[syslog-ng] Some logs written, some are not
Jason Brown
jbrown at boxconsulting.net
Tue Jun 9 14:20:04 UTC 2020
Hi,
The fact that it’s kubernetes is neither here nor there (I -think-). It’s effectively the same as n applications starting on n servers. What’s really weird is that logs are created some of the time.
I’ll go dig through the logback config to see if I can find something. I’ll report any findings.
Thanks again for the help,
Jason
> On 9. Jun 2020, at 16:14, Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com> wrote:
>
> Hi,
>
> I have never used Kubernetes yet, so I don't know that part of the answer. Just that the error message included:
>
> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,341 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment \x0a\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<', msg='0x7f2af8003800'
>
> is resolved if you use a positive number of priority.
>
> Just another suspicion, as I don't code in Java or use logback: priority is composed from two different numbers, facility (like "mail") and level (like "info"). <-1> might be sent as an error value because you specify only one of those.
>
> Bye,
>
> Peter Czanik (CzP) <peter.czanik at oneidentity.com <mailto:peter.czanik at oneidentity.com>>
> Balabit (a OneIdentity company) / syslog-ng upstream
> https://syslog-ng.com/community/ <https://syslog-ng.com/community/>
> https://twitter.com/PCzanik <https://twitter.com/PCzanik>
> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Jason Brown <jbrown at boxconsulting.net <mailto:jbrown at boxconsulting.net>>
> Sent: Tuesday, June 9, 2020 16:00
> To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
> Subject: Re: [syslog-ng] Some logs written, some are not
>
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>
> Thanks for the response, Peter. That reddit post was me :)
>
> I should have specified that the logger is a Java application using logback. Not sure how relevant this is. We are not sending a “-1’. Logback has the priority field set to “info”. This is the first line sent:
>
> 2020-06-09 12:09:36,134 (main) INFO [c.b.s.r.sTestLoggerServer] [trkId=] Server starting in Staging environment
>
> If priority is the issue, why would some pods create logs, while others do not?
>
> Thanks,
> Jason
>> On 9. Jun 2020, at 15:47, Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com <mailto:Peter.Czanik at oneidentity.com>> wrote:
>>
>> Hi,
>>
>> A similar problem was just posted on Reddit (https://www.reddit.com/r/sysadmin/comments/gzl1f4/syslogng_dropping_some_tcpsourced_logs/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.reddit.com%2Fr%2Fsysadmin%2Fcomments%2Fgzl1f4%2Fsyslogng_dropping_some_tcpsourced_logs%2F&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556671615&sdata=CcFkzQnHBFUg5MF44RVd%2BNsWEdmZyABQOl%2BmL3DB81s%3D&reserved=0>). So I did a quick test. I sent the log with <-1> and it was dropped with an error message by syslog-ng. Then I simply removed the minus sign: <1>..., and it worked perfectly. Make sure that the sending site does not try to use a negative number as priority (the number between <>).
>>
>> Bye,
>>
>> Peter Czanik (CzP) <peter.czanik at oneidentity.com <mailto:peter.czanik at oneidentity.com>>
>> Balabit (a OneIdentity company) / syslog-ng upstream
>> https://syslog-ng.com/community/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsyslog-ng.com%2Fcommunity%2F&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556671615&sdata=m9RRlT%2FqHnyFjgdMLYvfvR7z%2By2kgPsV5Ahs%2FN1YhIM%3D&reserved=0>
>> https://twitter.com/PCzanik <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPCzanik&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556681572&sdata=8rqnRnxIyu%2Be7TYnwIrZtDBOryT7PNK5egMXsv%2Bii6M%3D&reserved=0>
>> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu <mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Jason Brown <jbrown at boxconsulting.net <mailto:jbrown at boxconsulting.net>>
>> Sent: Tuesday, June 9, 2020 15:40
>> To: syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu> <syslog-ng at lists.balabit.hu <mailto:syslog-ng at lists.balabit.hu>>
>> Subject: [syslog-ng] Some logs written, some are not
>>
>> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>>
>>
>> I’m hoping someone can help here, because I’m at my wits end.
>>
>> System info:
>> syslog-ng OSE 3.27
>> OS: CentOS 7.8 (though, I get similar results on Ubuntu 18.04)
>>
>> I have some kubernetes pods sending logs to a remote syslog-ng server. I have an issue where some logs are not being created. These are specifically received via TCP. I can see the message inbound by doing a packet capture, but nothing is written. One of the messages that stands out is:
>> "Error processing message <-1>"
>>
>> Here is my scenario:
>>
>> Start a deployment with 3 pods:
>> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
>> Pod2: nothing
>> Pod3: nothing
>>
>> Delete and deploy again:
>> Pod1: log created on syslog-ng server: /data/2020/06/09/pod1/logs/app.log
>> Pod2: log created on syslog-ng server: /data/2020/06/09/pod2/logs/app.log
>> Pod3: nothing
>>
>> Delete and deploy again:
>> Pod1: nothing
>> Pod2: nothing
>> Pod3: nothing
>>
>> There seems to be no pattern. The pods that log, do so successfully. All pods should be logging the same exact date except for timestamps and the pod name.
>> A packet capture shows healthy traffic inbound, with no errors, even from the pods that are not logging.
>> The only indication of an issue is the trace log. Here’s an example from one of the non-writing pods, with a message id “0x7f2af8003800” :
>>
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='testlogger', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='LEGACY_MSGHDR', value='testlogger: ', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='testlogger-service-54956569bb-kqsjs', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.143.181', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00800000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00400000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00200000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00040000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00020000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='20', valid_fac='00100000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: severity() evaluation started; pri='6', valid_pri='000000ff', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> rewrite rule evaluation begin; rule='r_newlines', location='/etc/syslog-ng/syslog-ng.conf:186:5', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Message was cloned; original_msg='0x7f2af8003800', new_msg='0x7f2af8004830'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Performing subst() rewrite failed, pattern did not match; rule='r_newlines', value='MESSAGE', input='2020-06-09 11:23:47,295 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment ', type='(null)', pattern='u2028', replacement='\x0a', location='/etc/syslog-ng/syslog-ng.conf:186:5’
>>
>>
>> Further down in the log, I see:
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,341 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Server starting in Staging environment \x0a\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Initial message parsing follows;
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='MESSAGE', value='Error processing log message: <-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message \x0a\x0a>@<\x0a<-1>Jun 9 11:23:47 testlogger-service-54956569bb-2c5wl testlogger: 2020-06-09 11:23:47,346 (main) INFO [c.b.s.r.s.TestLoggerServer] [trkId=] Test log message ', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PROGRAM', value='syslog-ng', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='PID', value='28873', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST_FROM', value='10.13.98.167', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='HOST', value='10.13.98.167/10.13.98.167', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Setting value; name='SOURCE', value='s_tcp_net_514', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:147:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00800000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local7', location='/etc/syslog-ng/syslog-ng.conf:147:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:146:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00400000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local6', location='/etc/syslog-ng/syslog-ng.conf:146:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:145:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00200000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local5', location='/etc/syslog-ng/syslog-ng.conf:145:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:142:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00040000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local2', location='/etc/syslog-ng/syslog-ng.conf:142:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:141:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00020000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local1', location='/etc/syslog-ng/syslog-ng.conf:141:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:144:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00100000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local4', location='/etc/syslog-ng/syslog-ng.conf:144:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: Requesting flow control; location='/etc/syslog-ng/syslog-ng.conf:143:32'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: facility() evaluation started; fac='5', valid_fac='00080000', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_local3', location='/etc/syslog-ng/syslog-ng.conf:143:32', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: >>>>>> filter rule evaluation begin; rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: match() evaluation started; input='syslog-ng', pattern='.*[.]000', value='PROGRAM', msg='0x7f2af8003800'
>> Jun 9 11:23:47 s_local at syslog syslog-ng[28873]: <<<<<< filter rule evaluation result; result='UNMATCHED - Dropping message from LogPipe', rule='f_loggen', location='/etc/syslog-ng/syslog-ng.conf:97:22', msg='0x7f2af8003800'
>>
>>
>> Any help would be greatly appreciated.
>>
>> Thank you,
>> Jason
>>
>> ______________________________________________________________________________
>> Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=7yJs4GRtKjFR0SNFxhXEa6jlCF8zEqUj8%2B6IU2U5uJE%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556681572&sdata=2j6perQkx4E3lPEk6kqrrStrbukd2NHGbtT2k%2B%2FKuM4%3D&reserved=0>
>> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=fusHd74hogFKcYraC2j1sx90mmj7UAD%2FAy3y6cZ%2BR%2Fs%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556691527&sdata=vqJXbY04zvy%2BLY4fg9neALm68HgY1YfRq8xkvLm8Rok%3D&reserved=0>
>> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7Cb44aaefd475f46061ff208d80c7abb2f%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273068575163388&sdata=9HT%2BQYiSTckuBAU2Q%2F6whDB%2BwYNnfq3xtCG0gSMVU%2B0%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556691527&sdata=%2BTy4a6pl5jEKRQY5PXz%2BFTKQX3Hv8uJgA%2F0Eh4ZrFVs%3D&reserved=0>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556701484&sdata=Tl68X3wApyRZGPfnxgARSulj6x6j0QACN%2Fzvt8rEgic%3D&reserved=0>
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556701484&sdata=kdsCQ0%2F0R4F4k%2B32bJghFzAyJm8B1VUeP8sFBD4KKQI%3D&reserved=0>
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C589282067259439325f708d80c7d86c3%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637273080556711442&sdata=EsRLqlrq1bHDYnmgoQTgPX4XLf8WCxQc9wkHpjwdPkY%3D&reserved=0>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200609/783a25dd/attachment-0001.html>
More information about the syslog-ng
mailing list