search

driskell / log-courier

The Log Courier Suite is a set of lightweight tools created to ship and process log files speedily and securely, with low resource usage, to Elasticsearch or Logstash instances.
Other
419 stars 107 forks source link

syslog "progname" uses a full path rather than a basename #384

Closed sysmonk closed 3 years ago

sysmonk commented 3 years ago

Howdy,

Finally looking at upgrading our log-courier installations (2.0.6 -> 2.6.2). We've got a rsyslog configuration, which sends 'log-courier' logs to a specific log file. Something like this:

:programname,contains,"log-courier" /var/log/log-courier.log
&~

But after upgrading this stopped working. The issue is that the progname is now a full path: Before:

Sep  9 12:59:43 stankea log-courier[15511]: Loading registrar data from /var/run//.log-courier

Now:

Sep  9 13:50:54 stankea /usr/local/bin/log-courier[26304]: Loading registrar data from /var/run//.log-courier

And based on the documentation, the slash is a terminator, so the /usr/local/bin/log-courier becomes an empty progname: Docs:

programname
the “static” part of the tag, as defined by BSD syslogd. For example, when TAG is “named[12345]”, programname is “named”.

Precisely, the programname is terminated by either (whichever occurs first):

end of tag
nonprintable character
‘:’
‘[‘
‘/’

Technically, it's probably not a bug, but a feature request :) Is it possible to have the log use basename($0) rather than the full path to the binary?

driskell commented 3 years ago

Currently testing from the log-courier2-testing repository and if all good overnight I will tag up a release.