[syslog-ng] syslog-ng 3.3.3 pipe source does not parse host
Balazs Scheidler
bazsi at balabit.hu
Wed Dec 21 13:47:07 CET 2011
On Fri, 2011-12-02 at 22:16 -0800, Evan Rempel wrote:
> Try as I might, I can not get a pipe source to maintain the hostname. Syslog-ng includes the hostname
> as the $MSGHDR (or the $PROGRAM).
>
> my config
> # -----------------------------------
> source patterndb { pipe("/var/log/syslog.pipes/patterndb" log_fetch_limit(500) log_iw_size(100000) ); };
> source int { internal(); };
>
> template t_standardfile { template("$S_ISODATE $FULLHOST $FACILITY.$LEVEL $MSGHDR][$PROGRAM][$MESSAGE\n"); template_escape(no); };
>
> destination d_var_patterndb { file("/var/log/patterndb.$R_YEAR$R_MONTH$R_DAY.000000" owner("root") group("syslogs") perm(0640) template(t_standardfile)); };
>
> log { source(patterndb); destination(d_var_patterndb); };
> # -----------------------------------
>
> data I write tothe pipe
>
> # -----------------------------------
> <12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
> <12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
> <12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
> # -----------------------------------
>
> The output file
> # -----------------------------------
> 2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
> 2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
> 2011-11-25T00:00:30-08:00 patterndb at catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
> # -----------------------------------
>
> Am I missing something silly with the 3.3 config syntax (Up until now I have only used up to 3.0)
Like I've replied in the bugzilla ticket:
Starting with I think 3.2, the default for _local_ log transport was
flipped to skip the hostname as that was incompatible with local
syslogds
The old behaviour can be restored by enabling the 'expect-hostname' flag:
source s_pipe { pipe('...' flags(expect-hostname)); };
--
Bazsi
More information about the syslog-ng
mailing list