[syslog-ng] I need assistance converting a syslog-ng.conf file from V 1.5.16 to 3.2.4...
Scheidler, Balázs
balazs.scheidler at balabit.com
Thu Jun 25 08:53:36 CEST 2015
Hi,
The warning about match means that match() without an explicit value()
option tries to match against the value of the format $PROGRAM[$PID]:
$MSGHDR$MSG which happens to be the same as $MSG in syslog-ng before 3.0.
Post 3.0 these values were split, and to mimic the old behavior syslog-ng
needs to create this artificial value which is a lot slower than matching
against specific name value pairs.
So either use match() with value('MSG') or use the more specific filters
(message(), program() or whatever). This will improve performance.
@version at the top of the file indicates which syslog-ng version the
config was written for. It is only known by syslog-ng past 3.0. You may
have started the old version in that case.
You can BTW find support from BalaBit that can make your life much easier.
Bazsi
On Jun 19, 2015 7:39 PM, "Mason, Tron" <Tron.Mason at mail.house.gov> wrote:
> *Hello…*
>
> I’m getting the following errors. Please help. Thanks.
>
>
>
> bash-3.2# /usr/local/sbin/syslog-ng -v -s -f
> /usr/local/etc/syslog-ng/syslog-ng.conf
>
> WARNING: the match() filter without the use of the value() option is
> deprecated and hinders performance, please update your configuration;
>
>
>
> bash-3.2# /usr/local/etc/syslog-ng/syslog-ng.conf -a -f
> /usr/local/sbin/syslog-ng
>
> /usr/local/etc/syslog-ng/syslog-ng.conf: line 10: @version:: command not
> found
>
> /usr/local/etc/syslog-ng/syslog-ng.conf: line 12: syntax error near
> unexpected token `('
>
> /usr/local/etc/syslog-ng/syslog-ng.conf: line 12: `options { use_dns(yes);
> '
>
>
>
> *Tron G Mason*
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20150625/47e695c1/attachment.htm
More information about the syslog-ng
mailing list