[syslog-ng]strange logfile appearance

Wiktor Wodecki wodecki@wapme-systems.de
Thu, 01 Feb 2001 11:56:13 +0100 

ello,

I'm in the test-phase of my loggingserver. and syslog-ng started to
create a logfile I don't understand why it did that.

This is my conf, it's a fairly easy setup. (striped other unimportant
stuff)

options { long_hostnames(yes); sync(0); time_reap(10);
use_time_recvd(yes); use_dns(yes); use_fqdn(yes); create_dirs(yes);
log_fifo_size(10000); chain_hostnames(yes); };

source oldserver { udp(ip(xxx.xxx.xxx.xxx) port(514)); };

destination blackhole { file("/var/log/frontier/$YEAR$MONTH/$HOST"); };
destination blackhole_auth {
file("/var/log/frontier/$YEAR$MONTH/$HOST-auth"); };
destination blackhole_crit {
file("/var/log/frontier/$YEAR$MONTH/$HOST-crit"); };
destination blackhole_emerg {
file("/var/log/frontier/$YEAR$MONTH/$HOST-emerg"); };
destination blackhole_err {
file("/var/log/frontier/$YEAR$MONTH/$HOST-err"); };
destination blackhole_messages {
file("/var/log/frontier/$YEAR$MONTH/$HOST-messages"); };
destination blackhole_warn {
file("/var/log/frontier/$YEAR$MONTH/$HOST-warn"); }

log { source(oldserver); destination(blackhole); };
log { source(oldserver); filter(f_auth); destination(blackhole_auth); };
log { source(oldserver); filter(f_crit); destination(blackhole_crit); };
log { source(oldserver); filter(f_emerg); destination(blackhole_emerg);
};
log { source(oldserver); filter(f_err); destination(blackhole_err); };
log { source(oldserver); filter(f_messages);
destination(blackhole_messages); };
log { source(oldserver); filter(f_warn); destination(blackhole_warn); }; 


The syslog-ng ran for the last 10 days without problems, however today I
discovered three new logfiles.

-rw------- 1 root root 119 Feb 1 10:43 last
-rw------- 1 root root 60 Feb 1 05:45 last-messages
-rw------- 1 root root 60 Feb 1 05:45 last-warn


erwin:/var/log/frontier/200102# cat last
Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times Feb 1 10:43:27
last/ns2.xxx.net message repeated 1 time
erwin:/var/log/frontier/200102# cat last-messages
Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times
erwin:/var/log/frontier/200102# cat last-warn
Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times

The box the logs came from is a sparc10 with solaris5.8. The orginal
logfile statements were:

Feb 1 05:45:23 sparky last message repeated 2 times
...
Feb 1 10:47:50 sparky last message repeated 1 time


There are plenty of other "last message repeated..." lines in sparky's
logfile, so I don't see a reason *why* those both got logged seperately.
The first logentry repeated a warn-message, the other one a
notice-message. Can anyone give me a hint please? The version I use is
1.4.10 on linux. (syslog-ng doesn't run yet on the sparc10. I export the
logs via the goold old "*.crit,*.warn,etc,etc.    @hostname way")

-- 
Regards,

Wiktor Wodecki, Unix Administration     |   Wapme-Systems AG
Tel.: +49-211-748450                    |   Muensterstrasse 248
Fax: +49-211-74845176                   |   40470 Duesseldorf
E-Mail: wodecki@wapme-systems.de        |   http://www.wapme-systems.de