Arch Linux

Seems that your is syslog-ng.conf-2 isn't updated to the new syslog-ng-3 format. or i am wrong? you have read the install note?

Attention syslog-ng update:
Configuration file syntax has changed. Make sure to update /etc/syslog-ng.conf

This is from a new install of Arch Linux x86_64 on 03/10/2009. Migrating from Gentoo :)

I started with the syslog-ng.conf file provided with pacman install and added rules for my firewall script.
I read "man syslog-ng.conf" to learn all new options but quickly realized that this file is not up to date.
After that, I simply started trying options from my old syslog-ng.conf (for example, no-multiline-yes).

Perhaps the problem is only due to an outdated man file?

To clarify:
All options listed in my initial post were taken from my current man syslog-ng.conf(5) with
the exception of no-multiline-yes (which is commented out).

I am now using the following link to obtain options:
http://www.balabit.com/dl/html/syslog-ng-v3.0-guide-admin-en.html/ch08s09.html

I have just completed testing the options listed below:

options {
# chain_hostnames(<yes|no>); # Default: no
# check_hostname(<yes|no>); # Default: no
# create_dirs(<yes|no>); # Default: no
# dir_owner(<uid>); # Default: root
# dir_group(<gid>); # Default: root
# dir_perm(<perm>); # Default: 0700
# dns_cache(<yes|no>); # Default: yes
# dns_cache_expire(<seconds>); # Default: 3600
# dns_cache_expire_failed(<seconds>); # Default: 60
# dns_cache_size(<number of hostnames>); # Default: 1007
# frac_digits(<number of digits>); # Default: 0
# flush_lines(<number of lines>); # Default: 0
# flush_timeout(<time in milliseconds>); # Default: 10000
# group(log); # Default: root
# keep_hostname(<yes|no>); # Default: no
# keep_timestamp(<yes|no>); # Default: yes
# log_fifo_size(<number of lines>); # Default: 100
# log_msg_size(<length in bytes>); # Default: 8192
# normalize_hostnames(<yes|no>); # Default: no
# owner(<uid>); # Default: root
# mark(<number of seconds>); # Default: 1200
# mark_freq(number of seconds>); # Default: 1200
# perm(<perm>); # Default: 0600
# rec_time_zone(<time offset>); # Default: local timezone
# send_time_zone(<time offset>); # Default: local timezone
# stats_freq(<time in seconds>); # Default: 600
# time_reap(<time in seconds>); # Default: 60
# time_reopen(<time in seconds>); # Default: 60
# time_sleep(<time in milliseconds>); # Default: 0
# ts_format(<rfc3164|bsd|rfc3339|iso>); # Default: rfc3164
# use_dns(<yes|no|persist_only>); # Default: yes
# use_fqdn(<yes|no>); # Default: no
};

I used the syslog-ng.conf file provided by pacman. No part of the file was changed except for options.
I uncommented one and only one option at a time and then started syslog-ng.
Each option was tested with differnt settings (ie yes/no, different times, different groups, etc.)

---------------------------------------------------
The following options caused problems:

dir_owner(root) # Starts with error: Error resolving user; user='root'
dir_owner(<normal user>) # Starts with error: Error resolving user; user='<normal user>'

dir_group(root) # Starts without error.
dir_group(log) # Fails with error: syntax error in /etc/syslog-ng.conf at line 26.

group(root) # Starts without error.
group(log) # Fails with error: syntax error in /etc/syslog-ng.conf at line 36.

owner(root) # Starts with error: Error resolving user; user='root'
owner(<normal user>) # Starts with error: Error resolving user; user='<normal user>'

mark(<seconds>) # Starts with error: Your configuration file uses an obsoleted keyword, please update your configuration; keyword='mark', change='mark_freq'
# This is noted as obsolete in the link posted earlier

------------------
Notes:
I checked that group "log" exists

When I first noticed this problem, the only apps installed (other than core) were xorg, nvidia, slim, fluxbox, aterm, conky, and opera.

You need to specify which config syntax you use at top of syslog-ng.conf.
The normal config file pacman provides doesn't give errors on startup.
Please refer to online manuals how the syntax has changed.

https://lists.balabit.hu/pipermail/syslog-ng/2009-January/012353.html
contains a proposed fix you could try to patch it and repot if it fixes your problem.

Thank you for your help.

The fix you posted has corrected my problems with user id.
As for group id, I have discovered that any group other than root must by enclosed in double quotes.
(I had only tested the use of quotes for the group root previously)
The options dir_group("log") and group("log") do not give errors.

------------------------------------------
Steps to resolve user id problem:
(keep in mind this is only my third day using Arch)

1) Set up ABS

2) Copy syslog-ng ABS to build directory

3) makepkg -s && pacman -U syslog-ng-3.0.1-4-x86_64.tar.gz

4) I tested this build and still had the same problem with user id.

5) pacman -Rns syslog-ng

6) Copy syslog-ng_3.0.1.tar.gz to separate directory to edit contents

7) Change to new directory && tar xpzf syslog-ng_3.0.1.tar.gz

8) Edit file <edit_directory>/syslog-ng-3.0.1/src/misc.c
At line 277 (from function "resolve_user"):
Change if (*user)
To if (!*user)

9) tar cpzf syslog-ng-3.0.1 <build_directory>/syslog-ng_3.0.1.tar.gz

10) rm syslog-ng-3.0.1-4-x86_64.pkg.tar.gz

11) Update md5sum for source tarball in PKGBUILD

11) makepkg -s && pacman -U syslog-ng-3.0.1-4-x86_64.tar.gz

12) After testing, everything seems to work.
--------------------------------------------------



[Quote]
You need to specify which config syntax you use at top of syslog-ng.conf.
[Quote]


@version: 3.0
#
# /etc/syslog-ng.conf
#

new syslog package contains the fix in testing repository