[Syslog-ng-maintainers] Bug#991142: f_debug side effects

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Jul 15 16:05:19 BST 2021 

Package: syslog-ng-core
Version: 3.19.1-5

Hello,
the standard syslog-ng.conf contains (among others) these lines:

filter f_dbg { level(debug); };

filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };

filter f_auth { facility(auth, authpriv) and not filter(f_debug); };

filter f_mail { facility(mail) and not filter(f_debug); };
filter f_news { facility(news) and not filter(f_debug); };

log { source(s_src); filter(f_auth); destination(d_auth); };

log { source(s_src); filter(f_mail); destination(d_mail); };

log { source(s_src); filter(f_debug); destination(d_debug); };


...the f_debug includes debug level and excludes facilities auth,
authpriv, news and mail, which is good for d_debug destination, BUT,
because of excluding those facilities, the "not filter(f_debug)" does NOT exclude debug
priority for any of them:

mail.debug:
filter(f_debug) = false
not filter(f_debug) = true

Thus, debug priority is not excluded in d_auth and d_mail destinations,
while it was apparently intended to be filtered out.

we can test it by running:

# logger  -p mail.debug mail debug
# logger  -p auth.debug auth debug

# grep debug auth.log mail.log
auth.log:Jul 15 16:22:51 mail root[29022]: auth debug
mail.log:Jul 15 16:07:25 mail root[26770]: mail debug


I believe that it can be fixed by either:

a) removing "not filter(f_debug);" from f_auth, f_mail and f_news definitions

b) using "not filter(f_dbg)" instead of "not filter(f_debug)" in log
   definitions

c) moving "not facility(auth, authpriv, news, mail)" to definicion of f_dbg
  and using f_dbg for d_debug


with variant a) the functionality would stay the same but less misleading

I personally would prefer variant c) as I find it cleanest and easiest to
understand and debug.


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

More information about the Syslog-ng-maintainers mailing list