Re: [gentoo-user] Re: syslog-ng: v2->v3 config issue...

Wed, 04 Nov 2009 09:31:22 -0800 

Fekete Robert wrote:

You are right, the program-override option is missing from the
documentation of the file source, but it should work anyway.
We did a quick test and it was working on our Ubuntu machines (tested
with syslog-ng 3.02a), both on kernel messages and also on custom
files containing log messages.


Well, I'm not sure where is the problem. I'm using syslog-ng-3.0.4
(the last stable version in portage). This is relevant part of my
"new" /etc/syslog-ng.conf:
====================
options { chain_hostnames(no);
          stats_freq(3600);
          ts_format(iso);
          flush_lines(1);
          log_fifo_size(250); };

source s_teamspeak { file("/var/log/teamspeak2-server/server.log"
                        flags(store-legacy-msghdr)
                        program_override("teamspeak: ")
                        log_fetch_limit(100)
                        flags(no-parse)); };

destination d_teamspeak { file("/var/log/ts2.log"); };
log { source(s_teamspeak); destination(d_teamspeak); };
==========================

One line in source (/var/log/teamspeak-server/server.log):
04-11-09 16:52:54,ALL,Info... (etc)

Corresponding line in /var/log/ts2.log (that program_override()
is simply missing):
2009-11-04T16:52:54+00:00 talk 04-11-09 16:52:54,ALL,Info...

For comparison, the same part of my syslog-ng v2.x config:
==========================
options { chain_hostnames(off);
          sync(0);
          stats(43200);
          ts_format(iso); };

source s_teamspeak2 { file("/var/log/teamspeak2-server/server.log"
                        log_prefix("teamspeak2: ")
                        follow_freq(1)
                        flags(no-parse)); };

destination d_teamspeak { file("/var/log/ts2.log"); };
log { source(s_teamspeak); destination(d_teamspeak); };
===========================

And this is what I got in ts2.log with syslog-ng v2.x:

2009-09-25T18:17:41+00:00 talk teamspeak2: 28-07-09 18:49:39,ALL,Info...

You see the difference?
syslog-ng 2.x: "iso-time hostname *log_prefix* message"
syslog-ng 3.x: "iso-time hostname message"
Where is program_override?

v2/v3 config-files are now not absolutely the same but even when
I made them identical (removed fifo_size, fetch_limit, flags, etc)
I still had this problem. And I observed this strange behavior
not only with this particular file() source, but with all file()
sources. So what could be the reason?

Jarry

--
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.























					Reply via email to