Description of problem: recent upgrade from 3.1.4 to 3.2.4 breaks existing logging because local logsources are now expressed as 'hostname/hostname' instead of 'localhost@hostname'. Beside the changed name, the '/' prevents creation of logfiles based on $FULLHOST. E.g. the sample configuration ----- @version:3.2 ################################################################### #### #### DO NOT EDIT THIS FILE! #### This file is managed by cfengine; any manual changes will be overridden #### ################################################################### options { flush_lines (0); time_reopen (10); log_fifo_size (16384); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); chain_hostnames (yes); }; source localhost { unix-stream ("/dev/log"); file("/proc/kmsg" program_override("kernel")); internal(); }; destination stunnel { tcp("127.0.0.1" port(520)); tcp("127.0.0.1" port(521)); }; ## Common block for kernel-logging filter f_kern { facility(kern); }; filter f_min_emerg { level(emerg); }; filter f_min_alert { level(alert..emerg); }; filter f_min_crit { level(crit..emerg); }; filter f_min_err { level(err..emerg); }; filter f_min_warn { level(warn..emerg); }; filter f_kern_err { filter(f_kern) and filter(f_min_warn); }; filter f_kern_crit { filter(f_kern) and filter(f_min_crit); }; destination d_kern { file("/var/log/kernel" fsync(yes) perm(0644)); }; destination d_cons { file("/dev/console"); }; log { filter(f_kern_err); source(localhost); destination(d_kern); }; log { filter(f_kern_crit); source(localhost); destination(d_cons); }; ## End kernel-logging block} log { destination(stunnel); flags(catch-all); }; ----- on a client logs to a server with | destination d_iptables { file("/var/log/remote/IPTABLES/log.$FULLHOST" sync(10)); }; With 3.1.4 it wrote e.g. to 'log.localhost@walther'. Now, it fails with | Error opening file for writing; filename='/var/log/remote/IPTABLES/log.walther/walther', error='No such file or directory (2)' Version-Release number of selected component (if applicable): syslog-ng-3.2.4-1.el6.x86_64
Enrico, Thanks for the upstream bug report: * [regression] broken $FULLHOST after upgrade to 3.2.4 https://bugzilla.balabit.com/show_bug.cgi?id=124
Upstream fix: * fixed chain-hostnames() processing http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=2db971fc37471e39f6a8b34595ca23833166831e
Rawhide build: * syslog-ng-3.2.4-6.fc16 http://koji.fedoraproject.org/koji/buildinfo?buildID=250498 Warning: this build is for systemd systems; it also has SQL and Capabilities support enabled.
syslog-ng-3.2.4-2.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/syslog-ng-3.2.4-2.el6
Package syslog-ng-3.2.4-2.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing syslog-ng-3.2.4-2.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/syslog-ng-3.2.4-2.el6 then log in and leave karma (feedback).
syslog-ng-3.2.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.