So here was the issue.having udp(so_rcvbuf(1024000) in the syslog-ng conf was creating the issue.when i commented this it would have visibility only to the logs specificly forwarded to it..And talking about log rotation,Any ideas other than using $YEAR/$MONTH/ basically date parameters to rotate logs on and successfully have crons to delete them?regardsOn Wed, Mar 5, 2014 at 11:58 PM, Evan Rempel <erempel@uvic.ca> wrote:We do exactly what you describe without any issues.
Strictly a config issue, so you could attach your config file(s) so I can have a look.
On 03/04/2014 10:23 PM, Shashank Rohatgi wrote:
> i was able to run the second instance with all three parameters but I am more confused..
> The intent was to reroute messages from production instance to dev instances on the same machine and take out a selected steam of logs on a different port.
> rather than just the selected stream the second instance can see all the logs. Both the instances are listening on different ports.
>
> Port 514- gets logs from two products (say windows and unix) i write Windows to disk and route the unix logs on say port 517 (to second instance)
> Second instance is configure to write anything that it receives to a file.
> To my surprise the above file has logs for Windows and there is no network exchange at all.
>
> Could it be that the second instance internally confusing sources and destinations?
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq