[syslog-ng] Ver 1.9.5 problems with facility/level filtering

Marvin.Nipper at Stream.com Marvin.Nipper at Stream.com
Mon Sep 26 20:30:23 CEST 2005


Sorry (in advance) if this is a dimwitted question..

I've slurped down and compiled these components on my Solaris 8 system:
pkg-config-0.19; glib-2.8.1; eventlog-0.2.3+20050116+1856; and finally the
non-snapshot flavor of syslog-ng 1.9.5.

Everything appears to have compiled OK, and I am able to load and execute
syslog-ng, and it actually operates, albeit not exactly right (which is
the driver for this email).

I have a 1.6.8 version of syslog-ng that "eats" my (fairly simple) config
file, and sorts thru the incoming syslog traffic, filtering it to one of
three primary target files, based upon facility/level combinations.  These
log statements all use a flags-final setting.  There is one final (fourth)
log statement that feeds a catch-all file, with anything not distributed
to the first three files.  When using the 1.6.8 executable, these four
files accumulate data, as anticipated (i.e. everything works just fine).

However, when I attempt to utilize the new 1.9.5 executable (on the same
system), nothing is fed to the first three files.  The only file getting
any input is the final, catch-all file.  Essentially, the only difference
between the catch-all statement, and the filtered statements, is the
existence of the filters on those statements, which reference filters
similar to this:
filter f_1 { facility(local5) and level(debug..emerg); };

It's not clear to me why the filtering activity is failing.  Again, those
filters are fine in a 1.6.8 setting.

So. I'm looking for any input as to what might be a potential root
problem.  Obviously, there are a whole set of different pre-req components
for the 1.9.5 world.  I'm not sure if I'm dealing with some compatibility
problem amongst the component versions that I've selected(?), or if the
problem lies elsewhere.

Thanks for any and all input and suggestions.

> Marvin Nipper
Director of Security
Stream
> mailto:marvin.nipper at stream.com
> PGP Key ID: 0xD3EB5CE5 (RSA); 0x8EE28551 (DSS/DH)
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20050926/c0816433/attachment.htm


More information about the syslog-ng mailing list