[syslog-ng] 2 Issues - Resolving User and corrupt forwarding

[Robert Kong]

Syslog-ng Version 3.0+20081121 is not resolving the user when using  
the option "owner(0)" or "owner(root)". The following error message is  
displayed:

	Error resolving user; user='root'
	or
	Error resolving user; user='0'

Going through the archives I found a posting stating a similar  
problem. I am wondering if the incorrect patch was also applied to  
version 3.0?

After a little debugging I noticed that in resolve_user the  
conditional check "if (*user) return FALSE" looks to be the culprit.  
When comparing resolve_user to resolve_group I notice that under  
resolve_group the conditional is "if (!*group) return FALSE". Negating  
the conditional in resolve_user seems to correct the problem. Though I  
am not sure if would be the correct thing to do.

The second issue that I am having is with forwarding of incoming  
syslog messages to a secondary server running a native syslogd daemon.  
If I leave the original syslog message un-touched

	destination D_ONE { udp("10.10.10.10" port(514)); };
	log { source(S_ALL); destination(D_ONE); };

The remote server receives and processes the syslog msg correctly.  
However, if I attempt to use a template the forwarded syslog msg  
become corrupted.

	destination D_ONE { udp("10.10.10.10" port(514) template("$DATE $HOST  
$MSGHDR$MSGONLY")); };
	log { source(S_ALL); destination(D_ONE); };

What seems to be occurring is the PRI portion of the syslog msg  
becomes malformed when using the template.

Is this the proper behavior or am I doing something wrong?

Thanks
Bob