[syslog-ng] facilities problem
Mathieu Cron
mathieu.cron at univ-rennes1.fr
Fri Oct 12 15:32:24 CEST 2007
Hi,
I have a problem with syslog-ng facilities.
I use a program called SEC to customize logs.
so my logs come to my syslog-ng server, which send them to SEC by
running it, and then, SEC gives them back to syslog-ng throught a pipe,
and then, syslog-ng send them into a mysql database.
in the config file, I have :
source src_reseau { udp(ip(0.0.0.0) port(513)); };
source src_solaris { sun-streams("/dev/log" door("/etc/.syslog_door")); };
destination d_sec { program("/var/hote/sec-2.4.1/sec.pl -input=-
-conf=/etc/syslog-ng/sec.conf -log=/var/adm/sec.log"); };
log { source(src_reseau); source(src_solaris); destination(d_sec); };
and after SEC, it returns to syslog-ng
source src_sec { pipe("/tmp/src_sec.pipe"); };
destination d_mysql { program("mysql -h xxx -u xxx --password=xxx syslog
>/dev/null" template ("INSERT INTO logs (host, facility, priority,
level, tag, datetime, program, msg) VALUES ('$HOST' , 'auth' ,
'$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
'$PROGRAM', '$MSG' );\n") template-escape(yes)); };
log { source(src_sec); destination(da_mysql); };
The problem is : Before comming back throught the pipe, facilities and
levels are corrects, but after a pipe (or a file, because I experienced
the same problem with a file input), facilities and levels are
user.notice in all cases...
Does syslog-ng incapable of reading facilities throught files and pipes,
or did I missed something?
Thanks in advance
--
Mathieu Cron
Mathieu.Cron at univ-rennes1.fr Centre de Ressources Informatiques
http://www.univ-rennes1.fr/ Universite de Rennes 1
Tel : (33) 02.23.23.68.15 263 Av du General Leclerc CS 74205
Fax : (33) 02.23.23.71.11 35042 RENNES Cedex
More information about the syslog-ng
mailing list