Public bug reported:
Having a problem with syslog-ng 3.5.6-2.1 on Ubuntu 16.04 LTS.
It doesn't properly evaluate syslog message with nested filter
configuration below.
# /etc/syslog-ng/syslog-ng.conf
destination d_filtered { file("/var/log/filtered.log"); };
filter f_1 { host("ubuntu"); };
filter f_2 { filter(f_1); };
filter f_3 { filter(f_2); };
log { source(s_src); filter(f_3); destination(d_filtered); };
$ sudo systemctl restart syslog-ng
$ logger foo
# it does NOT report the log into /var/log/filtered.log
3 nested filters works wrong, but 2 nested filters does.
# /etc/syslog-ng/syslog-ng.conf
destination d_filtered { file("/var/log/filtered.log"); };
filter f_1 { host("ubuntu"); };
filter f_2 { filter(f_1); };
log { source(s_src); filter(f_2); destination(d_filtered); };
$ sudo systemctl restart syslog-ng
$ logger foo
# it reports "Jul 15 03:26:51 ubuntu-xenial ubuntu: foo" into
/var/log/filtered.log
This problem was fixed on a newer version of syslog-ng,
# install dependencies
$ sudo apt-get install -y build-essential pkg-config libtool automake
libglib2.0-dev
$ git clone https://github.com/balabit/eventlog.git
$ cd eventlog/
$ ./autogen.sh
$ ./configure
$ make
$ sudo make install
$ sudo ldconfig
# install a newer syslog-ng
$ wget
https://github.com/balabit/syslog-ng/releases/download/syslog-ng-3.6.2/syslog-ng-3.6.2.tar.gz
$ tar zxvf syslog-ng-3.6.2.tar.gz
$ cd syslog-ng-3.6.2/
$ ./configure
$ make
$ sudo make install
$ sudo ldconfig
# append similar configuration into scl/syslog-ng.conf
destination d_filtered { file("/var/log/filtered.log"); };
filter f_1 { host("ubuntu"); };
filter f_2 { filter(f_1); };
filter f_3 { filter(f_2); };
log { source(s_local); filter(f_3); destination(d_filtered); };
$ sudo syslog-ng -F -f ./scl/syslog-ng.conf
$ logger foo
# it reports "Jul 15 03:47:52 ubuntu-xenial ubuntu[8034]: foo" into
/var/log/filtered.log
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: syslog-ng 3.5.6-2.1
ProcVersionSignature: User Name 4.4.0-28.47-generic 4.4.13
Uname: Linux 4.4.0-28-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
Date: Fri Jul 15 04:15:33 2016
PackageArchitecture: all
ProcEnviron:
TERM=screen-256color
SHELL=/bin/bash
PATH=(custom, user)
LANG=en_US.UTF-8
XDG_RUNTIME_DIR=<set>
SourcePackage: syslog-ng
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: syslog-ng (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug uec-images xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1603301
Title:
syslog-ng doesn't properly evaluate nested filters
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/syslog-ng/+bug/1603301/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
