you want to use.
I've tried a bit of experimentation and for some reason I can't seem to get it to drop the backslashes
Is it correct to say this is required on the first and every "tcp" destination syslog relay in a chain as well as the final "file" destination? (I was trying with relays).
If they are using templates(), then it can happen that each one adds escaping.
The admin guide does suggest that template_escape is a common option for every destination (presumably including tcp), are you aware of any known issues with this on version 2.0.5 ?
well, I can't remember, 2.0.5 is quite old, but you can always check the changelogs (the NEWS file in the source distribution), I try hard to write down important changes there. -- Bazsi
participants (3)
-
Balazs Scheidler
-
Pennington, Philip
-
Sandor Geller