question on logging templates: strange log lines
Dear list users In the near future I would like to migrate from syslog-ng 2 to 3.x. For this reason I've set up a linux testbox. Now, I have a problem I lack to see a solution for. The syslog-ng testing config: @version:3.0 ## GLOBAL options { chain_hostnames(no); keep_hostname(yes); flush_lines(0); stats_freq(3600); use_dns(persist_only); dns_cache_hosts(/etc/hosts); }; ## SOURCES source src { unix-stream("/dev/log"); }; source src-kernel { file("/proc/kmsg" program_override("kernel: ")); }; source src-syslog-ng { internal(); }; ## LOGGING TEMPLATES template t_filetmpl { template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n"); template_escape(no); }; ## DESTINATIONS destination local4 { file("/var/log/local4.log" template(t_filetmpl)); }; ## FILTERS filter f_local4 { facility(local4); }; ## LOGS log { source(src); filter(f_local4); destination(local4); }; For testing I use the logger command: ` logger -p local4.info -t test testnachricht2`. This configuration causes, and I do not see why, lines like these in the /var/log/local4.log file. [empty line] testnachricht2 test: donald.info local4Feb 11 14:26:01Feb 11 14:26:01 local4.info donald test: testnachricht2 However, if I replace the line below "## DESTINATIONS" with destination local4 { file("/var/log/local4.log" template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n")); }; all is perfect. The logged line looks like this: Feb 11 14:30:22 local4.info donald test: testnachricht2 Please could you tell me what I've missed? Thanks in advance, Philipp
Hi, is it possible that there's something wrong with eiter 3.0 version of syslog-ng? I tried them both, this one http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.1/s... and this one http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/source/syslog... By now I also have tried the 2.1.3 version. There, I do not have any of the below described issues. Another thing that popped up in v.3.0 is it seems to ignore the time zone. According to `date +%:z` my test box is configured to +01:00. However, syslog-ng 3.0 insists on logging tz -00:00. I tried to work around this by defining the time_zone in a source definition. Did not help. As I most appreciate the built-in sql logging I think v. 2.1.3 will do perfectly fine. So I'll stick with it. Best, Philipp
Dear list users
In the near future I would like to migrate from syslog-ng 2 to 3.x. For this reason I've set up a linux testbox.
Now, I have a problem I lack to see a solution for.
The syslog-ng testing config:
@version:3.0
## GLOBAL options { chain_hostnames(no); keep_hostname(yes); flush_lines(0); stats_freq(3600); use_dns(persist_only); dns_cache_hosts(/etc/hosts); };
## SOURCES source src { unix-stream("/dev/log"); }; source src-kernel { file("/proc/kmsg" program_override("kernel: ")); }; source src-syslog-ng { internal(); };
## LOGGING TEMPLATES template t_filetmpl { template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n"); template_escape(no); };
## DESTINATIONS destination local4 { file("/var/log/local4.log" template(t_filetmpl)); };
## FILTERS filter f_local4 { facility(local4); };
## LOGS log { source(src); filter(f_local4); destination(local4); };
For testing I use the logger command: ` logger -p local4.info -t test testnachricht2`. This configuration causes, and I do not see why, lines like these in the /var/log/local4.log file. [empty line] testnachricht2 test: donald.info local4Feb 11 14:26:01Feb 11 14:26:01 local4.info donald test: testnachricht2
However, if I replace the line below "## DESTINATIONS" with destination local4 { file("/var/log/local4.log" template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n")); };
all is perfect. The logged line looks like this: Feb 11 14:30:22 local4.info donald test: testnachricht2
Please could you tell me what I've missed?
Thanks in advance, Philipp
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
On Wed, 2009-02-11 at 17:52 +0100, Philipp wrote:
Hi,
is it possible that there's something wrong with eiter 3.0 version of syslog-ng? I tried them both, this one http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.1/s... and this one http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/source/syslog...
By now I also have tried the 2.1.3 version. There, I do not have any of the below described issues.
Another thing that popped up in v.3.0 is it seems to ignore the time zone. According to `date +%:z` my test box is configured to +01:00. However, syslog-ng 3.0 insists on logging tz -00:00. I tried to work around this by defining the time_zone in a source definition. Did not help.
As I most appreciate the built-in sql logging I think v. 2.1.3 will do perfectly fine. So I'll stick with it.
As it seems you seem to have ran into another 3.0 bug that was already fixed in the git tree. Here's the fix for this one: http://git.balabit.hu/?p=bazsi/syslog-ng-3.0.git;a=commit;h=f94fe1c758d7ad31... -- Bazsi
On Wed, 2009-02-11 at 14:53 +0100, Philipp wrote:
Dear list users
In the near future I would like to migrate from syslog-ng 2 to 3.x. For this reason I've set up a linux testbox.
Now, I have a problem I lack to see a solution for.
The syslog-ng testing config:
@version:3.0
## GLOBAL options { chain_hostnames(no); keep_hostname(yes); flush_lines(0); stats_freq(3600); use_dns(persist_only); dns_cache_hosts(/etc/hosts); };
## SOURCES source src { unix-stream("/dev/log"); }; source src-kernel { file("/proc/kmsg" program_override("kernel: ")); }; source src-syslog-ng { internal(); };
## LOGGING TEMPLATES template t_filetmpl { template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n"); template_escape(no); };
## DESTINATIONS destination local4 { file("/var/log/local4.log" template(t_filetmpl)); };
## FILTERS filter f_local4 { facility(local4); };
## LOGS log { source(src); filter(f_local4); destination(local4); };
For testing I use the logger command: ` logger -p local4.info -t test testnachricht2`. This configuration causes, and I do not see why, lines like these in the /var/log/local4.log file. [empty line] testnachricht2 test: donald.info local4Feb 11 14:26:01Feb 11 14:26:01 local4.info donald test: testnachricht2
However, if I replace the line below "## DESTINATIONS" with destination local4 { file("/var/log/local4.log" template("$DATE $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n")); };
all is perfect. The logged line looks like this: Feb 11 14:30:22 local4.info donald test: testnachricht2
Please could you tell me what I've missed?
This was a bug in 3.0.1. It is fixed in the git repository, but I haven't made a 3.0.2 release so far. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Philipp