[syslog-ng]filter problem: level()

Michael D. (Mick) Bauer mick@visi.com
Thu, 11 Oct 2001 14:07:33 -0500 (CDT) 

Hi, Bazsi. Better late than never. :-) 

The problem went away when I upgraded from 1.4.12 to 1.4.13.

Regards,
Mick

/=============================\
|   Michael D.(Mick) Bauer    |
| Network Security Consultant |
|  St. Paul, Minnesota (USA)  |
|      mick<at>visi.com       |
\=============================/

On Thu, 11 Oct 2001, Balazs Scheidler wrote:

> On Wed, Sep 05, 2001 at 12:51:03AM -0500, Michael D. (Mick) Bauer wrote:
> > Hi, all.
> > 
> > I've got a puzzling problem (to me ;-) with the level() function in my
> > syslog-ng.conf file. I'm using a filter  whose sole criterion is
> > level(debug .. alert); as a sort of "catch-all" filter. But if I send
> > syslog-ng eight messages, each with a different priority (i.e., one of
> > each level), only the ones with levels "crit," "alert," and "emerg" get
> > logged. But wait! Those "emerg" messages shouldn't be making it past the
> > filter! What *on earth* is going on here?
> 
> Sorry that I react on this message so late, I just discovered that I did not
> read your message until now.
> 
> I was trying to reproduce the problem you mentioned, without success. What
> platform are you trying to run syslog-ng on?
> 
> My tests:
> 
> for i in debug info notice warning err crit alert emerg; do logger -u log -p auth.$i "prio: $i"; done
> 
> syslog-ng.conf:
> 
> balabit:~/src/syslog-ng-1.5/src$ cat syslog-ng.conf
> 
> options { sync(0); time_reap(1); stats(10); log_fifo_size(10000); };
> source src { unix-stream("log"); tcp(port(1999)); internal(); };
> destination d_file { file("logfile"); };
> filter f_lev { level(info .. alert); };
> log { source(src); filter(f_lev); destination(d_file); };
> 
> result logfile:
> 
> Oct 11 20:11:01 src@balabit <someone>: prio: info
> Oct 11 20:11:01 src@balabit <someone>: prio: notice
> Oct 11 20:11:01 src@balabit <someone>: prio: warning
> Oct 11 20:11:01 src@balabit <someone>: prio: err
> Oct 11 20:11:01 src@balabit <someone>: prio: crit
> Oct 11 20:11:01 src@balabit <someone>: prio: alert
> 
> so debug and emerg were correctly filtered out, while everything else is
> added as it should.
> 
> -- 
> Bazsi
> PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
>