Comments (7)
This has been fixed in syslog-ng v3.8.1 (#1032, 82b473e#diff-d9f8b4f62fd3294230ca43a28a2c0cb1R308).
Since then, only the following actions are supported:
create-context
message
<value>
as an action is not valid anymore:
Error parsing pattern database file; filename='pdb.xml', error='pdb.xml:12:1: Unexpected <values> tag, expected <message> or <create-context>'
If you want to achieve the same behavior, it can be done with the following cleaner syntax:
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='4' pub_date='2014-06-16'>
<ruleset name='myname' id='123456789'>
<rules>
<rule id='123' class='myclass' provider='bcn'>
<patterns>
<pattern>@ESTRING:greeting: @@ANYSTRING:who@</pattern>
</patterns>
<values>
<value name="answer">hi</value>
</values>
</rule>
</rules>
</ruleset>
</patterndb>
from syslog-ng.
It seems to be an unfortunate coincidence of xml parsing mistakes and celestial object aligments :D. So, when you omit the "message" tag, patterndb does not set the action's content type, so the action is simply not triggered (That's why no new message is created). But because there is a "value" tag there, patterndb try to attach it to the last valid message context, which is the rule's own message context ("message" tag creates new message context during patterndb parsing). If you don't need condition, then you can use something like this without actions (and pretty much this happens in your case):
<?xml version='1.0' encoding='UTF-8'?>
<patterndb version='4' pub_date='2014-06-16'>
<ruleset name='myname' id='123456789'>
<rules>
<rule id='123' class='myclass' provider='bcn'>
<patterns>
<pattern>@ESTRING:greeting: @@ANYSTRING:who@</pattern>
</patterns>
<values>
<value name="answer">hi</value>
</values>
</rule>
</rules>
</ruleset>
</patterndb>
If you need condition, then we should implement rewrite rule action. But you can still create new message with trigger, use inherit-properties attribute in "message" tag, set or overwrite properties from "value" tags, and then drop the original message.
from syslog-ng.
yeah, indeed. But I've figured many ppl find it misleading to get message duplication. They expect the original message to be dropped, the "enriched" one to be promoted. I personally think this is a minor issue. Thanks for looking into this!
from syslog-ng.
@bazsi should we mark this as a feature or a bug?
from syslog-ng.
@bazsi What do you think? I'd expect from an action
that it creates a new message so I'd consider this as a bug.
from syslog-ng.
/me votes for a bug
from syslog-ng.
I agree its a bug. In intended actions to generate a separate message. If
you want to enrich the current message it should just be added to the rule
tag.
On Dec 2, 2015 4:20 PM, "Fabien Wernli" [email protected] wrote:
/me votes for a bug
—
Reply to this email directly or view it on GitHub
#147 (comment).
from syslog-ng.
Related Issues (20)
- clang c++ support HOT 1
- trusted-keys: support a secure hash algorithm HOT 1
- Add macro for certificate fingerprint HOT 1
- Unexpected behavior with multiple conditions including 'not' in the filter HOT 4
- There is no problem starting syslog-ng, but Verify reports an error. HOT 1
- OpenTelemetry/OTLP: add support for certificate pinning, like with `trusted-keys()` HOT 3
- Config failing with kafka and template HOT 3
- syslog-ng 3.24.1 sometimes crash in log_pipe_queue HOT 2
- libcloud-auth is underlinked HOT 1
- Fuzzing discovery HOT 1
- Discrepancy in documentation related to how to enable threading for specific sources HOT 5
- Issue using RFC5424 config HOT 17
- Enhance eps_last_1h / eps_last_24h Metrics HOT 2
- Is loki destination actually implemented? HOT 2
- Syslog-ng Service crashes in g_hash_table_lookup function after syslog-ng-ctl reload HOT 2
- `file-reader` supports only polling on linux HOT 2
- destination syslog forget messages on long disconnect/reconnect HOT 4
- modules/affile: NULL deference HOT 1
- lib/cfg-argc.c -- NULL dereference HOT 1
- Multiple issues around the test cases using cmake
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from syslog-ng.