Impossibility to use multiple occurences of the same parser
Hello list. My syslog-ng configuration is modular, so as to be easily deployed on all our hosts. There is a main configuration files, and one additional included file by service. Our LDAP and Kerberos servers are hosted on the same host (LDAP is our Kerberos backend). Main file has: parser p_db { db-parser(); }; filter f_drop { tags("dropthis"); }; destination d_drop { }; LDAP file has: log { source(s_sys); filter(f_ldap); parser(p_db); log { filter(f_drop); destination(d_drop); flags(final); }; log { destination(d_ldap); flags(final); }; }; Kerberos file has: log { source(s_sys); filter(f_kerberos); parser(p_db); log { filter(f_drop); destination(d_drop); flags(final); }; log { destination(d_kerberos); flags(final); }; }; This is incorrect, because parser(p_db) is used in two different log statements, and syslog-ng doesn't start with a cryptic message: Error initializing message pipeline; If I try to use the parser only once, in the main file, tagging doesn't occur. The only solution I found was to declare two different parsers, for each of the two files. As they both use a different pattern db fragment, it reduce the interest of merging them into a single pattern db file with update-patterndb. -- BOFH excuse #179: multicasts on broken packets
On Tue, Feb 01, 2011 at 03:46:02PM +0100, Guillaume Rousse wrote:
This is incorrect, because parser(p_db) is used in two different log statements, and syslog-ng doesn't start with a cryptic message: Error initializing message pipeline;
If I try to use the parser only once, in the main file, tagging doesn't occur.
The only solution I found was to declare two different parsers, for each of the two files. As they both use a different pattern db fragment, it reduce the interest of merging them into a single pattern db file with update-patterndb.
I already reported this one a while ago. You can take the same merged patterndb file and make different two differnet parser definitions to work around it. Alternatively, a bug fix was introduced into later versions, you could try building from here and see if it's fixed: git://git.balabit.hu/bazsi/syslog-ng-3.2.git Matthew.
On Tue, 2011-02-01 at 11:04 -0800, Matthew Hall wrote:
On Tue, Feb 01, 2011 at 03:46:02PM +0100, Guillaume Rousse wrote:
This is incorrect, because parser(p_db) is used in two different log statements, and syslog-ng doesn't start with a cryptic message: Error initializing message pipeline;
If I try to use the parser only once, in the main file, tagging doesn't occur.
The only solution I found was to declare two different parsers, for each of the two files. As they both use a different pattern db fragment, it reduce the interest of merging them into a single pattern db file with update-patterndb.
I already reported this one a while ago.
You can take the same merged patterndb file and make different two differnet parser definitions to work around it.
Alternatively, a bug fix was introduced into later versions, you could try building from here and see if it's fixed:
git://git.balabit.hu/bazsi/syslog-ng-3.2.git
Yup, this is the patch: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=5f25ce47ab57774f... -- Bazsi
participants (3)
-
Balazs Scheidler
-
Guillaume Rousse
-
Matthew Hall