On Sat, Mar 01, 2003 at 09:05:46PM +1300, Harry Hoffman wrote:
Hi All,
My syslog-ng server reports various directories based off of kernel-messages instead of hostnames. I've read the listserv and tried the various options suggested by to no avail.
Perhaps someone can help with a suggestion as to what is going wrong here?
Info: syslog-ng-1.5.17-1 config file looks like options { use_fqdn(yes); keep_hostname(no); use_dns(yes); long_hostnames(on); sync(3); log_fifo_size(1000); }; ... destination hosts { file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; ... log { source(src); destination(hosts); }; Directories look like this: /var/log/HOSTS ?for ?set host.auckland.ac.nz
Any help would be greatly appreciated. I can't figure out where to go next.
I was going to update the FAQ with my experiences on this the other night, but I only got around to adding something on truncated long lines. Anyways, I had the same problem for a couple years, even rewriting hostnames with the DNS name didn't stop those directories. It wasn't until I rolled out syslog-ng to all my hosts, and had them log over TCP did they stop appearing. It really shouldn't matter what transport you use, but for me it did, syslog-ng 1.5.x and about 75 linux and 75 solaris syslog clients. I have a theory but no proof. Tell me, do you have a lot of Solaris syslog clients? -- Nate Campi http://www.campin.net