[syslog-ng] syslog-ng -s errors with catchall flag (1.6 to 3.1)
Mishou Michael
Michael.Mishou at csirc.irs.gov
Tue Apr 5 17:04:38 CEST 2011
Ok, revisiting this today I found the problem after looking at the
source code in this snapshot (which my pre-compiled packages were based
on):
http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=snapshot;h=8bf13c304b
6ab5fc1a372b49d55c78370efe14ca
All the documentation refers to log path flags: catchall, fallback,
final, flow-control.
But in center.c the actual strcmp functions are looking for: catch-all,
fallback, final, flow_control OR flow-control
gint
log_connection_lookup_flag(const gchar *flag)
{
if (strcmp(flag, "catch-all") == 0)
return LC_CATCHALL;
else if (strcmp(flag, "fallback") == 0)
return LC_FALLBACK;
else if (strcmp(flag, "final") == 0)
return LC_FINAL;
else if (strcmp(flag, "flow_control") == 0 || strcmp(flag,
"flow-control") == 0)
return LC_FLOW_CONTROL;
msg_error("Unknown log statement flag", evt_tag_str("flag", flag),
NULL);
return 0;
}
I'm guessing it should probably be something like this instead:
gint
log_connection_lookup_flag(const gchar *flag)
{
if (strcmp(flag, "catch-all") == 0 || strcmp(flag, "catchall") == 0)
return LC_CATCHALL;
else if (strcmp(flag, "fallback") == 0)
return LC_FALLBACK;
else if (strcmp(flag, "final") == 0)
return LC_FINAL;
else if (strcmp(flag, "flow_control") == 0 || strcmp(flag,
"flow-control") == 0)
return LC_FLOW_CONTROL;
msg_error("Unknown log statement flag", evt_tag_str("flag", flag),
NULL);
return 0;
}
Searching the commits for the 3.1 master repository I found nothing for
"catch-all" or "catchall", so I'm not sure when this changed, but the
"catchall" flag is mentioned in the 2.0 documentation as well. The
question remains that should I report an issue for this at all? And if
so, should I report an issue in the documentation, or an issue in the
center.c file (assuming this change wasn't intentional)? I can fix it
on my system by using the flag catch-all instead, but I figure you all
want the documentation/code to be consistent.
--Mike
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Mishou Michael
Sent: Monday, April 04, 2011 11:25 AM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] syslog-ng -s errors with catchall flag (1.6 to 3.1)
Folks,
I've done a lot of reading of the list archives through Google, but this
is the first question that's really stumped me and also stumped the
archives as well. I'm currently converting a 1.6 config to version 3.1,
eliminating the warnings generated by -s and whatnot. One of the
warnings I get is the following:
Unknown log statement flag; flag='catchall'
The configuration line this warning/error is referencing looks like
this:
log { source(network); destination(finalcatchall);
destination(catchall_relay); flags(final,catchall); };
For some reason, the syslog-ng version I'm using doesn't like that flag
option, but according to the 3.1 documentation, it is valid, as far as I
can see.
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.1-
guide-admin-en.html/index.html-single.html#logpath
I tried removing the final flag (thinking perhaps it was redundant) and
just leaving the catchall in, but the error persists.
Here is the version information for the syslog-ng I'm using, perhaps it
is a bug? I'm not quite sure how to search the bug database, if anyone
could point me in the right direction it would be appreciated.
# /usr/local/sbin/syslog-ng -V
syslog-ng 3.1.2
Installer-Version: 3.1.2
Revision:
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainli
ne--3.1#master#8bf13c304b6ab5fc1a372b49d55c78370efe14ca
Compile-Date: Oct 25 2010 23:56:18
Enable-Threads: off
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: on
Enable-Sun-Door: on
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: off
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps: off
Enable-Pcre: on
The version of syslog-ng I'm using is on Solaris 10 SPARC, pre-compiled
packages I got from here:
http://www.sunfreeware.com/programlistsparc10.html#syslogng
If anyone has any ideas, please let me know.
Thank you very much,
--Mike
________________________________________________________________________
______
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list