[syslog-ng] question on logging templates: strange log lines
Philipp
mailinglists at belfin.ch
Wed Feb 11 17:52:30 CET 2009
Hi,
is it possible that there's something wrong with eiter 3.0 version of
syslog-ng?
I tried them both, this one
http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.0.1/source/syslog-ng_3.0.1.tar.gz
and this one
http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/source/syslog-ng_3.0.1.tar.gz
By now I also have tried the 2.1.3 version. There, I do not have any of
the below described issues.
Another thing that popped up in v.3.0 is it seems to ignore the time zone.
According to `date +%:z` my test box is configured to +01:00. However,
syslog-ng 3.0 insists on logging tz -00:00. I tried to work around this by
defining the time_zone in a source definition. Did not help.
As I most appreciate the built-in sql logging I think v. 2.1.3 will do
perfectly fine. So I'll stick with it.
Best,
Philipp
> Dear list users
>
> In the near future I would like to migrate from syslog-ng 2 to 3.x. For
> this reason I've set up a linux testbox.
>
> Now, I have a problem I lack to see a solution for.
>
> The syslog-ng testing config:
>
> @version:3.0
>
> ## GLOBAL
> options {
> chain_hostnames(no);
> keep_hostname(yes);
> flush_lines(0);
> stats_freq(3600);
> use_dns(persist_only);
> dns_cache_hosts(/etc/hosts);
> };
>
> ## SOURCES
> source src { unix-stream("/dev/log"); };
> source src-kernel { file("/proc/kmsg" program_override("kernel: ")); };
> source src-syslog-ng { internal(); };
>
> ## LOGGING TEMPLATES
> template t_filetmpl { template("$DATE $FACILITY.$PRIORITY $FULLHOST
> $MSGHDR$MSG\n"); template_escape(no); };
>
> ## DESTINATIONS
> destination local4 { file("/var/log/local4.log" template(t_filetmpl)); };
>
> ## FILTERS
> filter f_local4 { facility(local4); };
>
> ## LOGS
> log { source(src); filter(f_local4); destination(local4); };
>
>
> For testing I use the logger command: ` logger -p local4.info -t test
> testnachricht2`. This configuration causes, and I do not see why, lines
> like these in the /var/log/local4.log file.
> [empty line]
> testnachricht2 test: donald.info local4Feb 11 14:26:01Feb 11 14:26:01
> local4.info donald test: testnachricht2
>
>
> However, if I replace the line below "## DESTINATIONS" with
> destination local4 { file("/var/log/local4.log" template("$DATE
> $FACILITY.$PRIORITY $FULLHOST $MSGHDR$MSG\n")); };
>
> all is perfect. The logged line looks like this:
> Feb 11 14:30:22 local4.info donald test: testnachricht2
>
>
> Please could you tell me what I've missed?
>
> Thanks in advance,
> Philipp
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list