[syslog-ng] Message correlation, everything needs an "@"? And a grep problem.
Valentijn Sessink
valentyn at blub.net
Sun Feb 20 17:18:07 CET 2011
Op 20-02-11 14:43, Balazs Scheidler schreef:
>> Is this how it's meant to be?
> hmm.. no, @1 should be the one before the current message. I've just
> tried to reproduce this with 3.3 but it works fine.
Could it have something to do with my context-scope="host"?
> ... seems to be work OK in 3.2 too. how did you reproduce this exactly?
Please find attached the postfix-maildelivery pattern that I have been
experimenting with. Trying to match the "queuid" within messages only
worked when using "@1" - which I found rather strange.
Oh, for the record: syslog-ng 3.2.2
Installer-Version: 3.2.2
Revision:
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.2#master#1d3f396485eb47b1ff6aa18ac4f1c4cd51c0ea4c
Compile-Date: Feb 9 2011 13:14:58
Enable-Threads: on
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: off
Enable-SSL: on
Enable-SQL: on
Enable-Linux-Caps: off
Enable-Pcre: off
Enable-Pacct: off
Please note that the attached pattern is work (once) in progress. Anyone
who would install and use this on a live machine is an idiot just like me ;)
To begin with, the "program" pattern on top of the file is missing,
which is not very convenient for a live server :)
Development stalled when the "grep" function wouldn't work; because the
pattern works for really, really simple messages but it fails completely
for messages with multiple recipients (and possibly other fail factors).
Trying to have "grep" output multiple values for one variable didn't
work. If you know how to do that, please tell me.
> Yes, that's the problem. hmm.. The XML shouldn't do this, as this is a
> text node, not an attribute node and there '"' doesn't matter. I'll have
> to dig deeper.
OK, so I gather: grep is not working right now?
Best regards,
Valentijn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postfix-maildelivery.pdb
Type: chemical/x-pdb
Size: 3451 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110220/d98df098/attachment.pdb
More information about the syslog-ng
mailing list