1 |
Hi Jarry, |
2 |
thanks for the detailed info. I have discussed the issue with my |
3 |
colleagues, and it seems that the error is on our side: there was a |
4 |
performance-related change in the program-override option in 3.0.4, |
5 |
which broke the function. |
6 |
|
7 |
So you can either downgrade to an older version (3.0.3 should work), |
8 |
or if you want to stick to 3.0.4, you can try to add a rewrite rule to |
9 |
set the PROGRAM field to teamspeak (which may or may not work in this |
10 |
case, since the program field seems to be empty in the message - |
11 |
sorry, I haven't had the time to test it). |
12 |
|
13 |
Alternatively, you can create a template for this destination and |
14 |
rebuild the message from macros and add a default value for program |
15 |
($ISODATE $HOST ${PROGRAM:-teamspeak2} $MESSAGE) |
16 |
|
17 |
I hope one of these will work for you. |
18 |
|
19 |
Regards, |
20 |
|
21 |
Robert |
22 |
|
23 |
|
24 |
Quoting Jarry <mr.jarry@×××××.com>: |
25 |
|
26 |
> Fekete Robert wrote: |
27 |
>> You are right, the program-override option is missing from the |
28 |
>> documentation of the file source, but it should work anyway. |
29 |
>> We did a quick test and it was working on our Ubuntu machines (tested |
30 |
>> with syslog-ng 3.02a), both on kernel messages and also on custom |
31 |
>> files containing log messages. |
32 |
> |
33 |
> Well, I'm not sure where is the problem. I'm using syslog-ng-3.0.4 |
34 |
> (the last stable version in portage). This is relevant part of my |
35 |
> "new" /etc/syslog-ng.conf: |
36 |
> ==================== |
37 |
> options { chain_hostnames(no); |
38 |
> stats_freq(3600); |
39 |
> ts_format(iso); |
40 |
> flush_lines(1); |
41 |
> log_fifo_size(250); }; |
42 |
> |
43 |
> source s_teamspeak { file("/var/log/teamspeak2-server/server.log" |
44 |
> flags(store-legacy-msghdr) |
45 |
> program_override("teamspeak: ") |
46 |
> log_fetch_limit(100) |
47 |
> flags(no-parse)); }; |
48 |
> |
49 |
> destination d_teamspeak { file("/var/log/ts2.log"); }; |
50 |
> log { source(s_teamspeak); destination(d_teamspeak); }; |
51 |
> ========================== |
52 |
> |
53 |
> One line in source (/var/log/teamspeak-server/server.log): |
54 |
> 04-11-09 16:52:54,ALL,Info... (etc) |
55 |
> |
56 |
> Corresponding line in /var/log/ts2.log (that program_override() |
57 |
> is simply missing): |
58 |
> 2009-11-04T16:52:54+00:00 talk 04-11-09 16:52:54,ALL,Info... |
59 |
> |
60 |
> For comparison, the same part of my syslog-ng v2.x config: |
61 |
> ========================== |
62 |
> options { chain_hostnames(off); |
63 |
> sync(0); |
64 |
> stats(43200); |
65 |
> ts_format(iso); }; |
66 |
> |
67 |
> source s_teamspeak2 { file("/var/log/teamspeak2-server/server.log" |
68 |
> log_prefix("teamspeak2: ") |
69 |
> follow_freq(1) |
70 |
> flags(no-parse)); }; |
71 |
> |
72 |
> destination d_teamspeak { file("/var/log/ts2.log"); }; |
73 |
> log { source(s_teamspeak); destination(d_teamspeak); }; |
74 |
> =========================== |
75 |
> |
76 |
> And this is what I got in ts2.log with syslog-ng v2.x: |
77 |
> |
78 |
> 2009-09-25T18:17:41+00:00 talk teamspeak2: 28-07-09 18:49:39,ALL,Info... |
79 |
> |
80 |
> You see the difference? |
81 |
> syslog-ng 2.x: "iso-time hostname *log_prefix* message" |
82 |
> syslog-ng 3.x: "iso-time hostname message" |
83 |
> Where is program_override? |
84 |
> |
85 |
> v2/v3 config-files are now not absolutely the same but even when |
86 |
> I made them identical (removed fifo_size, fetch_limit, flags, etc) |
87 |
> I still had this problem. And I observed this strange behavior |
88 |
> not only with this particular file() source, but with all file() |
89 |
> sources. So what could be the reason? |
90 |
> |
91 |
> Jarry |
92 |
> |
93 |
> -- |
94 |
> _______________________________________________________________ |
95 |
> This mailbox accepts e-mails only from selected mailing-lists! |
96 |
> Everything else is considered to be spam and therefore deleted. |
97 |
|
98 |
|
99 |
|
100 |
---------------------------------------------------------------- |
101 |
This message was sent using IMP, the Internet Messaging Program. |