[syslog-ng]Urgent: Mangled messages in pipe() destinations in versions >1.5.8

Balazs Scheidler bazsi@balabit.hu
Fri, 3 Jan 2003 18:08:10 +0100 

On Fri, Jan 03, 2003 at 03:29:38PM +0100, Andreas Schulze wrote:
> >>>>Balazs Scheidler wrote:

> >Hmm... I see.. You should not point multiple destinations to the same pipe.
> >As each destination has its own buffer.
> >Is it not possible to separate the pipe to a single destination?
> 
> Unfortunately no.
> One of the great features of syslog-ng we need, are the mighty
> filter capabilities.
> We use filters, to let syslog-ng classify some types of messages,
> add a 'class' tag (based on a special filter) to the message and
> send it to a pipe.
> Imagine the following example config.
> I hope it illustrates, what we are doing.
> 
> destination d_a { pipe("/tmp/pipe" template("@TAG_A: | $MSG\n")); };
> destination d_b { pipe("/tmp/pipe" template("@TAG_B: | $MSG\n")); };
> destination d_c { pipe("/tmp/pipe" template("@TAG_C: | $MSG\n")); };
> destination d_d { pipe("/tmp/pipe" template("@TAG_D: | $MSG\n")); };
> log { source(..); filter(fa); destination(d_a); };
> log { source(..); filter(fb); destination(d_b); };
> log { source(..); filter(fc); destination(d_c); };
> log { source(..); filter(fd); destination(d_d); };
> ...
> >I'm thinking about the possibility of destination references, would that
> >solve your problem?
> 
> Sorry. I don't understand. I'm not sure, that this solves our problem.
> Can you explain 'destination references' a little bit, please.

looking at your above example, destination references will not be a
solution. I meant something like this:

destination d_pipe { pipe("/tmp/pipe" template("xxx")); };

destination d_another { destination("d_pipe"); };

so the messages sent to d_another would also go to d_pipe.

I will try to think about your problem a bit. ...

It is not easy to implement, I'd need to share the destination fd & write
buffers between multiple, independent destination drivers...

It was not meant to be working the way you used in earlier versions either,
the fact it worked was only a coincidence.

I would do something with macro expansion instead, it would only need a
couple of user changeable variables, like:

destination d_pipe { pipe("/tmp/pipe template("$IDSTAG $MSG")); };

log { source(...); filter(...); variable("IDSTAG", "CAT_A"); destination(d_pipe); };

But what happens when multiple destinations match? Are those variables
combined, or they are cleared for each log rule, or?

my syslog-ng tree makes it possible to match parts of messages and reference
those as $1 .. $9 in template expansions. But those variables are cleared
after every match().

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1