[syslog-ng]is flags(fallback) b0rken in 1.6.0rc3?

Asher Yanich syslog-ng@lists.balabit.hu
Fri, 18 Jul 2003 14:49:42 -0400 (EDT)


Hello, I have read all the archives, and all the docs and faq and can not
get flags(fallback) to do ANYTHING.  In fact, flags(final) does nothing
either!   If I understand it, the final flag should really only be used
once in the conf to signify the end of log rules.  I tried 1.5.26, and I
tried 1.6.0rc6+snapshot.

Attached is my syslog-ng.conf.  If I can not get an answer, I will have to
revert to 1.5.7 the last version that supported filter(DEFAULT)

Thanks,
-asher

options { long_hostnames(off); keep_hostname(yes); use_fqdn(yes); sync(0);
time_ reap(5); };

source src { udp(); sun-stream("/dev/log"); internal(); };

#
# filters based on Program name field of syslog line
#
filter f_cron { facility(cron); };
filter f_lpr { facility(lpr); };
filter f_news { facility(news); };
filter f_rshd { program(rshd); };
filter f_sshd { program(sshd); };
filter f_PAM { program(PAM_pwdb); };
filter f_amd { program(amd); };
filter f_ftpd { program(ftpd); };
filter f_nscd { match(nscd); };
filter f_statd { program(rpc.statd); };
filter f_rwalld { program(rpc.rwalld); };
filter f_rstatd { program(rpc.rstatd); };
filter f_pumpd { program(pumpd); };
filter f_named { program(named); };
filter f_sendmail { program(sendmail); };
filter f_popper { program(popper); };
filter f_imapd { program(imapd); };
filter f_telnetd { program(telnetd); };
filter f_tAsx { program(tAsx); };
filter f_annex { program(annex); };
#  filter f_ppp { program(ppp); };
#  filter f_cli { program(cli); };
filter f_slapd { program(slapd); };
filter f_dhcpd { program(dhcpd); };
filter f_amanda { program(amandad); };
filter f_login { program(login); };
filter f_yoyo { host(yoyo.cs.fiu.edu); };
filter f_fastgate { host(fastgate.cs.fiu.edu); };
filter f_ampath { host(gsr.ampath.net); };
filter f_widget { host(widget.cs.fiu.edu); };
filter f_hylafax { program(HylaFAX); };
filter f_fax { program(Fax); };
filter f_jserv { program(jserv); };
filter f_pagesend { program(PageSend); };
filter f_procmail { program(procmail); };
filter f_fingerd { program(fingerd); };
filter f_rusersd{ program(rpc.rusersd); };
filter f_rquotad{ program(rquotad); };
filter f_inetd{ program(inetd); };
filter f_flow-capture{ program(flow-capture); };
filter f_flow-fanout{ program(flow-fanout); };
filter f_mountd{ program(rpc.mountd); };
filter f_gated{ program(gated); };
filter f_rdist{ program(rdist); };
filter f_modprobe{ program(modprobe); };
filter f_sysmon{ program(sysmon); };
filter f_mon{ program(mon) and not match(sysmon); };
filter f_su{ program(su); };
filter f_sudo{ match(sudo); };
filter f_pam{ program(pam_); };
filter f_snmptrapd{ program(snmptrapd); };
filter f_ntpd{ program(ntpd); };
filter f_automount{ program(automount); };
filter f_zeppelin{ match(zeppelin); };
filter f_ilmid{ match(ilmid); };
filter f_tNetTask{ match(tNetTask); };
filter f_atmsigd{ match(atmsigd); };
filter f_fsr{ program(fsr); };
filter f_radiusd{ program(radiusd); };
filter f_emailscan{ program(emailscan); };
filter f_spamassassin{ program(spamassassin); };
filter f_kern{ facility(kern); };
filter f_CRON{ match(CROND); };
filter f_rdiscd{ match(rdiscd); };
filter f_hosts_cleanup{  not host(",") and not host("lpd") and not
host("last");
 };
filter f_not_last{ match(last); };

log { source(src); filter(f_cron); destination(d_cron); };

log { source(src); filter(f_rshd); destination(d_rsh); };
log { source(src); filter(f_sshd); destination(d_ssh); };
log { source(src); filter(f_PAM); destination(d_PAM); };
log { source(src); filter(f_pam); destination(d_pam); };
log { source(src); filter(f_amd); destination(d_amd); };
log { source(src); filter(f_ftpd); destination(d_ftpd); };
log { source(src); filter(f_nscd); destination(d_nscd); };
log { source(src); filter(f_statd); destination(d_statd); };
log { source(src); filter(f_rstatd); destination(d_rstatd); };
log { source(src); filter(f_pumpd); destination(d_pumpd); };
log { source(src); filter(f_named); destination(d_named); };
log { source(src); filter(f_sendmail); destination(d_sendmail); };
log { source(src); filter(f_popper); destination(d_popper); };
log { source(src); filter(f_imapd); destination(d_imapd); };
log { source(src); filter(f_telnetd); destination(d_telnetd); };
log { source(src); filter(f_tAsx); destination(d_tAsx); };
#  log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_slapd); destination(d_slapd); };
log { source(src); filter(f_dhcpd); destination(d_dhcpd); };
log { source(src); filter(f_annex); destination(d_annex); };
#  log { source(src); filter(f_cli); destination(d_cli); };
log { source(src); filter(f_amanda); destination(d_amanda); };
log { source(src); filter(f_yoyo); destination(d_yoyo); };
log { source(src); filter(f_fastgate); destination(d_fastgate); };
log { source(src); filter(f_ampath); destination(d_ampath); };
log { source(src); filter(f_widget); destination(d_widget); };
log { source(src); filter(f_login); destination(d_login); };
log { source(src); filter(f_hylafax); destination(d_hylafax); };
log { source(src); filter(f_fax); destination(d_fax); };
log { source(src); filter(f_pagesend); destination(d_pagesend); };
log { source(src); filter(f_rusersd); destination(d_rusersd); };
log { source(src); filter(f_rquotad); destination(d_rquotad); };
log { source(src); filter(f_rwalld); destination(d_rwalld);  };
log { source(src); filter(f_inetd); destination(d_inetd);  };
log { source(src); filter(f_flow-capture); filter(f_flow-fanout);
destination(d_
flow-capture); };
log { source(src); filter(f_mountd); destination(d_mountd); };
log { source(src); filter(f_gated); destination(d_gated); };
log { source(src); filter(f_rdist); destination(d_rdist); };
log { source(src); filter(f_modprobe); destination(d_modprobe); };
log { source(src); filter(f_sysmon); destination(d_sysmon); };
log { source(src); filter(f_mon); destination(d_mon); };
log { source(src); filter(f_su); destination(d_su); };
log { source(src); filter(f_sudo); destination(d_sudo); };
log { source(src); filter(f_PAM); destination(d_PAM); };
log { source(src); filter(f_procmail); destination(d_procmail); };
log { source(src); filter(f_kern); destination(d_kern); };
log { source(src); filter(f_fingerd); destination(d_fingerd); };
log { source(src); filter(f_snmptrapd); destination(d_snmptrapd); };
log { source(src); filter(f_ntpd); destination(d_ntpd); };
log { source(src); filter(f_automount); destination(d_automount); };
log { source(src); filter(f_zeppelin); destination(d_zeppelin); };
log { source(src); filter(f_ilmid); destination(d_ilmid); };
log { source(src); filter(f_atmsigd); destination(d_atmsigd); };
log { source(src); filter(f_tNetTask); destination(d_tNetTask); };
log { source(src); filter(f_fsr); destination(d_fsr); };
log { source(src); filter(f_radiusd); destination(d_radiusd); };
log { source(src); filter(f_emailscan); destination(d_emailscan); };
log { source(src); filter(f_spamassassin); destination(d_spamassassin); };
log { source(src); filter(f_CRON); destination(d_CRON); };
log { source(src); filter(f_rdiscd); destination(d_rdiscd); };
log { source(src); filter(f_not_last); destination(d_last); };
log { source(src); destination(d_syslog); };
log { source(src);  destination(d_default); flags(fallback); };
#log { source(src); filter(DEFAULT); destination(d_default);  };
log { source(src); filter(f_hosts_cleanup); destination(d_hosts);
flags(final);
};



Asher Yanich
Systems & Network Support Group
Florida International University
School of Computer Science

"I've never had problems with 'extra time'. As far as I know, 'extra time' as
a concept is right up there with Santa Claus and the Tooth Fairy."
	-Linus Torvalds

On Thu, 10 Jul 2003, Asher Yanich wrote:

>
> Hi,
>
> I finally went ahead and upgraded my syslog-ng from 1.5.7 to 1.6.0r3.
>
> Previously, I used filter(DEFAULT) to catch all logs that had not matched
> anything else.  I updated my config, to
> log { source(src);  destination(d_default); flags(fallback); };
>
> I however do not recieve anything to this destination, so it seems that
> fallback is broken?
>
>
> Can someone verify that this is the current state of syslog-ng?
>
> Thanks,
> -asher
>
>
> Asher Yanich
> Systems & Network Support Group
> Florida International University
> School of Computer Science
>
> "I've never had problems with 'extra time'. As far as I know, 'extra time' as
> a concept is right up there with Santa Claus and the Tooth Fairy."
> 	-Linus Torvalds
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>