strange problem when use "_" in the destination log file name
Hi, I'm running into a strange problem with syslog-ng 1.6.8 on RHEL 4. In my configuration file, I have the following local log file defined: destination d_file { file("/var/syslog- ng/HOSTS/$HOST/$YEAR/$MONTH/$HOST_$MONTH$DAY.log" owner(root) group (root) perm(0600) dir_perm(0700) create_dirs(yes)); }; However, the log file generated by the syslog-ng for today is named "0803.log", which is different than "hostname_0803.log" as I expected. I tried using escape "\" so it looks like "$HOST\_$MONTH$DAY.log" and it didn't help at all. This problem actually doesn't bother me that much. I changed "_" to "-" or ".", it worked. I'm just curious about this.
On Wed, 03 Aug 2005 16:01:05 PDT, Arnold Wang said:
ng/HOSTS/$HOST/$YEAR/$MONTH/$HOST_$MONTH$DAY.log" owner(root) group (root) perm(0600) dir_perm(0700) create_dirs(yes)); }; However, the log file generated by the syslog-ng for today is named "0803.log", which is different than "hostname_0803.log" as I expected.
I wonder if it's looking for a variable called HOST_ and not finding it, because the variable's name is HOST without the _ character....
I'm worrying about this as well. I noticed "_" is used a lot in macros and there is one called "$HOST_FROM". Maybe I found a bug? On Thu, 2005-08-04 at 02:40 -0400, Valdis.Kletnieks@vt.edu wrote:
On Wed, 03 Aug 2005 16:01:05 PDT, Arnold Wang said:
ng/HOSTS/$HOST/$YEAR/$MONTH/$HOST_$MONTH$DAY.log" owner(root) group (root) perm(0600) dir_perm(0700) create_dirs(yes)); }; However, the log file generated by the syslog-ng for today is named "0803.log", which is different than "hostname_0803.log" as I expected.
I wonder if it's looking for a variable called HOST_ and not finding it, because the variable's name is HOST without the _ character....
Balazs explained. I should read through all the responses first before open the mouth. BTW, I have a question related to different versions. Is 1.9 developing brunch the same as 2.0 mentioned in Balabit web site? There's one feature I'm particular interesting is time zone support, which seems is not available in 1.6.8 I'm running. If that's true, is there a way to handle different time zones? Maybe I should create a new subject to explain my problem. Thanks for all your helps. On Thu, 2005-08-04 at 09:20 -0700, Arnold Wang wrote:
I'm worrying about this as well. I noticed "_" is used a lot in macros and there is one called "$HOST_FROM". Maybe I found a bug?
On Thu, 2005-08-04 at 02:40 -0400, Valdis.Kletnieks@vt.edu wrote:
On Wed, 03 Aug 2005 16:01:05 PDT, Arnold Wang said:
ng/HOSTS/$HOST/$YEAR/$MONTH/$HOST_$MONTH$DAY.log" owner(root) group (root) perm(0600) dir_perm(0700) create_dirs(yes)); }; However, the log file generated by the syslog-ng for today is named "0803.log", which is different than "hostname_0803.log" as I expected.
I wonder if it's looking for a variable called HOST_ and not finding it, because the variable's name is HOST without the _ character....
On Thu, 2005-08-04 at 09:29 -0700, Arnold Wang wrote:
Balazs explained. I should read through all the responses first before open the mouth. BTW, I have a question related to different versions. Is 1.9 developing brunch the same as 2.0 mentioned in Balabit web site? There's one feature I'm particular interesting is time zone support, which seems is not available in 1.6.8 I'm running. If that's true, is there a way to handle different time zones? Maybe I should create a new subject to explain my problem.
1.9.x is the development branch for syslog-ng 2.0, and as timezone support is brand new in 1.9.x, you'll definitely need 1.9.x to use timezones. -- Bazsi
On Wed, 2005-08-03 at 16:01 -0700, Arnold Wang wrote:
Hi, I'm running into a strange problem with syslog-ng 1.6.8 on RHEL 4. In my configuration file, I have the following local log file defined: destination d_file { file("/var/syslog- ng/HOSTS/$HOST/$YEAR/$MONTH/$HOST_$MONTH$DAY.log" owner(root) group (root) perm(0600) dir_perm(0700) create_dirs(yes)); }; However, the log file generated by the syslog-ng for today is named "0803.log", which is different than "hostname_0803.log" as I expected. I tried using escape "\" so it looks like "$HOST\_$MONTH$DAY.log" and it didn't help at all. This problem actually doesn't bother me that much. I changed "_" to "-" or ".", it worked. I'm just curious about this.
The performance of macro expansion was improved sometime during the end of the 1.5.x series, which makes syslog-ng extract the macro name first, and then looking up the macro name using a gperf generated hash. The character set of words in syslog-ng is [A-Z0-9_], therefore it uses _ as part of a word. Syslog-ng 1.9.x improves on the situation by permitting the use of shell like ${macro} expansion, where you could write: ${macro}_${othermacro} and so on. -- Bazsi
Hi all, In 1.9.5 are there any options for date interpretation aside from use_time_recvd() ?? My logs are coming in with timestamps that are being written as: Aug 4 16:27:36 When the real time is Aug 4 08:38:26 EDT 2005 Both hosts (the syslog client and server) are running NTP and seem to be set correctly, but when the data makes it into a log file or database the time is skewed? Running on FedoraCore4 Any thoughts appreciated, Edward
On Thu, 2005-08-04 at 08:43 -0400, Edward Brookhouse wrote:
Hi all,
In 1.9.5 are there any options for date interpretation aside from use_time_recvd() ??
My logs are coming in with timestamps that are being written as:
Aug 4 16:27:36
When the real time is
Aug 4 08:38:26 EDT 2005
Both hosts (the syslog client and server) are running NTP and seem to be set correctly, but when the data makes it into a log file or database the time is skewed?
seems to be a timezone issue, assuming EDT is -08:00 from UTC. Are you using plain 1.9.5 or some snapshot? -- Bazsi
This is syslog-ng-1.9.5+20050803 -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Thursday, August 04, 2005 9:51 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Date probs On Thu, 2005-08-04 at 08:43 -0400, Edward Brookhouse wrote:
Hi all,
In 1.9.5 are there any options for date interpretation aside from use_time_recvd() ??
My logs are coming in with timestamps that are being written as:
Aug 4 16:27:36
When the real time is
Aug 4 08:38:26 EDT 2005
Both hosts (the syslog client and server) are running NTP and seem to be set correctly, but when the data makes it into a log file or database the time is skewed?
seems to be a timezone issue, assuming EDT is -08:00 from UTC. Are you using plain 1.9.5 or some snapshot? -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hey Bazsi Just for giggles, I fell back to the 1.6.8 snapshot from today - no tz issues - Is there any usage info on the new timezone stuff in the 1.9.x tree? Thanks! Edward -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Thursday, August 04, 2005 9:51 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Date probs On Thu, 2005-08-04 at 08:43 -0400, Edward Brookhouse wrote:
Hi all,
In 1.9.5 are there any options for date interpretation aside from use_time_recvd() ??
My logs are coming in with timestamps that are being written as:
Aug 4 16:27:36
When the real time is
Aug 4 08:38:26 EDT 2005
Both hosts (the syslog client and server) are running NTP and seem to be set correctly, but when the data makes it into a log file or database the time is skewed?
seems to be a timezone issue, assuming EDT is -08:00 from UTC. Are you using plain 1.9.5 or some snapshot? -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Arnold Wang
-
Balazs Scheidler
-
Edward Brookhouse
-
Valdis.Kletnieks@vt.edu