[syslog-ng]Syslog messages are getting combined...
Andrew Fort
afort@staff.webcentral.com.au
Fri, 27 Apr 2001 11:09:56 +1000
There was a bug in syslog-ng in one of the 1.4.x releases that caused this
to happen. I dont have this prob any longer with 1.5.3, and from memory it
was fixed in 1.4.10 (check the CHANGELOG perhaps?)
-afort
>Hi Joshua,
>
>I installed the lastest version of syslog-ng on our central
>loghost last days.
>I have the same problem. Our firewall logs get meshed with the
>Catalyst Logs
>etc.
>Well... I havent figured out the error yet, but I think there
>may be a problem
>when u use same filters for different sources (What we do..
>cos the Cisco IOS
>Msg'es are all the same :-)
>We do a first a hostcheck [ host("hostname") ] and then a
>contentcheck [
>match("<cisco-msg'es>") ].
>If this all doesnt match the stuff goes into the DEFAULT log file.
>
>Gotta investigate it tomorrow :)
>
>Bye
>
>"Scott, Joshua" wrote:
>
>> Has anyone ever had an issue where sometimes you get the
>information from
>> one syslog message combined with another syslog message?
>Every one in a
>> while I get some of my firewall syslog messages combined
>with messages from
>> my DNS servers. This causes my scripts to fail since there
>is invalid data
>> in the log message. Can anyone shed some light for me?
>Thank you very
>> much!
>>
>> Joshua Scott
>> Jacobs Engineering