[syslog-ng]Syslog messages are getting combined...

Andrew Fort afort@staff.webcentral.com.au
Fri, 27 Apr 2001 11:09:56 +1000


There was a bug in syslog-ng in one of the 1.4.x releases that caused this
to happen.  I dont have this prob any longer with 1.5.3, and from memory it
was fixed in 1.4.10 (check the CHANGELOG perhaps?)

-afort

>Hi Joshua,
>
>I installed the lastest version of syslog-ng on our central 
>loghost last days.
>I have the same problem. Our firewall logs get meshed with the 
>Catalyst Logs
>etc.
>Well... I havent figured out the error yet, but I think there 
>may be a problem
>when u use same filters for different sources (What we do.. 
>cos the Cisco IOS
>Msg'es are all the same :-)
>We do a first a hostcheck [ host("hostname") ] and then a 
>contentcheck [
>match("<cisco-msg'es>") ].
>If this all doesnt match the stuff goes into the DEFAULT log file.
>
>Gotta investigate it tomorrow :)
>
>Bye
>
>"Scott, Joshua" wrote:
>
>> Has anyone ever had an issue where sometimes you get the 
>information from
>> one syslog message combined with another syslog message?  
>Every one in a
>> while I get some of my firewall syslog messages combined 
>with messages from
>> my DNS servers.  This causes my scripts to fail since there 
>is invalid data
>> in the log message.  Can anyone shed some light for me?  
>Thank you very
>> much!
>>
>> Joshua Scott
>> Jacobs Engineering