[syslog-ng] Some logs written, some are not
Jason Brown
jbrown at boxconsulting.net
Tue Jun 9 14:00:49 UTC 2020
Thanks for the response, Peter. That reddit post was me :)
I should have specified that the logger is a Java application using logback. Not sure how relevant this is. We are not sending a “-1’. Logback has the priority field set to “info”. This is the first line sent:
2020-06-09 12:09:36,134 (main) INFO [c.b.s.r.sTestLoggerServer] [trkId=] Server starting in Staging environment
If priority is the issue, why would some pods create logs, while others do not?
Thanks,
Jason
> On 9. Jun 2020, at 15:47, Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com> wrote:
>
> Hi,
>
> A similar problem was just posted on Reddit (https://www.reddit.com/r/sysadmin/comments/gzl1f4/syslogng_dropping_some_tcpsourced_logs/ <https://www.reddit.com/r/sysadmin/comments/gzl1f4/syslogng_dropping_some_tcpsourced_logs/>). So I did a quick test. I sent the log with <-1> and it was dropped with an error message by syslog-ng. Then I simply removed the minus sign: <1>..., and it worked perfectly. Make sure that the sending site does not try to use a negative number as priority (the number between <>).
>
> Bye,
>
> Peter Czanik (CzP) <peter.czanik at oneidentity.com <mailto:peter.czanik at oneidentity.com>>
> Balabit (a OneIdentity company) / syslog-ng upstream
> https://syslog-ng.com/community/ <https://syslog-ng.com/community/>
> https://twitter.com/PCzanik <https://twitter.com/PCzanik>
> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Jason Brown <jbrown at boxconsulting.net <mailto:jbrown at boxconsulting.net>>
> Sent: Tuesday, June 9, 2020 15:40
> To: syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
> Subject: [syslog-ng] Some logs written, some are not
>
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>
>
> I’m hoping someone can help here, because I’m at my wits end.
>
> System info:
> syslog-ng OSE 3.27
> OS: CentOS 7.8 (though, I get similar results on Ubuntu 18.04)
>
> I have some kubernetes pods sending logs to a remote syslog-ng server. I have an issue where some logs are not being created. These are specifically received via TCP. I can see the message inbound by doing a packet capture, but nothing is written. One of the messages that stands out is:
> "Error processing message <-1>"
>
> Here is my scenario:
>
> Start a deployment with 3 pods:
> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
> Pod2: nothing
> Pod3: nothing
>
> Delete and deploy again:
> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
> Pod2: log created on syslog-ng server: /data/2020/06/09/pod2/logs/app.log
> Pod3: nothing
>
> Delete and deploy again:
> Pod1: nothing
> Pod2: nothing
> Pod3: nothing
>
> There seems to be no pattern. The pods that log, do so successfully. All pods should be logging the same exact date except for timestamps and the pod name.
> A packet capture shows healthy traffic inbound, with no errors, even from the pods that are not logging.
> The only indication of an issue is the trace log. Here’s an example from one of the non-writing pods, with a message id “0x7f2af8003800” :
>
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='testlogger', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='LEGACY_MSGHDR', value='testlogger: ', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='testlogger-service-54956569bb-kqsjs', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.143.181', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00800000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00400000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00200000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00040000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00020000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00100000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: severity() evaluation started; pri='6', valid_pri='000000ff', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> rewrite rule evaluation begin; rule='r_newlines', location='/etc/syslog-ng/syslog-ng.conf:186:5', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Message was cloned; original_msg='0x7f2af8003800', new_msg='0x7f2af8004830'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Performing subst() rewrite failed, pattern did not match; rule='r_newlines', value='MESSAGE', input='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', type='(null)', pattern='u2028', replacement='\x0a', location='/etc/syslog-ng/syslog-ng.conf:186:5’
>
>
> Further down in the log, I see:
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,341 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment \x0a\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message ', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>
>
> Any help would be greatly appreciated.
>
> Thank you,
> Jason
>
> ______________________________________________________________________________
> Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=7yJs4GRtKjFR0SNFxhXEa6jlCF8zEqUj8%2B6IU2U5uJE%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=7yJs4GRtKjFR0SNFxhXEa6jlCF8zEqUj8%2B6IU2U5uJE%3D&reserved=0>
> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=fusHd74hogFKcYraC2j1sx90mmj7UAD%2FAy3y6cZ%2BR%2Fs%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=fusHd74hogFKcYraC2j1sx90mmj7UAD%2FAy3y6cZ%2BR%2Fs%3D&reserved=0>
> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=9HT%2BQYiSTckuBAU2Q%2F6whDB%2BwYNnfq3xtCG0gSMVU%2B0%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=9HT%2BQYiSTckuBAU2Q%2F6whDB%2BwYNnfq3xtCG0gSMVU%2B0%3D&reserved=0>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200609/d4a4438c/attachment-0001.html>
More information about the syslog-ng
mailing list