On 17.07.2014 21:09, Renato Bezerra wrote:
Hi,
I'm using syslog-ng in a long time, but recently i noted that, in some cases, the log has sent to a wrong destination.
I have many devices sending logs to my host, the problem appears when the server receive webservers logs, they are delivered to a different destination and I don't known how.
here is the configuration:
destination apache { file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR" owner(ll) group(ll) perm(0644) dir_perm(0755) create_dirs(yes)); };
filter f_apache { ( host("xxx.xxx.xxx.82") or host("xxx.xxx.xxx.137") ); };
log { source(aaa); filter(f_apache); destination(apache); };
The ip address xxx.xxx.xxx.137 send a duplicate log event to another directory, without any other configuration.
Have you seen this?
Well, is that your *entire* configuration? I very much doubt so. You should post the entire config, not just this snippet. How are we supposed to know what this "another directory" is, and what filtering you apply in the log {} block that sends logs to it? J. -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D