Hello list

I’m trying to configure syslog-ng with multiple mail server sources.

It works fine, but I want a little more :

The two line below shows what’s happening :

Dec  5 12:30:37 auxey postfix/smtpd[16360]:             <- original log on the mail server

Dec  5 12:30:37 auxey/auxey postfix/smtpd[16360]:   <- log stored localy by syslog-ng  shortname appeared twice separated by “/”

Here’s my configuration :

On auxey : /etc/syslog.conf

mail.*                                                  @syslogserver.mydomain.com:514

On syslogserver.mydomain.com : /usr/local/etc/syslog-ng.conf

options { create_dirs(yes); keep_hostname(no); };


source net { udp(); };

destination d_auxey { file("/var/log/tracemail/auxey.log"); };
destination d_hermes { file("/var/log/tracemail/hermes.log"); };

filter f_auxey { host("auxey"); };
filter f_hermes { host("hermes"); };

log { source(net); filter(f_auxey); destination(d_auxey); };
log { source(net); filter(f_hermes); destination(d_hermes); };


I tried with keep_hostname(no); and keep_hostname(yes);and without the option with the same result


Any idea ?