Strange behaviour of syslog-ng. Date macros not working and missing character in file name.
Hello, I got a strange problem with syslog-ng (Debian Lenny version (2.0.9)). I got the following configuration : destination df_va_access { file("/var/log/apache/${PROGRAM}-access-${YEAR}${MONTH}${WEEK}${DAY}00.log" perm(0660) dir_perm(0775) template("${MSGONLY}\n") template_escape(off)) ; }; filter f_va_access { facility(local1) and level(info); }; log { source(s_all); filter(f_va_access); destination(df_va_access); flags(final); }; My apache is sending logs to logger with these parameters : /usr/bin/logger -p local1.info -t 180630f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c But I end up with this file : /var/log/apache/30f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c-access-197001000100.log This file has 2 problems : 1) the first directory is missing 3 char : 30f354399af972469030e7583848 should be 180630f354399af972469030e7583848 2) the date is wrong : 197001000100. should be the current date (system date is good). This looks like an overflow or something... I tried setting up another conf with simplier file, the date is working fine. The *very* strange thing, is that I got the same setup (with différents UID) on many differents box, and it's working just fine. So I guess there is something wrong with these particulier UID Is this a known issue ? maybe already fixed in recent version ? Why it is working on most of my box but not this one ? Thanks for your help.
Any idea ? :/ 2009/9/28 Nilshar <nilshar@gmail.com>:
Hello,
I got a strange problem with syslog-ng (Debian Lenny version (2.0.9)).
I got the following configuration :
destination df_va_access { file("/var/log/apache/${PROGRAM}-access-${YEAR}${MONTH}${WEEK}${DAY}00.log" perm(0660) dir_perm(0775) template("${MSGONLY}\n") template_escape(off)) ; };
filter f_va_access { facility(local1) and level(info); };
log { source(s_all); filter(f_va_access); destination(df_va_access); flags(final); };
My apache is sending logs to logger with these parameters :
/usr/bin/logger -p local1.info -t 180630f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c
But I end up with this file :
/var/log/apache/30f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c-access-197001000100.log
This file has 2 problems : 1) the first directory is missing 3 char : 30f354399af972469030e7583848 should be 180630f354399af972469030e7583848 2) the date is wrong : 197001000100. should be the current date (system date is good).
This looks like an overflow or something... I tried setting up another conf with simplier file, the date is working fine.
The *very* strange thing, is that I got the same setup (with différents UID) on many differents box, and it's working just fine. So I guess there is something wrong with these particulier UID
Is this a known issue ? maybe already fixed in recent version ? Why it is working on most of my box but not this one ?
Thanks for your help.
Hi, The problem is that syslog-ng thinks that the first four digits of the program name is "year" information, as some devices include that in their timestamp. This is fixed in syslog-ng OSE 3.0, I haven't checked 2.1. I'd recommend to upgrade to 3.0, we do have Debian packages available. On Wed, 2009-09-30 at 14:16 +0200, Nilshar wrote:
Any idea ? :/
2009/9/28 Nilshar <nilshar@gmail.com>:
Hello,
I got a strange problem with syslog-ng (Debian Lenny version (2.0.9)).
I got the following configuration :
destination df_va_access { file("/var/log/apache/${PROGRAM}-access-${YEAR}${MONTH}${WEEK}${DAY}00.log" perm(0660) dir_perm(0775) template("${MSGONLY}\n") template_escape(off)) ; };
filter f_va_access { facility(local1) and level(info); };
log { source(s_all); filter(f_va_access); destination(df_va_access); flags(final); };
My apache is sending logs to logger with these parameters :
/usr/bin/logger -p local1.info -t 180630f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c
But I end up with this file :
/var/log/apache/30f354399af972469030e7583848/4f88a0b758d5c5dc46e7f15b4bac1f5c/www.example.com-80-180630f354399af972469030e7583848-4f88a0b758d5c5dc46e7f15b4bac1f5c-access-197001000100.log
This file has 2 problems : 1) the first directory is missing 3 char : 30f354399af972469030e7583848 should be 180630f354399af972469030e7583848 2) the date is wrong : 197001000100. should be the current date (system date is good).
This looks like an overflow or something... I tried setting up another conf with simplier file, the date is working fine.
The *very* strange thing, is that I got the same setup (with différents UID) on many differents box, and it's working just fine. So I guess there is something wrong with these particulier UID
Is this a known issue ? maybe already fixed in recent version ? Why it is working on most of my box but not this one ?
Thanks for your help.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi
participants (2)
-
Balazs Scheidler
-
Nilshar