Hi,

I'm using syslog-ng in a long time, but recently i noted that, in some cases, the log has sent to a wrong destination.

I have many devices sending logs to my host, the problem appears when the server receive webservers logs, they are delivered to a different destination and I don't known how.

here is the configuration:

destination apache {

       file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR"

       owner(ll)

       group(ll)

       perm(0644)

       dir_perm(0755)

       create_dirs(yes));

};

filter f_apache {

    (

        host("xxx.xxx.xxx.82") or

        host("xxx.xxx.xxx.137")

    );

};

log {

    source(aaa);

    filter(f_apache);

    destination(apache);

};

The ip address xxx.xxx.xxx.137 send a duplicate log event to another directory, without any other configuration.

Have you seen this?