[syslog-ng] bugreport for 1.9.5 on solaris

Roberto Nibali ratz at drugphish.ch
Sat Oct 8 00:18:55 CEST 2005


> Yeah, but then you wouldn't even think of this option in that case.

True.

> At least one of the sample configurations on my site has one:
> 
>  bad_hostname("^(ctld.|cmd|tmd|last)$");
> 
>>> Make sense?
>> Thanks, Nate. Yes it does, but does it handle all possible cases? Maybe 
>> the Pareto principle applies ...
> 
> If you're saying that this is not important, maybe it's not to you, but
> people using the really common destination like this:

I don't mean to imply that this is not important, I just like to discuss 
the correctness of the implementation at this point. Your explanation 
before rendered the necessity for such a feature perfectly clear.

> destination hosts { 
>    file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"
>    owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); 
> };
> 
> ...will see all kinds of crazy hostname directories that don't match any
> host. Perhaps they should not use keep_hostname and only use IPs - which
> sounds great. 

We also use such destination, it's a typical "config" for central 
loghost servers. I normally don't configure our projects so I'm not too 
fluent with the options. I'm certain we use this option as well in our 
configs.

> BUT WAIT - that means "ctld" will be tossed and you'll permanently only
> have "8.9" as the program name for all your "ctld 8.9" processes. Same
> goes for other "bad hostnames". 

I need to think a bit about this, maybe we find an alternative solution.

> If I remember correctly this is the reason Bazsi was convinced to create
> the bad_hostname option, he saw that information was actually lost when
> you tried to "do the right thing."

The fruits of this labour can be found in src/log.c:parse_log_msg().

Thanks for your patience and yes, it's definitely missing in 1.9.x.

Regards,
Roberto Nibali, ratz
-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc


More information about the syslog-ng mailing list