So here was the issue. having udp(so_rcvbuf(1024000) in the syslog-ng conf was creating the issue. when i commented this it would have visibility only to the logs specificly forwarded to it.. And talking about log rotation, Any ideas other than using $YEAR/$MONTH/ basically date parameters to rotate logs on and successfully have crons to delete them? regards On Wed, Mar 5, 2014 at 11:58 PM, Evan Rempel <erempel@uvic.ca> wrote:
We do exactly what you describe without any issues.
Strictly a config issue, so you could attach your config file(s) so I can have a look.
On 03/04/2014 10:23 PM, Shashank Rohatgi wrote:
i was able to run the second instance with all three parameters but I am more confused.. The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port. rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports.
Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance) Second instance is configure to write anything that it receives to a file. To my surprise the above file has logs for Windows and there is no network exchange at all.
Could it be that the second instance internally confusing sources and destinations?
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq