[syslog-ng] multi-line logs and program/facility filters

Michael Thénault michael.thenault at gmail.com
Tue Aug 14 12:02:27 UTC 2018


Awesome, flags(fallback); in the main log{} fixed it. Thanks !

Regards,
Michael
Le mar. 14 août 2018 à 12:32, Fekete, Róbert
<robert.fekete at oneidentity.com> a écrit :
>
> Hi,
>
> Try adding a log path with the fallback flag: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/49#TOPIC-956570
>
> Regards,
>
> Robert
>
> On Tue, Aug 14, 2018 at 11:48 AM, Michael Thénault <michael.thenault at gmail.com> wrote:
>>
>> Hi,
>> Indeed it works with unix-dgram("/dev/log" ); Thanks !
>>
>> I have another question : I have a system with different packages.
>> Each package brings its own syslog-ng conf file to define its filters
>> and log { } blocks. All those conf files are in a directory which is
>> included by the main syslog-ng conf file.
>>
>> In the main syslog-ng conf file I want to log all the unfiltered lines
>> into /var/log/messages.
>> Problem: I cannot reference previously defined filters without knowing
>> their name. The main conf file doesn't know those names. Is there a
>> way to solve this ? Sadly wildcards don't work on filter names...
>>
>> Regards,
>> Michael
>>
>>
>> Le ven. 10 août 2018 à 20:06, Scheidler, Balázs
>> <balazs.scheidler at oneidentity.com> a écrit :
>> >
>> > Hi,
>> >
>> > this is probably because syslogd used SOCK_DGRAM socket for /dev/log whereas your syslog-ng configuration tells syslog-ng to use SOCK_STREAM. The libc implementation supports both. Make sure you use unix-dgram() in syslog-ng. the system() source in syslog-ng defaults to unix-dgram() if I remember correctly.
>> >
>> > btw: multi-line log messages are not supported over syslog network transports in general, though its original UDP transport may work.
>> >
>> > Bazsi
>> >
>> > On Fri, Aug 10, 2018 at 5:36 PM, Jim Hendrick <james.r.hendrick at gmail.com> wrote:
>> >>
>> >> Don't give up quite yet. There are better people than I by far on this list :-)
>> >>
>> >> Btw ... the program destination ran pretty well with no performance impact or anything.  "Use the source young padawan "
>> >>
>> >>
>> >> On Fri, Aug 10, 2018, 10:51 AM Michael Thénault <michael.thenault at gmail.com> wrote:
>> >>>
>> >>> Ok, well that cannot be a solution for us because of different
>> >>> reasons: performance (embedded environment), probability to add bugs
>> >>> ...
>> >>> I guess we'll have to go reconsider keeping syslogd which doesn't have
>> >>> this issue.
>> >>>
>> >>> Regards,
>> >>> Michael
>> >>> ______________________________________________________________________________
>> >>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> >>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> >>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>> >>>
>> >>
>> >> ______________________________________________________________________________
>> >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> >> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> >> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>> >>
>> >>
>> >
>> > ______________________________________________________________________________
>> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>> >
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>


-- 
Mit freundlichen Grüßen / best regards,


Michaël Thénault


More information about the syslog-ng mailing list