Hi,there can be many reasons... (are you using network filesystem?)Base on your other question you have a filter. Could you share your configuration?syslog-ng provides statistics on filters (match/unmatch), but only from stats-level-2 (and as I remember from version 3.10), example cfg:@version: 3.17
@include "scl.conf"
options {
stats-level(2);
};
source s_net {
network(
port(5555)
transport("tcp")
);
};
destination d_net {
network(
"localhost" port(15554)
transport(tcp)
);
};
filter f_test {
match("TEST" value(MESSAGE))
};
log {
source(s_net);
filter(f_test);
destination(d_net);
flags(flow-control);
};and then:sbin/syslog-ng-ctl query get 'filter.f_test.*'L.______________________________________________________________________________On Thu, Sep 20, 2018 at 12:31 PM, Harish Shetty <harish23shetty@gmail.com> wrote:Hi AllI have syslog-ng (syslog-ng-3.9.1-1.el6.x86_64) which is running on Red Hat 6.6. I have rule defined as mentioned belowdestination d_networkx { file("/mnt/u001/syslog/$HOST/$YEAR$MONTH$DAY/network.log"); };But syslog-ng is unable to write some logs to local file even though we see those logs in the tcpdump? What could be causing this.And one more thing need to know , is ther any way to check per filter (d_networkx) how many we received and how many we Processed(wrote) to a fileRegardsHarish Shetty
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq