[syslog-ng] filters do not work from syslogd pipe as a source
Lumir Unzeitig (DHL CZ)
lumir.unzeitig at dhl.com
Fri Apr 7 16:44:11 CEST 2006
[root at czchovwint011 root]# cat /dev/log-syslog-ng &
[1] 12411
[root at czchovwint011 root]# logger -p mail.info "xxxxxxxxxxxxxxx"
Apr 7 16:29:24 czchovwint011 root: xxxxxxxxxxxxxxx
I tried the proposal action and it's partially clear. It is going out in
the same format as it is in the syslog file file - without facility and
priority.
So I have to create pipe for all the lines in syslog.conf and not to use
filters.
Thanks a lot Jochen.
Regards
Lumir Unzeitig
________________________________
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Jochen Kirn
Sent: Friday, April 07, 2006 3:09 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] filters do not work from syslogd pipe as a
source
2006/4/7, Lumir Unzeitig (DHL CZ) <lumir.unzeitig at dhl.com>:
..
It's looking like the facility, priority information has been lost after
syslogd evaluation or by going through the pipe. (All events go only to
/dev/null destination)
Have you tried to log the messages read from the pipe without the
filter to a file and post an example of the log entries to this mailling
list ?
I've a similar problem on AIX (5.3 ML3) where the system syslog daemon
writes its messages to a named pipe
and syslog ng should read from it. But for some odd reason AIX syslog
adds the FACILITY and LEVEL to the log message
which causes that the LEVEL field "shifts" to the right.
Therefore Syslog-NG isn't able to parse this correctly, because it
interpreted the FACILITY entry as program name ...
I don't know what causes this, because I can't reproduce this problem on
AIX 5.2 or below.
regards
Jochen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060407/4c9190b1/attachment-0001.html
More information about the syslog-ng
mailing list