Hi Jarry,
I work for BalaBit, the developer of syslog-ng, and am the maintainer
of the syslog-ng docs.
You are right, the program-override option is missing from the
documentation of the file source, but it should work anyway.
We did a quick test and it was working on our Ubuntu machines (tested
with syslog-ng 3.02a), both on kernel messages and also on custom
files containing log messages.
Which version of syslog-ng are you running? Are the messages in the file in
correct syslog format, or do they have some custom format?
If the problem persists, could you open a ticket in the syslog-ng bugzilla at
https://bugzilla.balabit.com/?
Regards,
Robert Fekete
Hi,
as syslog-ng 3.0.x became stable, all my servers updated
to it from 2.1.4, but I have a problem with configuration:
In 2.x I used "log_prefix()" option for "file()" source.
When I tried to start syslog-ng 3.x it complained about
"log_prefix()" being deprecated, and said I have to use
"program_override()" instead.
I modified syslog-ng.conf, but it does not work at all.
It simply acts as if there was no "program_override()"
option in "file()" source.
I checked syslog-ng-v3.0-guide-admin-en.pdf and found this:
"log_prefix()" really *is* deprecated, but it seems to me
that "program_override()" was not implemented in "file()"
source driver at all! At least, I did not find it as valid
option for "file()" source driver in the chapter 8 Reference
(in syslog-ng admin guide)...
How can I fix this? I definitelly need that "log_prefix()"
(or "program_override()") option as I use it later for
filtering of non-standard log messages on my log-server...
Jarry
