On Tue, Jan 18, 2005 at 06:46:33AM -0800, Rhugga wrote: Hi
Getting 5 copies of each message. (was getting only 3 before, but now getting 5 copies of each log message)
I think the main culprit is your syslogd.conf on the Solaris machine:
# To syslog host *.debug @syslog *.info @syslog *.notice @syslog *.warning @syslog *.err @syslog *.crit @syslog *.alert @syslog *.emerg @syslog
syslog.conf(5) on Linux says if you put priority P in a rule everything with priority >= P will be logged. Check your syslog manual. <man page> The behavior of the original BSD syslogd is that all messages of the specified priority and higher are logged according to the given action. </man page> Confirmed this with OpenBSD syslog. If I have *.* @loghost *.debug @loghost messages with priority >= debug are sent over the wire twice. If this is the case you can collapse your above statements to *.* @loghost to get only one copy of each msg.
Here is my entire config file: [...]
Just nitpicking but I think you could collapse most of your syslog-ng.conf if you took out the 'host("xyz")' out of the filters. Since they all go from the same source() to the same destination() with $HOST expansion they don't really accomplish anything. -- Wolfgang Braun, Dipl.-Inform. (FH) <wolfgang.braun@gmx.de> gpg-key: 1024D/4B32CE55 gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55