[syslog-ng] Strange template definition problem
Peter Eckel
Lists at Eckel-EDV.de
Thu Jan 22 20:00:24 CET 2009
Hi,
I am currently using the Open Source edition of syslog-ng
version 3.0.1 on RedHat Linux 5.3 and 3.9. So far, there are not
too many problems, but one strangeness occurs when defining templates.
When I define the template inside the 'destination'
configuration, everything works as expected:
# +
# Definition 1: Works fine.
# -
source s_local {
unix-stream( "/dev/log" );
file( "/proc/kmsg" );
udp( ip( "127.0.0.1" ) port(514) );
tcp( ip( "127.0.0.1" ) port(514) keep-alive(yes) );
};
destination d_test {
file( "/opt/sec/var/log/test"
template( "$ISODATE -- $FACILITY -- $PRIORITY -- $HOST --
$MESSAGE\n----------\n" )
);
};
log {
source(s_local);
destination(d_test);
};
The log entries look like this:
>2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105
>----------
>2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950
>----------
>2009-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163
>----------
So far, so good. But when I try global templates, I get a rather
strange result:
# +
# Definition 2: Fails miserably.
# -
source s_local {
unix-stream( "/dev/log" );
file( "/proc/kmsg" );
udp( ip( "127.0.0.1" ) port(514) );
tcp( ip( "127.0.0.1" ) port(514) keep-alive(yes) );
};
template t_test {
template( "$ISODATE -- $FACILITY -- $PRIORITY -- $HOST --
$MESSAGE\n----------\n" );
};
destination d_test {
file( "/opt/sec/var/log/test" template( t_test ) );
};
log {
source(s_local);
destination(d_test);
};
What I'm getting is this (including marked blank lines):
>
>----------
>-- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020
>09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086130064]: syslog_in connected from 192.168.42.129:41105
>----------
>
>----------
>-- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020
>09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3086060432]: syslog_in connected from 192.168.42.133:33950
>----------
>
>----------
>-- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163 -- linux4 -- notice -- authpriv2009-01-22T19:33:35+01:0020
>09-01-22T19:33:35+01:00 -- authpriv -- notice -- linux4 -- LOG5[17309:3085990800]: syslog_in connected from 192.168.42.128:43163
It looks a bit as if all elements of the filled template are
output twice: First in reverse order, then again from start in
correct order. This is reproducable on several machines. The
only difference is the use of the global template in the second
case instead of the inline template in the first.
Am I making some stupid mistake, or is this a bug in syslog-ng?
Best regards and thanks in advance for any suggestions,
Peter.
--
-------------------------------------------------------------------------
Peter Eckel System- und Netzwerkmanagement
Postfach 1463
D-61284 Bad Homburg v.d.H.
Tel.: +49
6172 969495
Mobil: +49
172 6812107
Fax: +49
6172 969845
EMail: Peter.Eckel at Eckel-EDV.de
-------------------------------------------------------------------------
More information about the syslog-ng
mailing list