[syslog-ng][PATCH] syslog-ng-1.6.5+20041206 fixes missing facility/priority
in afinet.c
Roberto Nibali
syslog-ng@lists.balabit.hu
Mon, 13 Dec 2004 14:51:17 +0100
Hello,
Thanks for the prompt reply. Unfortunately it does not solve the problem.
> sorry, it is not the TAG macro, but the PRI macro, so it should read:
> template("<$PRI>$DATE $HOST $MSG\n");
Sorry I don't want to be a pest and I only did short debugging since I have no
time to look through the code. Even with $PRI expansion it does not work. In
fact contrary to $TAG it is not even submitted through macros.c. I've sprinkled
a few printf()'s into the macros.c to see if we hit the relevant code but we don't:
static void
expand_macro(struct syslog_config *cfg, int id, int escape, char **dest,
unsigned int *left, struct log_info *msg)
{
int length = 0;
printf("DEBUG: this is the id '%d'\n",id);
switch (id) {
case M_FACILITY: {
/* facility */
char *n = syslog_lookup_value(msg->pri & LOG_FACMASK, sl_facilities);
if (n) {
length = append_string(dest, left, n, strlen(n), 0);
}
else {
length = snprintf(*dest, *left, "%x", (msg->pri & LOG_FACMASK) >> 3);
}
break;
}
case M_LEVEL: {
/* level */
char *n = syslog_lookup_value(msg->pri & LOG_PRIMASK, sl_levels);
if (n) {
length = append_string(dest, left, n, strlen(n), 0);
}
else {
/* should never happen */
length = snprintf(*dest, *left, "%d", msg->pri & LOG_PRIMASK);
}
break;
}
case M_TAG: {
printf("DEBUG: I'm in M_TAG in macros.c\n");
length = snprintf(*dest, *left, "%02x", msg->pri);
break;
}
case M_PRI: {
printf("DEBUG: I'm in M_PRI in macros.c\n");
length = snprintf(*dest, *left, "%d", msg->pri);
break;
}
When I start syslog-ng like follows:
# /sbin/syslog-ng -F -f /etc/syslog-ng.conf
I get the output (regarding the line: tcp("X.Y.W.Z" port(1514)
template("<$PRI>$DATE $HOST $TAG $MSG\n"));
DEBUG: this is the id '30'
DEBUG: this is the id '20'
DEBUG: I'm in M_TAG in macros.c
DEBUG: this is the id '440'
DEBUG: this is the id '480'
The real syslog-ng.conf is huge but the line above is the only part where I have
macro expansion, so I know that I fall through that destination. As you can see
I do not get the id '21' which would be M_PRI. It seems to be lost. If I check with
tcpdump -X -s 1500 -n -i eth0 tcp and port 1514
I get something like following line:
<>Dec 13 12:57:01 hostname app[1213]:
Look, to me it looks like maybe msg-pri is not available at the expansion time.
Maybe I also did something extremely stupid but I honestly have no time to debug
it any further right now and the patch I've sent earlier solves my problem.
I'll check once again though to see if I really missed something obvious :).
Best regards,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Rathausgasse 31, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG Wir sichern Ihren Erfolg
-------------------------------------------------------------