[syslog-ng] [Bug 124] New: [regression] broken $FULLHOST after upgrade to 3.2.4
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Fri Jun 17 02:01:08 CEST 2011
https://bugzilla.balabit.com/show_bug.cgi?id=124
Summary: [regression] broken $FULLHOST after upgrade to 3.2.4
Product: syslog-ng
Version: 3.2.x
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: enrico.scholz at informatik.tu-chemnitz.de
Type of the Report: ---
Estimated Hours: 0.0
syslog-ng 3.2.4 sets the chained hostname from local sources always
to 'hostname/hostname'. Previous version (2.x and 3.1.4) used
'localhost at hostname' for this resp. '<sourcename>@hostname'.
This breaks existing setups because
* destination filenames which contain $FULLHOST can not be used anymore
because the '/' prevents their creation; e.g. my remote logserver has
| destination d_iptables { file("/var/log/remote/IPTABLES/log.$FULLHOST" sync(10)); };
which created e.g. 'log.localhost at walther'. Now, it fails with
| Error opening file for writing; filename='/var/log/remote/IPTABLES/log.walther/walther', error='No such file or directory (2)'
* originating sources can not be identified anymore; e.g. I use
syslog-ng to log events within chroot environments. E.g. I have
| source kerberos { unix-dgram ("/vservers/kerberos/dev/log" keep-alive(no)); };
| source ldap { unix-dgram ("/vservers/ldap/dev/log" keep-alive(no)); };
Previously, messages could be identified because they were reported
to come from 'kerberos@<host>' or 'ldap@<host>'. Now, the source is
reported as '<host>/<host>' for both environments.
'strace' shows that the syslog client creates '<host>/<host>' strings.
The syslog-ng client is configured as
-----
@version:3.2
###################################################################
####
#### DO NOT EDIT THIS FILE!
#### This file is managed by cfengine; any manual changes will be overridden
####
###################################################################
options { flush_lines (0);
time_reopen (10);
log_fifo_size (16384);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
chain_hostnames (yes);
};
source localhost {
unix-stream ("/dev/log");
file("/proc/kmsg" program_override("kernel"));
internal();
};
destination stunnel {
tcp("127.0.0.1" port(520));
tcp("127.0.0.1" port(521));
};
## Common block for kernel-logging
filter f_kern { facility(kern); };
filter f_min_emerg { level(emerg); };
filter f_min_alert { level(alert..emerg); };
filter f_min_crit { level(crit..emerg); };
filter f_min_err { level(err..emerg); };
filter f_min_warn { level(warn..emerg); };
filter f_kern_err { filter(f_kern) and filter(f_min_warn); };
filter f_kern_crit { filter(f_kern) and filter(f_min_crit); };
destination d_kern { file("/var/log/kernel" fsync(yes) perm(0644)); };
destination d_cons { file("/dev/console"); };
log { filter(f_kern_err); source(localhost); destination(d_kern); };
log { filter(f_kern_crit); source(localhost); destination(d_cons); };
## End kernel-logging block}
log { destination(stunnel); flags(catch-all); };
-----
I am using the syslog-ng package from Fedora EPEL6 (http://koji.fedoraproject.org/koji/buildinfo?buildID=245187)
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list