One problem I've found after installing syslog-ng 1.4.10 on a Solaris 2.6 system is with repeating messages, especially those originating from remote hosts. For example, here's some lines from my config file:

---- source s_udp { udp(); };

destination d_udp { file("/var/log/remote/$HOST.$FACILITY"); };

filter f_udp { level(notice) or (facility(local0) and level(info)) or (facility(local1) and level(info)) or (facility(local2) and level(info)); };

log ( source(s_udp); filter(f_udp); destination(d_udp); }; ----

Using this configuration, I get files in /var/log/remote that look like this:

hostname1.local0 hostname2.local2 hostname1.auth last.local2

See that "last.local2"? Well, "last" is not a host -- it's taking it from the log message and mistakenly turning it into a hostname. Here's a line from "last.local2":

--- Dec 22 10:14:13 last message repeated 2 times ---

Any idea at all how to fix that besides making a filter for any hosts named "last"?

Can you suggest a reasonable (and general enough) solution, besides a custom filter? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt