[syslog-ng] Problem with program_override in upgrade from 3.0.8 to 3.2.4

Balazs Scheidler bazsi at balabit.hu
Sat Aug 6 18:56:29 CEST 2011 

On Tue, 2011-08-02 at 20:55 +0200, Javi Polo wrote:
> Hello there
> 
> I've been using syslog-ng for a long time, no problems so far, till 
> today ... :p
> 
> I'm using Open Source Edition, upgrading from 3.0.8 to 3.2.4, installing 
> from the .run file to /opt
> 
> Today I wanted to update our syslog-ng's to the latest version and found 
> that for some reason, when I override a program via program_override, 
> the PROGRAM macro is empty when I send it to another loghost.
> program_override seems to be working, as locally writen files show so
> 
> I did upgrade both syslog-ng, the client and the logserver
> When I switched back to the old version I found everything began working 
> again
> 
> Here's the conflicting config in the client:
> #CLIENT CONFIG
> source s_apache_access { file("/var/log/apache2/access.log" 
> program_override ("apache_access")); };
> 
> destination d_logserver01 { tcp("logserver01"); };
> destination d_tmp { file("/var/log/tmp.log" template("$HOST $PROGRAM 
> $MESSAGE\n")); };
> 
> log {   source(s_apache_error);
>          destination(d_logserver01);
>          destination(d_tmp);
>          flags(final); };
> 
> And here's on the server:
> #LOGSERVER CONFIG
> filter f_tmp { host(web0[1-2]); };
> filter f_apache_error { program(apache_error); };
> 
> destination d_apache_error  { 
> file("/array/logs/${S_YEAR}/${S_MONTH}/${S_DAY}/${HOST}/apache2/error.log"  
> template("$ISODATE $HOST ${PROGRAM}: $MESSAGE\n") ); };
> destination d_tmp { 
> file("/array/logs/${S_YEAR}/${S_MONTH}/${S_DAY}/${HOST}/tmp.log" 
> template("$HOST $PROGRAM $MSG\n")); };
> 
> log {   source(s_tcp);
>          filter(f_apache_error);
>          destination(d_apache_error);
>          flags(final); };
> 
> log {   source(s_tcp);
>          filter(f_tmp);
>          destination(d_tmp);
>          flags(final); };
> 
> After the update those are the results of tmp.log
> On client:
> web01 apache_error Aug 02 20:53:06 2011] [error] [client 192.168.0.5] 
> client denied by server configuration: /var/www/asdadsasdas
> 
> On server:
> web01  Aug 02 20:53:06 2011] [error] [client 192.168.50.65] client 
> denied by server configuration: /var/www/asdadsasdas
> 
> As you can see, the program_name has dissapeared
> I suspect is a bug, but I'm not sure as there might be some change in 
> syslog-ng behaviour that I did miss :?

flags(dont-store-legacy-msghdr)

I wanted to explain why, but I'm in a hurry, probably in an upcoming
post. (the flag might be called no-store-..., can't remember exactly)


-- 
Bazsi

More information about the syslog-ng mailing list