[syslog-ng] syslog-ng ruleset confusion or bug?

Evan Rempel erempel at uvic.ca
Tue Feb 26 05:28:35 CET 2013 

You are missing the -p in front of the "info.local3" AND it should be local3.info when you use the logger command.

--
Evan Rempel
Senior Systems Administrator, Data Centre Services
University of Victoria
250.721.7691

David Stainton <dstainton415 at gmail.com> wrote:




Greetings,

I am running syslog-ng-3.3.5-1 on CentOS release 6.3.

It seems like there is a subtle bug in syslog-ng or more likely a bug in my syslog-ng configuration. I am unable to get log message to appear in the other destinations besides /var/log/messages...

I've tried testing like this:

logger info.local3 howdy
logger info.local5 howdy
logger info.local6 howdy
logger emerg.local6 howdy

However the log messages only show up in /var/log/messages.
I wonder why!
Any help, observations or suggestions would be much appreciated.

Thanks!
David


PS Here is my simple config:

@version: 3.3

options {
  create_dirs (yes);
  dir_perm(0755);
  keep_hostname (yes);
  perm(0644);
  flush_lines (0);
  time_reopen (10);
  use_dns (yes);
  use_fqdn (no);
};

source s_sys {
  file ("/proc/kmsg" program_override("kernel: "));
  unix-stream ("/dev/log");
  internal();
  unix-stream ("/var/named/chroot/dev/log" optional(yes));
};

destination d_mesg { file("/var/log/messages"); };
destination d_app { file("/var/log/philotic/$PROGRAM.log"); };
destination d_app_event { file("/var/log/philotic/$PROGRAM-event.log"); };
destination d_philotic  { file("/var/log/philotic/$PROGRAM.log"); };

filter f_info { level(info..emerg) };

filter f_default    { level(info..emerg)
  and not (
    facility(mail)
    or
    facility(authpriv)
    or
    facility(cron)
    or
    facility(local6)
    or
    facility(local5)
    or
    facility(14)
  );
};

filter f_app_event { facility(local3); };
filter f_app   { facility(local6); };
filter f_philotic   { facility(local5); };

log { source(s_sys); filter(f_default); destination(d_mesg); };
log { source(s_sys); filter(f_info); filter(f_app); destination(d_app); };
log { source(s_sys); filter(f_info); filter(f_app_event); destination(d_app_event); };
log { source(s_sys); filter(f_info); filter(f_philotic); destination(d_philotic); };

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130226/859caa55/attachment.htm

More information about the syslog-ng mailing list