[syslog-ng] syslog-ng 3.3.3 pipe source does not parse host

Evan Rempel erempel at uvic.ca
Sat Dec 3 07:16:04 CET 2011 

Try as I might, I can not get a pipe source to maintain the hostname. Syslog-ng includes the hostname
as the $MSGHDR (or the $PROGRAM).

my config
# -----------------------------------
source patterndb { pipe("/var/log/syslog.pipes/patterndb" log_fetch_limit(500) log_iw_size(100000) ); };
source int { internal(); };

template t_standardfile { template("$S_ISODATE $FULLHOST $FACILITY.$LEVEL $MSGHDR][$PROGRAM][$MESSAGE\n"); template_escape(no); };

destination d_var_patterndb { file("/var/log/patterndb.$R_YEAR$R_MONTH$R_DAY.000000" owner("root") group("syslogs") perm(0640) template(t_standardfile)); };

log { source(patterndb); destination(d_var_patterndb); };
# -----------------------------------

data I write tothe pipe

# -----------------------------------
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
# -----------------------------------

The output file
# -----------------------------------
2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
# -----------------------------------

Am I missing something silly with the 3.3 config syntax (Up until now I have only used up to 3.0)

Evan.

More information about the syslog-ng mailing list