[syslog-ng] filters do not work from syslogd pipe as a source
Lumir Unzeitig (DHL CZ)
lumir.unzeitig at dhl.com
Fri Apr 7 14:46:11 CEST 2006
Hi all,
I installed syslog-ng for central logging in a company. The remote
logging works perfectly.
The syslog-ng machine should log its own logs to central repository and
to typical /var/log by syslogd as well.
I changed the original syslogd port to different one (510/udp) and
created a pipe device which will be used for transport between syslogd
and syslog-ng.
/etc/syslog.conf
-----------------------
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
*.*
|/dev/log-syslog-ng
-----------------------
Generally the pipe is working the events are logged in by syslogd and
syslog-ng as well.
BUT if I apply any standard filter for the pipe source the statement is
false in spite of should being true.
Part of /etc/syslog-ng/syslog-ng.conf
-----------------------------------------------------
options {
.......
}source s_local {
pipe("/dev/log-syslog-ng");
file("/proc/kmsg");
};
destination d_mesg_XXXX { file("/local/messages"); };
destination d_null { file("/dev/null"); };
filter f_mail_XXXX { level(debug); };
log { source(s_local); filter(f_mail_XXXX); destination(d_mesg_XXXX); };
log { source(s_local); destination(d_null); flags(final); };
----------------------------------------------------
It's looking like the facility, priority information has been lost after
syslogd evaluation or by going through the pipe. (All events go only to
/dev/null destination)
Any help is appreciated.
Thanks
Lumir Unzeitig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060407/15c9c610/attachment.html
More information about the syslog-ng
mailing list