[syslog-ng]bug? OR dont seem to work right.
Samuel Krempp
Samuel.Krempp@crans.org
Mon, 15 Jan 2001 21:13:53 +0100
Whenever I combine 2 filters with a 'OR', it matches just about anything.
(except if those 2 filters are of different kind, like program & facility,
etc.. )
For exemple :
destination trylog { file("/var/log/CransMisc/try.log" owner("root")
group("adm") perm(0640)); };
filter f_stunnel { program("stunnel"); };
filter f_squid { program("squid"); };
filter f_try { filter(f_stunnel) or filter (f_squid); }; #(bug1)
log { source(src); filter(f_try); destination(trylog); };
will put all kinds of stuff in try.log, with program names that contain
neither 'tunnel' nor 'squid'.
(eg: 'cucipop' lines end up in try.log... )
Same thing if I define f_try directly, without using f_stunnel and f_squid,
as :
filter f_try { program("stunnel") or program("squid"); }; #(bug2)
Also, the 'or' does strange thing with other filters than 'program', like :
filter f_try { program("local2") or facility("local3"); }; #(bug3)
On the other hand, Those work as intended:
filter f_try { program("(stunnel)|(squid)"); }; #(ok1)
filter f_try { program("stunnel") or facility(local3); }; #(ok2)
Isn't that a bug in syslog-ng ??
-- Sam
PS: this aside, syslog-ng is really great, so much better than the old
awkward syslogd..