Hi,

I setup client with mostly default settings. To log to remote server I added (remote server listens on 514 as by default):

log { destination(d_remote); flags(catchall); };

Are you sure that catchall is what you really need? Not fallback?

this used to work pretty ok. So now I wanted to log xferlog too. Set the source:

source s_ftp_xfer { file("/var/log/proftpd/xferlog" follow_freq(2) flags(no-parse)); }; destination d_remote_515 { tcp('x.x.x.x' port(515)); }; log { source(s_ftp_xfer); destination(d_remote_515); };

A flags(final) might be useful here, otherwise the catchall above will cause log duplication.

Port 515 is intentional here for other reasons. On the server:

source s_xferlog {tcp( ip(0.0.0.0) port(515)); }; template t_ftp { template("$MSG\n"); template_escape(no); }; destination df_ftp_xfer { ("/<PATH>/xferlog" template(t_ftp)); }; filter f_proftpd { program('^proftpd$'); }; log { source(s_xferlog); filter( f_proftpd ); destination(df_ftp_xfer); flags(final); };

I think the filter here is redundant while you're using port 515 only for getting proftpd logs.

My problem is that everytime xferlog entry arrives to the server it's being added to xferlog as expected, but it also goes into syslog and console. I am stuck to find out why. There's no other rule that touches s_xferlog on the server. Any hints appreciated.

syslog duplication is OK as I mentioned above. But the console isn't OK. This shouldn't happen. Nothing should go to the console by default, only kernel messages printed by the kernel itself. Are you sure you don't have any usertty() destinations in your config which could cause logging to the console? Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.