[syslog-ng] "Error checking uniqueness"

Evan Rempel erempel at uvic.ca
Thu Feb 23 17:31:36 UTC 2017 

Can you show a simplified example of how to use a single destination but define different templates that write to it? I have never been able to figure that out and it should make some of my configs a lot easier.

Evan.

On 02/23/2017 08:56 AM, Scheidler, Balázs wrote:
> This bugs may not have surfaced in your simple examples though. The reason we have a unique id requirement is that we store stuff like disk buffer file name associated to destinations. Probably, you would not use the disk buffer associated with a file destination, but internally you could.
>
> An alternative solution is to define a single /var/log/audit.log destination and then send messages from multiple log paths. For that to work you'd have to construct the template associated with the destination files a bit earlier in the processing chain.
>
> hope this helps,
> Bazsi
>
>
>
> -- 
> Bazsi
>
> On Thu, Feb 23, 2017 at 5:50 PM, Noémi Ványi <sitbackandwait at gmail.com <mailto:sitbackandwait at gmail.com>> wrote:
>
>     Syslog-ng stores persistent options and data in syslog-ng.persist file. It contains data about drivers specified in the configuration. The drivers are identified by their "settings". In your case you have three file drivers which contain the same log file: "/var/log/abc/audit_log". Thus, the id of that driver is not unique. To provide a unique identifier for these drivers you must specify a different string in persist-name.
>
>     For example, you could add persist-name("abcaudit") to driver d_abcaudit, persist-name("abcaudit_Prio") to driver d_abcaudit_Prio and persist-name("abcaudit_IPtab") to d_abcaudit_IPtab. The key is that the string in persist-name is unique.
>
>     Previously, handling multiple drivers on the same thing was broken in the usage of the persist file, if I recall correctly. This persist-name option was introduced to fix the problem. So, in previous versions it was buggy.
>
>     BR,
>     kvch
>
>
>     On 23 February 2017 at 16:43, David Hauck <davidh at netacquire.com <mailto:davidh at netacquire.com>> wrote:
>
>         Hi András,
>
>         On Thu, 23 Feb 2017 at 00:22:00, syslog-ng wrote:
>         > Hi David,
>         >
>         > The issue with persist_name() option was mentioned (and solved)
>         > previously in: https://github.com/balabit/syslog- <https://github.com/balabit/syslog->
>         > ng/issues/1275
>
>         Thx, I'd seen that entry prior to my email, however, it wasn't clear to me what exactly this doing. And I wasn't able to find anything in the documentation regarding the persist-name() option. Moreover, I wasn't sure if this would work with my 'destination' specification (as seen below).
>
>         What exactly does "persit-name()" do? How exactly do I specifcy this for my destination specifications below? And what has changed between these two versions to now require this option?
>
>         Thanks,
>         -David
>
>         > Br,
>         > Andras
>         >
>         >
>         > On Thu, Feb 23, 2017 at 1:28 AM, David Hauck <davidh at netacquire.com <mailto:davidh at netacquire.com>>
>         > wrote:
>         >
>         >
>         >       Hi,
>         >
>         >       I'm in the processing or updating a distribution's v3.6.3 syslog-ng
>         > configuration to v3.9.1 and am running into some issues getting
>         > syslog-ng started. The first one was:
>         >
>         >       Starting syslog-ng: Error parsing config, Error compiling template
>         > (Unknown template function "format-json") in
>         > /usr/share/syslog-ng/include/scl/cim/template.conf at line 23, column
>         > 32
>         >
>         >       I found a reference online to fixing this by removing
>         > /usr/share/syslog-ng/include/scl/cim and this indeed got me past this
>         > error (hopefully this is an otherwise benign modification).
>         >
>         >       I'm now stuck at the following error:
>         >
>         >       Starting syslog-ng: [2017-02-22T08:07:50.101422] Error checking the
>         > uniqueness of the persist names, please override it with persist-name
>         > option. Shutting down.;
>         > persist_name='affile_dd_writers(/var/log/abc/audit_log)',
>         > location='/etc/syslog-ng.conf:128:33'
>         >
>         >       Here's snippet from my configuration file that this error message
>         > references:
>         >
>         >       ...
>         >       destination d_abcaudit         { file("/var/log/abc/audit_log"
>         > template(t_NAFormat));       };
>         >       destination d_abcaudit_Prio    { file("/var/log/abc/audit_log"
>         > template(t_NAFormat_Prio));  };
>         >       --> destination d_abcaudit_IPtab   {
>         > file("/var/log/abc/audit_log" template(t_abcFormat_IPtab));   };
>         >       destination d_abcmessage_Prio  { file("/dev/null"); };
>         >       ...
>         >
>         >       I wasn't able to find any documentation or guidance on the
>         > "persist-name" option. Any ideas on how I should go about fixing this
>         > error?
>         >
>         >       Thanks,
>         >       -David
>         >
>         > ______________________________________________________________________
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170223/ad70fc3b/attachment.html>

More information about the syslog-ng mailing list