There was a bug in syslog-ng in one of the 1.4.x releases that caused this to happen. I dont have this prob any longer with 1.5.3, and from memory it was fixed in 1.4.10 (check the CHANGELOG perhaps?) -afort
Hi Joshua,
I installed the lastest version of syslog-ng on our central loghost last days. I have the same problem. Our firewall logs get meshed with the Catalyst Logs etc. Well... I havent figured out the error yet, but I think there may be a problem when u use same filters for different sources (What we do.. cos the Cisco IOS Msg'es are all the same :-) We do a first a hostcheck [ host("hostname") ] and then a contentcheck [ match("<cisco-msg'es>") ]. If this all doesnt match the stuff goes into the DEFAULT log file.
Gotta investigate it tomorrow :)
Bye
"Scott, Joshua" wrote:
Has anyone ever had an issue where sometimes you get the information from one syslog message combined with another syslog message? Every one in a while I get some of my firewall syslog messages combined with messages from my DNS servers. This causes my scripts to fail since there is invalid data in the log message. Can anyone shed some light for me? Thank you very much!
Joshua Scott Jacobs Engineering