Well, is that your *entire* configuration? I very much doubt so. YouOn 17.07.2014 21:09, Renato Bezerra wrote:
> Hi,
>
> I'm using syslog-ng in a long time, but recently i noted that, in some
> cases, the log has sent to a wrong destination.
>
> I have many devices sending logs to my host, the problem appears when
> the server receive webservers logs, they are delivered to a different
> destination and I don't known how.
>
> here is the configuration:
>
> destination apache {
> file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR"
> owner(ll)
> group(ll)
> perm(0644)
> dir_perm(0755)
> create_dirs(yes));
> };
>
> filter f_apache {
> (
> host("xxx.xxx.xxx.82") or
> host("xxx.xxx.xxx.137")
> );
> };
>
> log {
> source(aaa);
> filter(f_apache);
> destination(apache);
> };
>
> The ip address xxx.xxx.xxx.137 send a duplicate log event to another
> directory, without any other configuration.
>
> Have you seen this?
should post the entire config, not just this snippet. How are we
supposed to know what this "another directory" is, and what filtering
you apply in the log {} block that sends logs to it?
J.
--
Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq