[syslog-ng]syslog duplicate entries
Hamilton Andrew
syslog-ng@lists.balabit.hu
Wed, 25 Feb 2004 15:28:54 -0500
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C3FBDD.FCA57C32
Content-Type: text/plain;
charset="iso-8859-1"
Yep.
Drew
-----Original Message-----
From: Dylan Bouterse [mailto:dbouterse@globalcardservices.com]
Sent: Tuesday, February 24, 2004 5:46 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: RE: [syslog-ng]syslog duplicate entries
Should I be able to remove all of the destination lines following std and
still get the localhost's log information to it's host directory based on
the "destination std" line?
Dylan
-----Original Message-----
From: Hamilton Andrew [mailto:Andrew.Hamilton@afccc.af.mil]
Sent: Tuesday, February 24, 2004 12:33 PM
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]syslog duplicate entries
Look at your filter, f_syslog, destination d_syslog, and your log line that
includes d_syslog. Your filter f_syslog includes everything except
facilities auth, and authpriv. If you are confident that you don't need
your syslog line you can comment that out as well to keep you from getting
duplicates in you /var/log/syslog file.
Regards,
Drew
-----Original Message-----
From: Dylan (FHMS) [ mailto:dhbouterse@fhmsi.com
<mailto:dhbouterse@fhmsi.com> ]
Sent: Tuesday, February 24, 2004 12:25 PM
To: 'syslog-ng@lists.balabit.hu'
Subject: [syslog-ng]syslog duplicate entries
I have my syslog-ng setup so that external syslog hosts are creating their
own dir and log file (see conf file below). One problem I'm having is that
all of the hosts' logs are being written to /var/log/syslog as
well...creating a 6Gig file or larger per week. Can someone please point out
what I can change with my conf file to eliminate the duplicate entries?
Thank you!
Dylan
#############################################
### syslog-ng.conf file
#############################################
options
{
check_hostname(yes);
chain_hostnames(no);
create_dirs (yes);
dir_perm(0755);
dns_cache(yes);
keep_hostname(yes);
log_fifo_size(2048);
log_msg_size(8192);
long_hostnames(on);
perm(0644);
stats(3600);
sync(0);
time_reopen (10);
use_dns(yes);
use_fqdn(no);
};
#
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
#source src { unix-dgram("/dev/log"); internal(); };
#
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
source src { unix-dgram("/dev/log"); internal(); udp(); tcp(port(514)
keep-alive(yes) max-connections(25));};
destination std {
#
file("/var/log/HOSTS/$YEAR/$HOST/$MONTH/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
file("/var/log/HOSTS/$HOST/$HOST.syslog"
owner(nagios) group(nagios) perm(0600) dir_perm(0700)
create_dirs(yes)
);
};
# After that set destinations.
# First some standard logfile
#
destination authlog { file("/var/log/auth.log" owner("root") group("adm")
perm(0640)); };
destination syslog { file("/var/log/syslog" owner("root") group("adm")
perm(0640)); };
destination cron { file("/var/log/cron.log" owner("root") group("adm")
perm(0640)); };
destination daemon { file("/var/log/daemon.log" owner("root") group("adm")
perm(0640)); };
destination kern { file("/var/log/kern.log" owner("root") group("adm")
perm(0640)); };
destination lpr { file("/var/log/lpr.log" owner("root") group("adm")
perm(0640)); };
destination mail { file("/var/log/mail.log" owner("root") group("adm")
perm(0640)); };
destination user { file("/var/log/user.log" owner("root") group("adm")
perm(0640)); };
destination uucp { file("/var/log/uucp.log" owner("root") group("adm")
perm(0640)); };
# This files are the log come from the mail subsystem.
#
destination mailinfo { file("/var/log/mail.info" owner("root") group("adm")
perm(0640)); };
destination mailwarn { file("/var/log/mail.warn" owner("root") group("adm")
perm(0640)); };
destination mailerr { file("/var/log/mail.err" owner("root") group("adm")
perm(0640)); };
# Logging for INN news system
#
destination newscrit { file("/var/log/news/news.crit" owner("root")
group("adm")
perm(0640)); };
destination newserr { file("/var/log/news/news.err" owner("root")
group("adm")
perm(0640)); };
destination newsnotice { file("/var/log/news/news.notice" owner("root")
group("adm") perm(0640)); };
# Some `catch-all' logfiles.
#
#destination debug { file("/var/log/debug" owner("root") group("adm")
#perm(0640)); };
#destination messages { file("/var/log/messages" owner("root") group("adm")
#perm(0640)); };
# The root's console.
#
destination console { usertty("root"); };
# Virtual console.
#
destination console_all { file("/dev/tty8"); };
# The named pipe /dev/xconsole is for the nsole' utility. To use it,
# you must invoke nsole' with the -file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
#destination xconsole { pipe("/dev/xconsole"); };
destination ppp { file("/var/log/ppp.log" owner("root") group("adm")
perm(0640)); };
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(auth, authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info .. warn)
and not facility(auth, authpriv, cron, daemon, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_cnews { level(notice, err, crit) and facility(news); };
filter f_cother { level(debug, info, notice, warn) or facility(daemon,
mail);
};
filter ppp { facility(local2); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
#log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
log { source(src); filter(f_news); filter(f_err); destination(newserr); };
log { source(src); filter(f_news); filter(f_notice);
destination(newsnotice);
};
#log { source(src); filter(f_debug); destination(debug); };
#log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
#log { source(src); filter(f_cnews); destination(console_all); };
#log { source(src); filter(f_cother); destination(console_all); };
####log { source(src); filter(f_cnews); destination(xconsole); };
###log { source(src); filter(f_cother); destination(xconsole); };
log { source(src); filter(ppp); destination(ppp); };
log {
source(src);
destination(std);
};
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
<https://lists.balabit.hu/mailman/listinfo/syslog-ng>
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
<http://www.campin.net/syslog-ng/faq.html>
------_=_NextPart_001_01C3FBDD.FCA57C32
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: [syslog-ng]syslog duplicate entries</TITLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=501292820-25022004><FONT face=Arial color=#0000ff
size=2>Yep.</FONT></SPAN></DIV>
<DIV><SPAN class=501292820-25022004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=501292820-25022004><FONT face=Arial color=#0000ff
size=2>Drew</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Dylan Bouterse
[mailto:dbouterse@globalcardservices.com]<BR><B>Sent:</B> Tuesday, February
24, 2004 5:46 PM<BR><B>To:</B> 'syslog-ng@lists.balabit.hu'<BR><B>Subject:</B>
RE: [syslog-ng]syslog duplicate entries<BR><BR></FONT></DIV>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff
size=2>Should I be able to remove all of the destination lines following std
and still get the localhost's log information to it's host directory based on
the "destination std" line?</FONT></SPAN></DIV>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=167560119-24022004><FONT face=Arial color=#0000ff
size=2>Dylan</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Hamilton Andrew
[mailto:Andrew.Hamilton@afccc.af.mil]<BR><B>Sent:</B> Tuesday, February 24,
2004 12:33 PM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B>
RE: [syslog-ng]syslog duplicate entries<BR><BR></FONT></DIV>
<P><FONT size=2>Look at your filter, f_syslog, destination d_syslog, and
your log line that includes d_syslog. Your filter f_syslog includes
everything except facilities auth, and authpriv. If you are confident
that you don't need your syslog line you can comment that out as well to
keep you from getting duplicates in you /var/log/syslog file.</FONT></P>
<P><FONT size=2>Regards,</FONT> </P>
<P><FONT size=2>Drew</FONT> </P>
<P><FONT size=2>-----Original Message-----</FONT> <BR><FONT size=2>From:
Dylan (FHMS) [<A
href="mailto:dhbouterse@fhmsi.com">mailto:dhbouterse@fhmsi.com</A>]</FONT>
<BR><FONT size=2>Sent: Tuesday, February 24, 2004 12:25 PM</FONT> <BR><FONT
size=2>To: 'syslog-ng@lists.balabit.hu'</FONT> <BR><FONT size=2>Subject:
[syslog-ng]syslog duplicate entries</FONT> </P><BR>
<P><FONT size=2>I have my syslog-ng setup so that external syslog hosts are
creating their</FONT> <BR><FONT size=2>own dir and log file (see conf file
below). One problem I'm having is that</FONT> <BR><FONT size=2>all of the
hosts' logs are being written to /var/log/syslog as</FONT> <BR><FONT
size=2>well...creating a 6Gig file or larger per week. Can someone please
point out</FONT> <BR><FONT size=2>what I can change with my conf file to
eliminate the duplicate entries?</FONT> <BR><FONT size=2>Thank you!</FONT>
</P>
<P><FONT size=2>Dylan</FONT> </P>
<P><FONT size=2>#############################################</FONT>
<BR><FONT size=2>### syslog-ng.conf file</FONT> <BR><FONT
size=2>#############################################</FONT> </P>
<P><FONT size=2>options</FONT> <BR><FONT size=2> {</FONT> <BR><FONT
size=2> check_hostname(yes);</FONT> <BR><FONT
size=2> chain_hostnames(no);</FONT> <BR><FONT
size=2> create_dirs (yes);</FONT> <BR><FONT
size=2> dir_perm(0755);</FONT> <BR><FONT
size=2> dns_cache(yes);</FONT> <BR><FONT
size=2> keep_hostname(yes);</FONT> <BR><FONT
size=2> log_fifo_size(2048);</FONT> <BR><FONT
size=2> log_msg_size(8192);</FONT> <BR><FONT
size=2> long_hostnames(on);</FONT> <BR><FONT
size=2> perm(0644);</FONT> <BR><FONT
size=2> stats(3600);</FONT> <BR><FONT
size=2> sync(0);</FONT> <BR><FONT
size=2> time_reopen (10);</FONT> <BR><FONT
size=2> use_dns(yes);</FONT> <BR><FONT
size=2> use_fqdn(no);</FONT> <BR><FONT size=2>
};</FONT> <BR><FONT size=2>#</FONT> <BR><FONT size=2># This is the default
behavior of sysklogd package</FONT> <BR><FONT size=2># Logs may come from
unix stream, but not from another machine.</FONT> <BR><FONT size=2>#</FONT>
<BR><FONT size=2>#source src { unix-dgram("/dev/log"); internal(); };</FONT>
</P>
<P><FONT size=2>#</FONT> <BR><FONT size=2># If you wish to get logs from
remote machine you should uncomment</FONT> <BR><FONT size=2># this and
comment the above source line.</FONT> <BR><FONT size=2>#</FONT> <BR><FONT
size=2>source src { unix-dgram("/dev/log"); internal(); udp();
tcp(port(514)</FONT> <BR><FONT size=2>keep-alive(yes)
max-connections(25));};</FONT> </P>
<P><FONT size=2>destination std {</FONT> <BR><FONT size=2>#</FONT> <BR><FONT
size=2>file("/var/log/HOSTS/$YEAR/$HOST/$MONTH/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"</FONT>
<BR><FONT size=2>
file("/var/log/HOSTS/$HOST/$HOST.syslog"</FONT> </P>
<P><FONT size=2> owner(nagios)
group(nagios) perm(0600) dir_perm(0700)</FONT> <BR><FONT
size=2>create_dirs(yes)</FONT> <BR><FONT
size=2> );</FONT> <BR><FONT
size=2>};</FONT> </P>
<P><FONT size=2># After that set destinations.</FONT> </P>
<P><FONT size=2># First some standard logfile</FONT> <BR><FONT
size=2>#</FONT> <BR><FONT size=2>destination authlog {
file("/var/log/auth.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination syslog {
file("/var/log/syslog" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination cron {
file("/var/log/cron.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination daemon {
file("/var/log/daemon.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination kern {
file("/var/log/kern.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination lpr {
file("/var/log/lpr.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination mail {
file("/var/log/mail.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination user {
file("/var/log/user.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination uucp {
file("/var/log/uucp.log" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> </P><BR>
<P><FONT size=2># This files are the log come from the mail
subsystem.</FONT> <BR><FONT size=2>#</FONT> <BR><FONT size=2>destination
mailinfo { file("/var/log/mail.info" owner("root") group("adm")</FONT>
<BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination
mailwarn { file("/var/log/mail.warn" owner("root") group("adm")</FONT>
<BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination mailerr
{ file("/var/log/mail.err" owner("root") group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> </P>
<P><FONT size=2># Logging for INN news system</FONT> <BR><FONT
size=2>#</FONT> <BR><FONT size=2>destination newscrit {
file("/var/log/news/news.crit" owner("root")</FONT> <BR><FONT
size=2>group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> <BR><FONT
size=2>destination newserr { file("/var/log/news/news.err"
owner("root")</FONT> <BR><FONT size=2>group("adm")</FONT> <BR><FONT
size=2>perm(0640)); };</FONT> <BR><FONT size=2>destination newsnotice {
file("/var/log/news/news.notice" owner("root")</FONT> <BR><FONT
size=2>group("adm") perm(0640)); };</FONT> </P>
<P><FONT size=2># Some `catch-all' logfiles.</FONT> <BR><FONT
size=2>#</FONT> <BR><FONT size=2>#destination debug { file("/var/log/debug"
owner("root") group("adm")</FONT> <BR><FONT size=2>#perm(0640)); };</FONT>
<BR><FONT size=2>#destination messages { file("/var/log/messages"
owner("root") group("adm")</FONT> <BR><FONT size=2>#perm(0640)); };</FONT>
</P>
<P><FONT size=2># The root's console.</FONT> <BR><FONT size=2>#</FONT>
<BR><FONT size=2>destination console { usertty("root"); };</FONT> </P>
<P><FONT size=2># Virtual console.</FONT> <BR><FONT size=2>#</FONT>
<BR><FONT size=2>destination console_all { file("/dev/tty8"); };</FONT> </P>
<P><FONT size=2># The named pipe /dev/xconsole is for the nsole'
utility. To use it,</FONT> <BR><FONT size=2># you must invoke nsole'
with the -file' option:</FONT> <BR><FONT size=2>#</FONT> <BR><FONT
size=2># $ xconsole -file /dev/xconsole [...]</FONT>
<BR><FONT size=2>#</FONT> <BR><FONT size=2>#destination xconsole {
pipe("/dev/xconsole"); };</FONT> </P>
<P><FONT size=2>destination ppp { file("/var/log/ppp.log" owner("root")
group("adm")</FONT> <BR><FONT size=2>perm(0640)); };</FONT> </P>
<P><FONT size=2># Here's come the filter options. With this rules, we can
set which</FONT> <BR><FONT size=2># message go where.</FONT> </P>
<P><FONT size=2>filter f_authpriv { facility(auth, authpriv); };</FONT>
<BR><FONT size=2>filter f_syslog { not facility(auth, authpriv); };</FONT>
<BR><FONT size=2>filter f_cron { facility(cron); };</FONT> <BR><FONT
size=2>filter f_daemon { facility(daemon); };</FONT> <BR><FONT size=2>filter
f_kern { facility(kern); };</FONT> <BR><FONT size=2>filter f_lpr {
facility(lpr); };</FONT> <BR><FONT size=2>filter f_mail { facility(mail);
};</FONT> <BR><FONT size=2>filter f_user { facility(user); };</FONT>
<BR><FONT size=2>filter f_uucp { facility(uucp); };</FONT> </P>
<P><FONT size=2>filter f_news { facility(news); };</FONT> </P>
<P><FONT size=2>filter f_debug { not facility(auth, authpriv, news, mail);
};</FONT> <BR><FONT size=2>filter f_messages { level(info .. warn)</FONT>
<BR><FONT size=2> and not
facility(auth, authpriv, cron, daemon, mail, news); };</FONT> <BR><FONT
size=2>filter f_emergency { level(emerg); };</FONT> </P>
<P><FONT size=2>filter f_info { level(info); };</FONT> <BR><FONT
size=2>filter f_notice { level(notice); };</FONT> <BR><FONT size=2>filter
f_warn { level(warn); };</FONT> <BR><FONT size=2>filter f_crit {
level(crit); };</FONT> <BR><FONT size=2>filter f_err { level(err); };</FONT>
</P>
<P><FONT size=2>filter f_cnews { level(notice, err, crit) and
facility(news); };</FONT> <BR><FONT size=2>filter f_cother { level(debug,
info, notice, warn) or facility(daemon,</FONT> <BR><FONT
size=2>mail);</FONT> <BR><FONT size=2>};</FONT> </P>
<P><FONT size=2>filter ppp { facility(local2); };</FONT> </P>
<P><FONT size=2>log { source(src); filter(f_authpriv); destination(authlog);
};</FONT> <BR><FONT size=2>log { source(src); filter(f_syslog);
destination(syslog); };</FONT> <BR><FONT size=2>#log { source(src);
filter(f_cron); destination(cron); };</FONT> <BR><FONT size=2>log {
source(src); filter(f_daemon); destination(daemon); };</FONT> <BR><FONT
size=2>log { source(src); filter(f_kern); destination(kern); };</FONT>
<BR><FONT size=2>log { source(src); filter(f_lpr); destination(lpr);
};</FONT> <BR><FONT size=2>log { source(src); filter(f_mail);
destination(mail); };</FONT> <BR><FONT size=2>log { source(src);
filter(f_user); destination(user); };</FONT> <BR><FONT size=2>log {
source(src); filter(f_uucp); destination(uucp); };</FONT> <BR><FONT
size=2>log { source(src); filter(f_mail); filter(f_info);
destination(mailinfo); };</FONT> <BR><FONT size=2>log { source(src);
filter(f_mail); filter(f_warn); destination(mailwarn); };</FONT> <BR><FONT
size=2>log { source(src); filter(f_mail); filter(f_err);
destination(mailerr); };</FONT> <BR><FONT size=2>log { source(src);
filter(f_news); filter(f_crit); destination(newscrit); };</FONT> <BR><FONT
size=2>log { source(src); filter(f_news); filter(f_err);
destination(newserr); };</FONT> <BR><FONT size=2>log { source(src);
filter(f_news); filter(f_notice);</FONT> <BR><FONT
size=2>destination(newsnotice);</FONT> <BR><FONT size=2>};</FONT> <BR><FONT
size=2>#log { source(src); filter(f_debug); destination(debug); };</FONT>
<BR><FONT size=2>#log { source(src); filter(f_messages);
destination(messages); };</FONT> <BR><FONT size=2>log { source(src);
filter(f_emergency); destination(console); };</FONT> </P>
<P><FONT size=2>#log { source(src); filter(f_cnews);
destination(console_all); };</FONT> <BR><FONT size=2>#log { source(src);
filter(f_cother); destination(console_all); };</FONT> </P><BR>
<P><FONT size=2>####log { source(src); filter(f_cnews);
destination(xconsole); };</FONT> <BR><FONT size=2>###log { source(src);
filter(f_cother); destination(xconsole); };</FONT> </P>
<P><FONT size=2>log { source(src); filter(ppp); destination(ppp); };</FONT>
</P>
<P><FONT size=2>log {</FONT> <BR><FONT
size=2> source(src);</FONT>
<BR><FONT size=2>
destination(std);</FONT> <BR><FONT size=2>};</FONT> </P>
<P><FONT size=2>_______________________________________________</FONT>
<BR><FONT size=2>syslog-ng maillist -
syslog-ng@lists.balabit.hu</FONT> <BR><FONT size=2><A
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target=_blank>https://lists.balabit.hu/mailman/listinfo/syslog-ng</A></FONT>
<BR><FONT size=2>Frequently asked questions at <A
href="http://www.campin.net/syslog-ng/faq.html"
target=_blank>http://www.campin.net/syslog-ng/faq.html</A></FONT>
</P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C3FBDD.FCA57C32--