RE: [syslog-ng]Random Directories
I had a similar problem on my host creating a 'last' directory. So I changed keep_hostname to (no), afaik this means that syslog-ng adds the hostname into the message incase the sending server hasnt done it. It started logging these type of messages to the correct server. Hope it helps, Tom -----Original Message----- From: Nate Campi [mailto:nate@campin.net] Sent: 24 April 2002 18:47 To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Random Directories On Wed, Apr 24, 2002 at 10:32:20AM -0700, Painter, Jennifer wrote:
Directories with names like " Error", " SCSI", ","
Are showing up in the directory that holds the syslogs for the different hosts that we monitor.
Has anyone seen these random directories. Any suggestions on how to deal with them.
I archive by host, but syslog-ng can only do so much with certain messages. [root@loghost last]# cat /var/log/HOSTS/last/local2/2001/09/14/local220010914 Sep 14 12:21:58 last message repeated 17 times Sep 14 12:21:58 last message repeated 17 times Sep 14 12:21:58 last message repeated 17 times Sep 14 12:21:58 last message repeated 17 times Obviously I have no host named "last", syslog-ng can't second guess the hostname sent when it could be valid. I want a macro taken from gethostbyaddr() instead of from the message contents that could be used to force a valid hostname no matter what. Baszi, could this be done please? It would help all of us who use syslog-ng for log archiving in the filesystem. -- Linux is like an indian's tent: No gates, no windows, and apache inside. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng ************************************************************************ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.esatbusiness.com Subscribe to the Esat Business Online Magazine: http://www.esatbusiness.com/news/subscribe.asp Subscribe to REALISE - the online magazine from BT Ignite: http://www.btignite.com/realise ************************************************************************
On Wed, Apr 24, 2002 at 07:51:43PM +0100, Tom Horan wrote:
I had a similar problem on my host creating a 'last' directory. So I changed keep_hostname to (no), afaik this means that syslog-ng adds the hostname into the message incase the sending server hasnt done it. It started logging these type of messages to the correct server.
This is the best solution using a syslog-ng feature, but still not good enough for me: "Sep 14 12:21:58 last message repeated 17 times" becomes: "Sep 14 12:21:58 DNS_HOSTNAME message repeated 17 times" I hate losing any part of the message. In this case it's just "last", in other cases the first word is more important (beginning of the program name for example). I actually wrote a proxy that fixes known bad messages like "last message repeated" and some others that are specific to some commercial software we run at work. Since I know what logs I want to fix, I fix them. Gotta love perl. If I knew C I'd look at how I could help out syslog-ng with this issue :( -- "Windows 95 /n./ 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition."
participants (2)
-
Nate Campi
-
Tom Horan