[syslog-ng] multi-line logs and program/facility filters
Fekete, Róbert
robert.fekete at oneidentity.com
Tue Aug 14 10:32:07 UTC 2018
Hi,
Try adding a log path with the fallback flag:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/49#TOPIC-956570
Regards,
Robert
On Tue, Aug 14, 2018 at 11:48 AM, Michael Thénault <
michael.thenault at gmail.com> wrote:
> Hi,
> Indeed it works with unix-dgram("/dev/log" ); Thanks !
>
> I have another question : I have a system with different packages.
> Each package brings its own syslog-ng conf file to define its filters
> and log { } blocks. All those conf files are in a directory which is
> included by the main syslog-ng conf file.
>
> In the main syslog-ng conf file I want to log all the unfiltered lines
> into /var/log/messages.
> Problem: I cannot reference previously defined filters without knowing
> their name. The main conf file doesn't know those names. Is there a
> way to solve this ? Sadly wildcards don't work on filter names...
>
> Regards,
> Michael
>
>
> Le ven. 10 août 2018 à 20:06, Scheidler, Balázs
> <balazs.scheidler at oneidentity.com> a écrit :
> >
> > Hi,
> >
> > this is probably because syslogd used SOCK_DGRAM socket for /dev/log
> whereas your syslog-ng configuration tells syslog-ng to use SOCK_STREAM.
> The libc implementation supports both. Make sure you use unix-dgram() in
> syslog-ng. the system() source in syslog-ng defaults to unix-dgram() if I
> remember correctly.
> >
> > btw: multi-line log messages are not supported over syslog network
> transports in general, though its original UDP transport may work.
> >
> > Bazsi
> >
> > On Fri, Aug 10, 2018 at 5:36 PM, Jim Hendrick <
> james.r.hendrick at gmail.com> wrote:
> >>
> >> Don't give up quite yet. There are better people than I by far on this
> list :-)
> >>
> >> Btw ... the program destination ran pretty well with no performance
> impact or anything. "Use the source young padawan "
> >>
> >>
> >> On Fri, Aug 10, 2018, 10:51 AM Michael Thénault <
> michael.thenault at gmail.com> wrote:
> >>>
> >>> Ok, well that cannot be a solution for us because of different
> >>> reasons: performance (embedded environment), probability to add bugs
> >>> ...
> >>> I guess we'll have to go reconsider keeping syslogd which doesn't have
> >>> this issue.
> >>>
> >>> Regards,
> >>> Michael
> >>> ____________________________________________________________
> __________________
> >>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >>> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> >>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >>>
> >>
> >> ____________________________________________________________
> __________________
> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> >> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >>
> >>
> >
> > ____________________________________________________________
> __________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180814/4c42cada/attachment-0001.html>
More information about the syslog-ng
mailing list