[syslog-ng] Problem with program_override in upgrade from 3.0.8 to 3.2.4

Javi Polo jpolo at wtransnet.com
Tue Aug 2 20:55:18 CEST 2011 

Hello there

I've been using syslog-ng for a long time, no problems so far, till 
today ... :p

I'm using Open Source Edition, upgrading from 3.0.8 to 3.2.4, installing 
from the .run file to /opt

Today I wanted to update our syslog-ng's to the latest version and found 
that for some reason, when I override a program via program_override, 
the PROGRAM macro is empty when I send it to another loghost.
program_override seems to be working, as locally writen files show so

I did upgrade both syslog-ng, the client and the logserver
When I switched back to the old version I found everything began working 
again

Here's the conflicting config in the client:
#CLIENT CONFIG
source s_apache_access { file("/var/log/apache2/access.log" 
program_override ("apache_access")); };

destination d_logserver01 { tcp("logserver01"); };
destination d_tmp { file("/var/log/tmp.log" template("$HOST $PROGRAM 
$MESSAGE\n")); };

log {   source(s_apache_error);
         destination(d_logserver01);
         destination(d_tmp);
         flags(final); };

And here's on the server:
#LOGSERVER CONFIG
filter f_tmp { host(web0[1-2]); };
filter f_apache_error { program(apache_error); };

destination d_apache_error  { 
file("/array/logs/${S_YEAR}/${S_MONTH}/${S_DAY}/${HOST}/apache2/error.log"  
template("$ISODATE $HOST ${PROGRAM}: $MESSAGE\n") ); };
destination d_tmp { 
file("/array/logs/${S_YEAR}/${S_MONTH}/${S_DAY}/${HOST}/tmp.log" 
template("$HOST $PROGRAM $MSG\n")); };

log {   source(s_tcp);
         filter(f_apache_error);
         destination(d_apache_error);
         flags(final); };

log {   source(s_tcp);
         filter(f_tmp);
         destination(d_tmp);
         flags(final); };

After the update those are the results of tmp.log
On client:
web01 apache_error Aug 02 20:53:06 2011] [error] [client 192.168.0.5] 
client denied by server configuration: /var/www/asdadsasdas

On server:
web01  Aug 02 20:53:06 2011] [error] [client 192.168.50.65] client 
denied by server configuration: /var/www/asdadsasdas

As you can see, the program_name has dissapeared
I suspect is a bug, but I'm not sure as there might be some change in 
syslog-ng behaviour that I did miss :?

Anybody could lend me a hand?

thanks in advance :)

-- 
Javi Polo
Administrador de Sistemas
Tel  93 734 97 70
Fax 93 734 97 71
jpolo at wtransnet.com

More information about the syslog-ng mailing list