Hi, On Fri, 2009-05-29 at 14:15 +0200, Ralf Heidenreich wrote:
Hello,
I have the following line in iptables: iptables -A INPUT -j LOG --log-prefix "INPUT: " In syslog-ng (/etc/syslog-ng/syslog-ng.conf) I have the following config: [...] filter iptables { match("INPUT:"); }; log { source(s_sys); filter(iptables); destination(iptables); }; [...] filter f_default { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); }; [...] log { source(s_sys); filter(f_default); destination(d_mesg); };
syslog-ng do not stop the evaluation when a destination is found. And because of this and because the second log statement is matching to the line the syslog-ng store it to the message too. If you want to order the syslog-ng to stop you can use the final directive.