I knew it would be simple. Thank you very much. On 1/17/2010 4:03 PM, Siem Korteweg wrote:
Jerry,
from the admin manual:
Message filtering, parsing, and rewriting is performed in the order that the operations appear in the log statement.
So, change the order in your log-statements to:
log { source(NET); filter(A); destination(A); };
Also change your second filter statement to filter for host B.
regards,
Siem Korteweg -----Oorspronkelijk bericht----- Van: syslog-ng-bounces@lists.balabit.hu namens Jerry Bell Verzonden: zo 17-1-2010 15:26 Aan: syslog-ng@lists.balabit.hu Onderwerp: [syslog-ng] Odd problem after upgrading from 2.1 to 3
This config worked in syslog-ng 2.1 source NET {udp(port(514)); tcp(port(5140) keep-alive(yes));};
destination A { file("/var/log/A"); }; destination B { file("/var/log/B"); };
filter A { host ("A");}; filter A { host ("A");};
log { source(NET); destination(A); filter(A); }; log { source(NET); destination(B); filter(B); };
worked as expected that is log messages coming from host A went to /var/log/A file and log messages coming from host B went to /var/log/B. The two hostnames are resolved locally in /etc/hosts
After upgrading to 3.0.x all the messages duplicated in both files so that messages coming from A are written in /var/log/A AND /var/log/B and vice-versa. Any idea why it does not work in 3?
Thank you,
Jerry _____________________________________________________________________________ _ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html