[syslog-ng] pattern tags in syslog

[system at ra-schaal.de]

Hi all,

i´ve a problem with pdbtool / using tags with syslog 3.3.5:

If I tag a message inside a pattern containing a "-", the tags are not
used within syslog and "pbtool match":

  <ruleset id='c5a92074c59aca552764af9037cd895b' name='mirror'>
    <pattern>clam-clientsync</pattern>
    <rules>
      <rule class='mirror' id='c5a92074c59aca552764af9037cd895b'
provider='fs'>
        <patterns>
          <pattern>safebrowsing</pattern>
          <pattern>deleting</pattern>
          <pattern>main</pattern>
          <pattern>daily</pattern>
          <pattern>bytecode</pattern>
          <pattern>local_blacklist_apache</pattern>
          <pattern>timestamp</pattern>
          <pattern>sent @NUMBER::@ bytes</pattern>
          <pattern>total size is @NUMBER::@</pattern>
        </patterns>
        <tags>
          <tag>clamav-mirror</tag>
        </tags>
      </rule>
    </rules>
  </ruleset>

# pdbtool match -p mirror.pdb -P clam-clientsync -M "safebrowsing" -D

Pattern matching part:
safebrowsing
Matching part:
safebrowsing
Values:
MESSAGE=safebrowsing
PROGRAM=clam-clientsync
.classifier.class=mirror
.classifier.rule_id=c5a92074c59aca552764af9037cd895b
TAGS=


BTW: if I skip "-D" everything is fine.



But in my syslog-ng.conf i can´t use clamav-mirror in the filter.
Instead I must use clamavmirror:

filter f_rsync_clamav           { tags("clamavmirror"); };


tags("clamav-mirror") won´t work.