[syslog-ng] [Bug 218] To include local*.* facility.level in the source of syslog-ng

bugzilla at bugzilla.balabit.com bugzilla at bugzilla.balabit.com
Mon Feb 4 23:35:22 CET 2013 

https://bugzilla.balabit.com/show_bug.cgi?id=218





--- Comment #11 from kathi <jk_kathi1 at yahoo.com>  2013-02-04 23:35:21 ---
This is what i tried
1) installed syslog-ng 3.2.4 on a stand alone box , configured  syslog-ng.conf to filter local6.info messages using 
source s_local { system(); sun-streams("/dev/log" door("/var/run/syslog_door")); };
source s_syslogng { internal(); };
destination d_syslogng { file("/var/log/syslogng.log"); };
destination d_messages { file("/var/adm/messages.0"); };
destination d_app { file("/var/log/app.log"); };
filter f_local6 { facility(22); };
log { source(s_local); destination(d_messages); };
log { source(s_local); filter (f_local6); destination(d_app); };
log { source(s_syslogng); destination(d_syslogng); };

Works fine , i see local6.info messages logged to /var/log/app.log by the application ( Application here is Websphere which uses log4j properties to write
to local6.info) 

When i introduce this config into a Solaris  ZONE environment ( global zone and 1 sparse zone /lib, /platform, ,/sbin , /usr )  and try syslog-ng except for 
local6.info everthing  else works fine . When disable syslog-ng and enable the default syslogd of solaris i see local6.info messages recorded in
/var/log/app.log

local6.info   /var/log/app.log   in the  /etc/syslog.conf file

When the sparse zone is running syslog-ng in debug mode i tried the logger command and here are the results
bash-3.00# logger -p local6.info "foo"
Incoming log entry; line='<182>Feb  4 16:10:59 admin: [ID 702911 local6.info] foo\x0a'
Filter rule evaluation begins; filter_rule='f_local6'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter rule evaluation result; filter_result='match', filter_rule='f_local6'
Incoming log entry; line='<182>Feb  4 16:13:01 admin: [ID 702911 local6.info] foo\x0a'
Filter rule evaluation begins; filter_rule='f_local6'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter rule evaluation result; filter_result='match', filter_rule='f_local6'
Incoming log entry; line='<182>Feb  4 16:13:01 admin: [ID 702911 local6.info] foo\x0a'
Filter rule evaluation begins; filter_rule='f_local6'
Filter node evaluation result; filter_result='match', filter_type='facility'
Filter rule evaluation result; filter_result='match', filter_rule='f_local6'

But the application logs fail to be written in the /var/log/app.log 
Probably because syslog-ng is never been tried in a Solaris zoned environment 


-- 
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the syslog-ng mailing list