[syslog-ng] multi-line logs and program/facility filters

Michael Thénault michael.thenault at gmail.com
Tue Aug 14 09:48:37 UTC 2018 

Hi,
Indeed it works with unix-dgram("/dev/log" ); Thanks !

I have another question : I have a system with different packages.
Each package brings its own syslog-ng conf file to define its filters
and log { } blocks. All those conf files are in a directory which is
included by the main syslog-ng conf file.

In the main syslog-ng conf file I want to log all the unfiltered lines
into /var/log/messages.
Problem: I cannot reference previously defined filters without knowing
their name. The main conf file doesn't know those names. Is there a
way to solve this ? Sadly wildcards don't work on filter names...

Regards,
Michael


Le ven. 10 août 2018 à 20:06, Scheidler, Balázs
<balazs.scheidler at oneidentity.com> a écrit :
>
> Hi,
>
> this is probably because syslogd used SOCK_DGRAM socket for /dev/log whereas your syslog-ng configuration tells syslog-ng to use SOCK_STREAM. The libc implementation supports both. Make sure you use unix-dgram() in syslog-ng. the system() source in syslog-ng defaults to unix-dgram() if I remember correctly.
>
> btw: multi-line log messages are not supported over syslog network transports in general, though its original UDP transport may work.
>
> Bazsi
>
> On Fri, Aug 10, 2018 at 5:36 PM, Jim Hendrick <james.r.hendrick at gmail.com> wrote:
>>
>> Don't give up quite yet. There are better people than I by far on this list :-)
>>
>> Btw ... the program destination ran pretty well with no performance impact or anything.  "Use the source young padawan "
>>
>>
>> On Fri, Aug 10, 2018, 10:51 AM Michael Thénault <michael.thenault at gmail.com> wrote:
>>>
>>> Ok, well that cannot be a solution for us because of different
>>> reasons: performance (embedded environment), probability to add bugs
>>> ...
>>> I guess we'll have to go reconsider keeping syslogd which doesn't have
>>> this issue.
>>>
>>> Regards,
>>> Michael
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>

More information about the syslog-ng mailing list