1397609 – Syslog-NG conf.d files ignored in some cases

Bug 1397609 - Syslog-NG conf.d files ignored in some cases

Summary: Syslog-NG conf.d files ignored in some cases

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	syslog-ng
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jose Pedro Oliveira
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-23 00:14 UTC by Thomas Spear
Modified:	2024-07-08 22:25 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-07-08 22:25:08 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Proposed patch (828 bytes, patch) 2016-11-23 00:46 UTC, Thomas Spear	no flags	Details \| Diff
View All

Description Thomas Spear 2016-11-23 00:14:13 UTC

Description of problem:
When using a default config, adding files to conf.d sometimes does not result in the desired effect.

Version-Release number of selected component (if applicable):
syslog-ng-3.5.6-3.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Create the following files in /etc/syslog-ng/conf.d:
   1-sources.conf
   2-filters.conf
   3-destinations.conf
   4-logs.conf
2. In each file, put one type of config entry. For example, in 1-sources.conf place only source { } entries
For my own case, I created a filter for iptables output in 2-filters.conf, a destination for the log entries caught by the iptables filter in 3-destinations.conf, and a log entry to tie it all together in 4-logs.conf.
3. Restart syslog-ng and check for the existence of your new log file (it should not exist)

Actual results:
File does not exist

Expected results:
File gets created and populated, which should prevent them from going to the main system log.

Additional info:

Comment 1 Thomas Spear 2016-11-23 00:21:08 UTC

I was able to find 2 workarounds for this 

1) By modifying the main syslog-ng.conf file so that the @include for the conf.d/*.conf files is located between the default filter entries and the default log entries, the log entries from conf.d then take precedence over the default. This may not always be ideal, but I feel that if syslog-ng is going to support @include (which, AFAIK is specifically supported to prevent modifications to the main syslog-ng.conf file) then we should not require modifying the main syslog-ng.conf file like you would have to do in the other workaround listed below.

2) The second workaround is to modify the f_default filter to ignore whatever messages files you are wanting to filter into a separate file. Being that this workaround causes someone to have to modify the default config, it subjects their config to either being overwritten during a future patching, or to not having fixes provided in a future patch get applied to the existing config due to the modifications.

Comment 2 Thomas Spear 2016-11-23 00:46:36 UTC

Created attachment 1222924 [details]
Proposed patch

Moves the loading of external config files to before the log { } entries in syslog-ng.conf so that any log entries which might use a filter that takes precedence over f_default (or any other default filter) can properly work, without forcing a user to modify the default syslog-ng.conf file.

Comment 3 Troy Dawson 2024-07-08 22:25:08 UTC

EPEL 7 entered end-of-life (EOL) status on 2024-06-30.\n\nEPEL 7 is no longer maintained, which means that it\nwill not receive any further security or bug fix updates.\n As a result we are closing this bug.

Note You need to log in before you can comment on or make changes to this bug.