syslog-ng ruleset confusion or bug?
Greetings, I am running syslog-ng-3.3.5-1 on CentOS release 6.3. It seems like there is a subtle bug in syslog-ng or more likely a bug in my syslog-ng configuration. I am unable to get log message to appear in the other destinations besides /var/log/messages... I've tried testing like this: logger info.local3 howdy logger info.local5 howdy logger info.local6 howdy logger emerg.local6 howdy However the log messages only show up in /var/log/messages. I wonder why! Any help, observations or suggestions would be much appreciated. Thanks! David PS Here is my simple config: @version: 3.3 options { create_dirs (yes); dir_perm(0755); keep_hostname (yes); perm(0644); flush_lines (0); time_reopen (10); use_dns (yes); use_fqdn (no); }; source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); unix-stream ("/var/named/chroot/dev/log" optional(yes)); }; destination d_mesg { file("/var/log/messages"); }; destination d_app { file("/var/log/philotic/$PROGRAM.log"); }; destination d_app_event { file("/var/log/philotic/$PROGRAM-event.log"); }; destination d_philotic { file("/var/log/philotic/$PROGRAM.log"); }; filter f_info { level(info..emerg) }; filter f_default { level(info..emerg) and not ( facility(mail) or facility(authpriv) or facility(cron) or facility(local6) or facility(local5) or facility(14) ); }; filter f_app_event { facility(local3); }; filter f_app { facility(local6); }; filter f_philotic { facility(local5); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_info); filter(f_app); destination(d_app); }; log { source(s_sys); filter(f_info); filter(f_app_event); destination(d_app_event); }; log { source(s_sys); filter(f_info); filter(f_philotic); destination(d_philotic); };
You are missing the -p in front of the "info.local3" AND it should be local3.info when you use the logger command. -- Evan Rempel Senior Systems Administrator, Data Centre Services University of Victoria 250.721.7691 David Stainton <dstainton415@gmail.com> wrote: Greetings, I am running syslog-ng-3.3.5-1 on CentOS release 6.3. It seems like there is a subtle bug in syslog-ng or more likely a bug in my syslog-ng configuration. I am unable to get log message to appear in the other destinations besides /var/log/messages... I've tried testing like this: logger info.local3 howdy logger info.local5 howdy logger info.local6 howdy logger emerg.local6 howdy However the log messages only show up in /var/log/messages. I wonder why! Any help, observations or suggestions would be much appreciated. Thanks! David PS Here is my simple config: @version: 3.3 options { create_dirs (yes); dir_perm(0755); keep_hostname (yes); perm(0644); flush_lines (0); time_reopen (10); use_dns (yes); use_fqdn (no); }; source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); unix-stream ("/var/named/chroot/dev/log" optional(yes)); }; destination d_mesg { file("/var/log/messages"); }; destination d_app { file("/var/log/philotic/$PROGRAM.log"); }; destination d_app_event { file("/var/log/philotic/$PROGRAM-event.log"); }; destination d_philotic { file("/var/log/philotic/$PROGRAM.log"); }; filter f_info { level(info..emerg) }; filter f_default { level(info..emerg) and not ( facility(mail) or facility(authpriv) or facility(cron) or facility(local6) or facility(local5) or facility(14) ); }; filter f_app_event { facility(local3); }; filter f_app { facility(local6); }; filter f_philotic { facility(local5); }; log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_info); filter(f_app); destination(d_app); }; log { source(s_sys); filter(f_info); filter(f_app_event); destination(d_app_event); }; log { source(s_sys); filter(f_info); filter(f_philotic); destination(d_philotic); };
ah yeah simple mistake ;-) thanks On Mon, Feb 25, 2013 at 8:28 PM, Evan Rempel <erempel@uvic.ca> wrote:
You are missing the -p in front of the "info.local3" AND it should be local3.info when you use the logger command.
-- Evan Rempel Senior Systems Administrator, Data Centre Services University of Victoria250.721.7691
David Stainton <dstainton415@gmail.com> wrote:
Greetings,
I am running syslog-ng-3.3.5-1 on CentOS release 6.3.
It seems like there is a subtle bug in syslog-ng or more likely a bug in my syslog-ng configuration. I am unable to get log message to appear in the other destinations besides /var/log/messages...
I've tried testing like this:
logger info.local3 howdy logger info.local5 howdy logger info.local6 howdy logger emerg.local6 howdy
However the log messages only show up in /var/log/messages. I wonder why! Any help, observations or suggestions would be much appreciated.
Thanks! David
PS Here is my simple config:
@version: 3.3
options { create_dirs (yes); dir_perm(0755); keep_hostname (yes); perm(0644); flush_lines (0); time_reopen (10); use_dns (yes); use_fqdn (no); };
source s_sys { file ("/proc/kmsg" program_override("kernel: ")); unix-stream ("/dev/log"); internal(); unix-stream ("/var/named/chroot/dev/log" optional(yes)); };
destination d_mesg { file("/var/log/messages"); }; destination d_app { file("/var/log/philotic/$PROGRAM.log"); }; destination d_app_event { file("/var/log/philotic/$PROGRAM-event.log"); }; destination d_philotic { file("/var/log/philotic/$PROGRAM.log"); };
filter f_info { level(info..emerg) };
filter f_default { level(info..emerg) and not ( facility(mail) or facility(authpriv) or facility(cron) or facility(local6) or facility(local5) or facility(14) ); };
filter f_app_event { facility(local3); }; filter f_app { facility(local6); }; filter f_philotic { facility(local5); };
log { source(s_sys); filter(f_default); destination(d_mesg); }; log { source(s_sys); filter(f_info); filter(f_app); destination(d_app); }; log { source(s_sys); filter(f_info); filter(f_app_event); destination(d_app_event); }; log { source(s_sys); filter(f_info); filter(f_philotic); destination(d_philotic); };
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
David Stainton
-
Evan Rempel