[syslog-ng] flags(final) in version 3.4
Fanselow, William
William.Fanselow at Level3.com
Wed Mar 13 21:51:05 CET 2013
According to this report, the flags(final) does not work in 3.4 as one got used to in prior versions.
https://lists.balabit.hu/pipermail/syslog-ng/2013-February/020039.html
In version 3.3 I used flags(final) in each of my log{ } statements so that a message was not unnecessarily processed by anything beyond a matching filter. My last entry in the config used flags(fallback) so that any message not previously sent to a destination was caught by this final stanza.
With version 3.4, the same syntax does not work, and all messages appear to be passing through every filter and getting duplicated in the first match and my final log destination.
Surely, there must be another way to handle this sort of thing. Not only is it useful for processing efficiency, but it is also a useful way to identify "unmatched" filters in the config.
Any suggestions for replicating the 3.3 behavior would be appreciated.
Thanks
Bill Fanselow
More information about the syslog-ng
mailing list