[syslog-ng] [Bug 179] New: SDATA from Loggen Not Recorded

Tue May 8 19:02:28 CEST 2012

https://bugzilla.balabit.com/show_bug.cgi?id=179

           Summary: SDATA from Loggen Not Recorded
           Product: syslog-ng
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: unspecified
         Component: syslog-ng
        AssignedTo: bazsi at balabit.hu
        ReportedBy: bmehne at gmail.com
Type of the Report: ---
   Estimated Hours: 0.0

Created an attachment (id=60)
 --> (https://bugzilla.balabit.com/attachment.cgi?id=60)
Syslog-ng conf

I have been trying to find some API to write SDATA to mongodb, but it seems that syslog-ng is not parsing the sdata correctly or loggen is not being called
correctly.

I am calling loggen with:
loggen -r 5 -P -p "[syslog at 0 uid=\"system\" id=\"4937903063198901248\" sid=\"-\" svchome=\"/run/cronsvc/01/1\" svcid=\"dummy\"
name=\"JobExecutionStateManagementJob\" tid=\"__system__\" type=\"SYSTEM\" cid=\"-\" eid=\"-\"]" -S -s 1024 -i -I 2000 localhost 1000

My syslog-ng.conf is attached.

I have compiled and run with syslog-ng 3.3.1 (from tar), 3.3.4 (as in debian repos), and 3.4 (from github).  I have also tried with the mongodb driver patched
to insert rather than upsert (from algernon github repo, flat-insert branch).

My testing is taken from http://www.syslog.org/forum/index.php?topic=1233.0 

My /var/log/messages.json spits out empty braces (e.g. { } ) for each message, and mongodb does record "SDATA" : "[meta sequenceId=\"70\"]",but that is not the
intended sdata.

Any help would be appreciated.

-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.