I use the syslog-ng to receive remote log,

The syslog-ng is running under linux ,the remote client is sending log by syslog,

and the syslog-ng configure fie is as follows:

 

options { use_dns(yes); create_dirs(yes); };
source src { udp(ip(0.0.0.0) port(514)); };
filter f_cron { facility(cron); };
filter f_messages { not facility(cron); };
destination messages { file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/messages-$MONTH"); };
destination cron { file("/home/liuruihong/syslog-ng/log/$HOST/$YEAR/cron-$MONTH"); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_messages); destination(messages); };

 

but the log files “messages-$MONTH” still include the crond information,

I don’t know why?