On 09/20/2010 07:17:46 PM, Matthew Hall wrote:
On Mon, Sep 20, 2010 at 12:58:47PM -0400, Burton Simonds wrote:
in the example below, host 1.2.3.5 is logging to both the switches log dir and the firewalls log dir even though it is only referenced in the firewalls filter.
Other then the obvious possibilities, (Yes, I have confirmed that the ip address is only referenced in one filter) does anyone have any ideas on what I should look at?
It might be worth trying the appropriate combinations of -d and -v to get some debug tracing data on the way the logs are being processed.
Hopefully somebody who has used the host filter could help in more detail. I have not needed that one yet because there are way too many hosts on my network for it to help me.
Matthew.
Hi Burton, until you find the real reason for the dupplicate messages, you can try to use the flags(final) option in the first log statement. Maybe it helps. Regards, Robert
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html