http://bugzilla.opensuse.org/show_bug.cgi?id=987453 Bug ID: 987453 Summary: Syslog-ng parses systemd-journal wrong Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: x86-64 OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: ronnypeine@gmx.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hi openSUSE Team, when I use "logger" to create entries in syslog, I see in the logfiles the wrong program name. It is nearly always the program name "logger". e.g.: logger -t PROGNAME "test" In "journalctl -b" I see the line: Jul 02 01:28:32 hostname.domain PROGNAME[24810]: test In syslog-ng logfile /var/log/messages I see the line: Jul 2 01:28:32 hostname logger[24810]: test It seems that syslog-ng is not correctly parsing the journal as described in the syslog-ng documentation https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-ose-... Here it is described that it should use SYSLOG_IDENTIFIER instead of _COMM but it doesn't do this. I have crosschecked the entry in my journal with the following command: journalctl -b -o json ... { "__CURSOR" : "s=688564f49fb3459daf98ff5184095ed1;i=f50f;b=2ba46fb317ce4d829d43b46bbc4f42cd;m=718096234c;t=5369b5845f8ea;x=d12430f070822ce3", "__REALTIME_TIMESTAMP" : "1467415712364778", "__MONOTONIC_TIMESTAMP" : "487488627532", "_BOOT_ID" : "YYY", "_UID" : "0", "_GID" : "0", "_CAP_EFFECTIVE" : "3fffffffff", "_MACHINE_ID" : "XXX", "_HOSTNAME" : "hostname.domain", "_TRANSPORT" : "syslog", "PRIORITY" : "5", "_COMM" : "logger", "SYSLOG_FACILITY" : "1", "SYSLOG_IDENTIFIER" : "PROGNAME", "MESSAGE" : "test", "_PID" : "24810", "_SOURCE_REALTIME_TIMESTAMP" : "1467415712364553" } Here _COMM is different to SYSLOG_IDENTIFIER and syslog-ng takes the wrong parameter. The strange thing is that sometimes it uses the right parameter but I cannot reproduce this. Seems like some race condition or something. Would be nice to have this fixed, as it makes it harder for log analysis if everything is coming from logger :) Kind regards, Ronny -- You are receiving this mail because: You are on the CC list for the bug.