[syslog-ng]hostnames matching problem still unsolved
Balazs Scheidler
bazsi@balabit.hu
Fri, 19 Jan 2001 17:48:01 +0100
>
> One problem I've found after installing syslog-ng 1.4.10 on a Solaris 2.6
> system is with repeating messages, especially those originating from remote
> hosts. For example, here's some lines from my config file:
>
> ----
> source s_udp { udp(); };
>
> destination d_udp { file("/var/log/remote/$HOST.$FACILITY"); };
>
> filter f_udp { level(notice) or
> (facility(local0) and level(info)) or
> (facility(local1) and level(info)) or
> (facility(local2) and level(info)); };
>
> log ( source(s_udp); filter(f_udp); destination(d_udp); };
> ----
>
> Using this configuration, I get files in /var/log/remote that look like
> this:
>
> hostname1.local0
> hostname2.local2
> hostname1.auth
> last.local2
>
> See that "last.local2"? Well, "last" is not a host -- it's taking it from
> the log message and mistakenly turning it into a hostname. Here's a line
> from "last.local2":
>
> ---
> Dec 22 10:14:13 last message repeated 2 times
> ---
>
> Any idea at all how to fix that besides making a filter for any hosts named
> "last"?
Can you suggest a reasonable (and general enough) solution, besides a custom
filter?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt