[syslog-ng] syslog-ng 3.3.3 pipe source does not parse host

From: Evan Rempel <erempel_at_nospam>
Date: Sat Dec 03 2011 - 06:16:04 GMT
To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu>

Try as I might, I can not get a pipe source to maintain the hostname. Syslog-ng includes the hostname
as the $MSGHDR (or the $PROGRAM).

my config
# -----------------------------------
source patterndb { pipe("/var/log/syslog.pipes/patterndb" log_fetch_limit(500) log_iw_size(100000) ); };
source int { internal(); };

template t_standardfile { template("$S_ISODATE $FULLHOST $FACILITY.$LEVEL $MSGHDR][$PROGRAM][$MESSAGE\n"); template_escape(no); };

destination d_var_patterndb { file("/var/log/patterndb.$R_YEAR$R_MONTH$R_DAY.000000" owner("root") group("syslogs") perm(0640) template(t_standardfile)); };

log { source(patterndb); destination(d_var_patterndb); };
# -----------------------------------

data I write tothe pipe

# -----------------------------------
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
<12>2011-11-25T00:00:30-08:00 somehost.uvic.ca mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
# -----------------------------------

The output file
# -----------------------------------
2011-11-25T00:00:30-08:00 patterndb@catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.618 2011: Accepted and connected to 172.20.102.38 hermes0080 <c0n350>
2011-11-25T00:00:30-08:00 patterndb@catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.620 2011: Connecting to 172.20.107.23 nestor0167 <c0n200>
2011-11-25T00:00:30-08:00 patterndb@catamount.comp.uvic.ca user.warning somehost.uvic.ca ][somehost.uvic.ca][mmfs: Fri Nov 25 00:00:29.621 2011: Connected to 172.20.107.23 nestor0167 <c0n200>
# -----------------------------------

Am I missing something silly with the 3.3 config syntax (Up until now I have only used up to 3.0)

Evan.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

This message: [ Message body ]
Next message: Luis Pugoy: "[syslog-ng] syslog-ng 3.1.2 segmentation fault in Ubuntu 10.10"
Previous message: Gergely Nagy: "Re: [syslog-ng] syslog-ng 3.3.3 default year is wrong"
Next in thread: Balazs Scheidler: "Re: [syslog-ng] syslog-ng 3.3.3 pipe source does not parse host"
Reply: Balazs Scheidler: "Re: [syslog-ng] syslog-ng 3.3.3 pipe source does not parse host"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]