[syslog-ng]missing messages

[Kevin]

On 4/28/05, Andrew Culver <aculver@uwo.ca> wrote:
> I have syslog-ng running on a central logging host. Messages received
> are stored first in a per-host log and then in a per-facility log. The
> messages that go into the per-facility logs depend on filters that I
> define, but EVERYTHING from a host should appear in its per-host logs.
>=20
> I'm finding that many messages from some hosts are appearing in the
> per-service log but not in the per-host logs. Has anyone else
> experienced anything like this? Any solutions? TIA

Interesting problem. I notice that your per-host filters use pattern matche=
s,
but the per-service logs are matches against the log facility.  Perhaps the=
re
is something about the messages or the pattern that causes some
of the events not to match the host patterns?

I have something similar, where I log messages to certain destinations base=
d
on the source host, and separately match on priority to send  'critical'
messages to an additional destination.

To accomplish this, I use a set of exact matches instead of regex patterns,
so my filters look like filter f_somehost { host("host") or host("ip") };


Do you see any pattern in time or content or format for events that do not
get written to the per-host logfile?

Kevin Kadow