intentionally dropping messages
Hello, I'm trying to drop a certain set of messages. Following http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch07s08.html I notice that if I do *not* include a 'destination' in the 'log' statement, then a very large number of messages that should *not* be dropped are in fact dropped. As soon as I add a 'destination' to the log statement, it filters the correct messages. That is: destination d_dev_null { file("/dev/null" perm(0666) ); }; filter demo_debugfilter { (level(debug..notice) and facility(local0); }; log { source(s_udp); filter(demo_debugfilter); flags(final); }; Appears to falsely drop a number of messages that were of local1.info. As soon as I change the 'log' directive to be: log { source(s_udp); filter(demo_debugfilter); destination(d_dev_null); flags(final); }; it correctly filters only level0.{debug,info,notice}. This happens on a host with a large number of messages per second, but not on a host that receives very little traffic. I can't make much sense of this and was hoping somebody on this list could... -Jan
Jan Schaumann <jschauma@netmeister.org> wrote:
I'm trying to drop a certain set of messages. Following http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch07s08.html I notice that if I do *not* include a 'destination' in the 'log' statement, then a very large number of messages that should *not* be dropped are in fact dropped. As soon as I add a 'destination' to the log statement, it filters the correct messages.
I opened a bug for this: https://bugzilla.balabit.com/show_bug.cgi?id=49 -Jan
On Sun, 2009-05-31 at 22:20 -0400, Jan Schaumann wrote:
Hello,
I'm trying to drop a certain set of messages. Following http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch07s08.html I notice that if I do *not* include a 'destination' in the 'log' statement, then a very large number of messages that should *not* be dropped are in fact dropped. As soon as I add a 'destination' to the log statement, it filters the correct messages.
That is:
destination d_dev_null { file("/dev/null" perm(0666) ); };
filter demo_debugfilter { (level(debug..notice) and facility(local0); }; log { source(s_udp); filter(demo_debugfilter); flags(final); };
Appears to falsely drop a number of messages that were of local1.info. As soon as I change the 'log' directive to be:
log { source(s_udp); filter(demo_debugfilter); destination(d_dev_null); flags(final); };
it correctly filters only level0.{debug,info,notice}.
This happens on a host with a large number of messages per second, but not on a host that receives very little traffic.
I can't make much sense of this and was hoping somebody on this list could...
Hmm... I don't see how this is possible, but I'll look into it right away. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Jan Schaumann