Q & ACategory: Questionssyslog-ng-restart-when-log-with-rewrite-rule
Huang Han asked 8 months ago

I added rewrite rule in syslog-ng.conf as follows, rewrite r_my_test { subst(\”root\”, \”***\”, value(\”MESSAGE\”)); };    // to replace \’root\’ with \’***\’ in log message content log { source(s_sys); filter(f_auth); rewrite(r_my_test); destination(d_sys_security); }; the syslog-ng restart when there is a log message include string \’root\’ comming.  What\’s the reason for it? The syslog-ng version is: syslog-ng 3.4.2Installer-Version: 3.4.2Revision: ssh+git://algernon@git.balabit/var/scm/git/syslog-ng/syslog-ng-ose–mainline–3.4#master-3.4#3b56ec13289230c28d5b6fa60bf507687adf7fd0Compile-Date: Mar 14 2017 20:24:04Available-Modules: afsocket-tls,afamqp,syslogformat,afuser,afsocket,afprog,affile,dbparser,cryptofuncs,afmongodb,confgen,afsocket-notls,csvparser,system-source,basicfuncsEnable-Debug: offEnable-GProf: offEnable-Memtrace: offEnable-IPv6: onEnable-Spoof-Source: offEnable-TCP-Wrapper: onEnable-Linux-Caps: offEnable-Pcre: off  

1 Answers
Robert Fekete answered 8 months ago

Hi, can you try to reproduce the problem with a newer version? 3.4 is very old, and even the 3.4 branch had several bugfix releases since 3.4.2. You can find links to various packages at