[syslog-ng] FW: syslog-ng-3.4.0alpha2 syslog-ng binary failure forserver instance.

Balla, Hithendra (EXT-Other - IN/Bangalore) hithendra.balla.ext at nsn.com
Wed Jun 13 07:35:29 CEST 2012

Hi all,


We found that the following rewrite caused the issue. We commented this
part, and it was not giving any issue. 

But we need this rewrite option to be available. 

Can somebody let us know if this got changed in syslog-ng-3.4.0alpha2 ?
Any suggestions ? 

#rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};





From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of ext
anju.raveendrannair at wipro.com
Sent: Friday, June 08, 2012 5:16 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] syslog-ng-3.4.0alpha2 syslog-ng binary failure
forserver instance.




We are using syslog-ng-3.4.0alpha2 binary and trying to run the
syslog-ng server configuration file, but its not starting the syslog ng

We are getting the following error  incase of f__nonconsole_access
filter when we ran the syslog-ng binary in debug mode.


Filter rule evaluation result; result='match',


ERROR:logmsg.c:535:log_msg_set_value_indirect: assertion failed:

Abort (core dumped)


PFA the debug.log


The server conf is having the following line for the above mentioned


template ltemgr_msg_template { template("$S_ISODATE $HOST


#To  strip of the msg_id introduced by syslogd

rewrite rw_msg{subst("\\[.*\\] <file:///\\[.*\%5d> ", "",


source s_LTEMGR_SYSLOG_CLIENTS{ tcp (ip ( port(6515)












destination d_ltemgr_nonconsoleaccess_log  {file("/ne_data/syslog/ems"
perm(0644) template(ltemgr_msg_template)); };


filter f_nonconsole_access { level(info..notice) and facility(auth) and
( match("Accepted password for" value("MESSAGE")) or match("Failed
password for"  value("MESSAGE")) ); };


log { source(s_LTEMGR_SYSLOG_CLIENTS); filter(f_nonconsole_access);
rewrite(rw_msg);  destination(d_ltemgr_nonconsoleaccess_log);  };


Without debug mode, we were able to run the server but central logging
is not happening when tried with logger command.






Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain proprietary, confidential or privileged information. If
you are not the intended recipient, you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of viruses.
The company accepts no liability for any damage caused by any virus
transmitted by this email. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120613/b744246d/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.log
Type: application/octet-stream
Size: 14675 bytes
Desc: debug.log
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120613/b744246d/attachment-0001.obj 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT2422471.txt
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120613/b744246d/attachment-0001.txt 

More information about the syslog-ng mailing list