[syslog-ng] seems like program filter is broken
Stanislav
me at rooty.name
Thu Mar 21 19:57:19 UTC 2019
nah, I've just tried to replace that with "file( "/dev/klog" owner(root)
group(wheel) perm(0666) );", didn't work.
Also I'm getting logs to "/var/log/all.log" from dovecot without any
issue, it just this filter, I feel something is not right there.
> Hello,
>
> Is it possible that the *dovcot* application sends those logs via
> */dev/klog* ? Because in your configuration for that source the
> program is replaced with *kernel*.
>
> I tried the *program* filter with freebsd 12 + syslog-ng 3.20.1 with
> the following configuration:
>
> @version: 3.20
>
> log {
> source { internal(); };
> if {
> filter( program("syslog-ng"); };
> rewrite { set(":)" value(".FILTER")); };
> }
> else {
> rewrite { set(":(" value(".FILTER")); };
> }
>
> destination { file("/dev/stdout" template("${.FILTER}\n")); };
> };
>
> starting with syslog-ng -F
>
> The result seemed to be positive => :)
>
> --
> Kokan
>
> On Wed, Mar 20, 2019 at 4:41 AM Stanislav <me at rooty.name> wrote:
>
>> Greetings,
>>
>> I'm getting this issue after my last package upgrade
>>
>> ======================================
>> Name : syslog-ng
>> Version : 3.20.1
>> Installed on : Mon Mar 11 23:27:29 2019 EET
>> Origin : sysutils/syslog-ng
>> Architecture : FreeBSD:12:amd64
>> Prefix : /usr/local
>> Categories : sysutils
>> Licenses :
>> Maintainer : cy at FreeBSD.org
>> WWW : http://www.syslog-ng.org/
>> Comment : Powerful syslogd replacement
>> Options :
>> AMQP : off
>> CURL : off
>> DOCS : on
>> GEOIP2 : off
>> IPV6 : off
>> JAVA : off
>> JAVA_MOD : off
>> JSON : on
>> MONGO : off
>> PYTHON : off
>> REDIS : off
>> RIEMANN : off
>> SMTP : off
>> SPOOF : off
>> SQL : off
>> TCP_WRAPPERS : off
>> ======================================
>>
>> I have following configuration:
>>
>> options { chain_hostnames(off); flush_lines(0); threaded(yes);
>> create_dirs(yes); };
>> source local {
>> internal();
>> unix-dgram( "/var/run/log" owner(root) group(wheel)
>> perm(0666) );
>> unix-dgram( "/var/run/logpriv" owner(root)
>> group(wheel)
>> perm(0600) );
>> file( "/dev/klog" program_override("kernel") );
>> };
>> ...
>> destination all { file("/var/log/all.log"); };
>> destination maillog_mda { file("/var/log/maillog-mda"); };
>> ...
>> filter p_mail_imap { program("dovecot"); };
>> ...
>> log { source(local); destination(all); };
>> log { source(local); filter(p_mail_imap); destination(maillog_mda);
>> };
>> ======================================
>> # ps auxww|grep dovecot
>> root 9648 0.0 0.1 13268 4196 - Is 00:46
>> 0:00.04
>> /usr/local/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf
>> dovecot 9651 0.0 0.0 12724 3784 - I 00:46
>> 0:00.01
>> anvil: [2 connections] (anvil)
>> root 15259 0.0 0.0 12796 4168 - I 01:42
>> 0:00.00
>> dovecot/log
>> root 16126 0.0 0.1 13744 5020 - I 01:52
>> 0:00.02
>> dovecot/config
>> dovecot 16127 0.0 0.0 12724 4180 - I 01:52
>> 0:00.01
>> stats: [3 connections] (stats)
>> dovecot 17328 0.0 0.1 21284 12276 - I 02:05
>> 0:00.01
>> auth: [0 wait, 0 passdb, 0 userdb] (auth)
>> ======================================
>> # syslog-ng -s
>> # echo $?
>> 0
>> ======================================
>>
>> I'm getting logs from dovecot program to /var/log/all.log but not
>> /var/log/maillog-mda . As I mentioned before it was working on
>> previous
>> version of syslog-ng .
>> Does anybody have this issue? Just me, lucky?
>>
>>
> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
More information about the syslog-ng
mailing list