[syslog-ng] syslog-ng 2.0.x bug - facility(auth) fails to
match any messages
Balazs Scheidler
bazsi at balabit.hu
Sun Apr 15 13:06:41 CEST 2007
On Fri, 2007-04-13 at 22:11 -0700, Evan Rempel wrote:
> I posted the message below a couple of weeks ago and did not get a response
> from anyone.
>
> Can anyone else confirm that this configuration fails to match the facility(auth) fails
> to match messages with a facility of auth?
>
> Balazs - can you make a comment on why this happens?
You usually get better answers if you try to minimize the information
posted. You have a quite complicated configuration and this makes it
difficult to reproduce the problem (if there's one involved).
I have one tip though, do you recognize that multiple filter clauses in
a log statement are ANDed and not ORed?
This means that:
> filter f_auth { facility(auth); };
> filter f_local1 { facility(local1); };
> filter f_ldap { program(^slapd); };
>
> # ****** PROBLEM LOG LINE ****
> log { source(local); filter(f_local1); filter(f_ldap); destination(test.log); };
Test.log will only receive a message if the facility is local1 and the
program sending the message is slapd. I've googled for this and slapd uses
local4 by default:
-l syslog-local-user
Selects the local user of the syslog(8) facility.
Values can be LOCAL0, LOCAL1, and so on, up to
LOCAL7. The default is LOCAL4. However, this
option is only permitted on systems that support
local users with the syslog(8) facility.
--
Bazsi
More information about the syslog-ng
mailing list