I use syslog-ng on Solaris 7 but before that I used it on 2.6. I do something very similar to what you are doing in that I log my cisco stuff to local7 as well. I haven't had any problems with it at all. All the cisco stuff goes where it should. I would have to look at the config file to see if there is something wrong there. Your source statement is identical to mine so that seems OK. I don't use chain_hostname() because I don't particularly care where it came through I only want to know where it came from so I use keep_hostname(yes). This keeps only the originating hostname. Hope this helps some. Drew
-----Original Message----- From: John A. Parker [SMTP:jap54@cornell.edu] Sent: Thursday, September 14, 2000 12:55 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]chain_hostname(yes) complicates use of $HOST variable
Per the extracts from our syslog-ng.conf file shown below, our syslog server logs messages to machine specific locations based on the sourcing host name. After turning on the chain_hostnames option, the host name value in log messages now appear as concatenations of strings. For the most part they appear similar to:
aaaa.bbbb.cornell.edu/aaaa.bbbb.cornell.edu
Messages like the above are still logged correctly. However, we now also get messages in the formats:
src@aaaa
and
Message/aaaa.bbbb.cornell.edu last/aaaa.bbbb.cornell.edu
The first message (src delimited by an ampersand) is logged correctly. However, the messages prefixed by Message and last are logged to the directories /logs/machine_specific/Message and /logs/machine_specific/last.
Is there a variable other than $HOST I should be using when the chain_hostnames option is enabled?
Thanks!
########################################################################## #############
options { long_hostnames(off); use_fqdn(yes); log_fifo_size(1000); chain_hostnames(yes); };
source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };
destination d_all_ms { file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY" group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};
# NO CISCO (local7) messages: filter f_no_cisco { not facility(local7); };
# Forward all messages to machine specific log monitored by system admins log { source(src); filter(f_no_cisco); destination(d_all_ms); };
########################################################################## #############
---
John A. Parker Senior Programmer/Analyst - AIX Cornell University jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)