[syslog-ng]Duplicate Entries
Vinay Bharel
vinay@bharel.com
Sun, 8 Jul 2001 10:39:22 -0400 (EDT)
I just started running syslog-ng on a Linux box. I have also configured
one of my Solaris 8 servers to send logs to this machine.
I have noticed that I get duplicate log entries sometimes. I can't figure
out why.
For example:
Jul 3 20:32:44 dns-a vinay: [ID 702911 daemon.warning] test
Jul 3 20:32:44 dns-a vinay: [ID 702911 daemon.warning] test
Jul 3 20:32:44 dns-a vinay: [ID 702911 daemon.warning] test
Jul 3 20:32:44 dns-a vinay: [ID 702911 daemon.warning] test
The Solaris 8 box has the following entry in it's syslog.conf:
*.debug @loghost
This is my syslog-ng.conf:
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (yes);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys { unix-stream ("/dev/log"); internal(); };
source external { udp(ip (0.0.0.0) port(514)); };
filter f_filter1 { level(info) and facility(user) or facility(kern) or facility(mail)
or facility(daemon) or facility(daemon) or facility(auth) or facility(lpr)
or facility(news) or facility(uucp) or facility(cron) or facility(syslog)
or facility(ftp) or facility(authpriv) or facility(cron);
};
filter f_dns-a { host(dns-a); };
destination d_dns-a { file("/var/log/machine/$YEAR/$MONTH/$HOST.$DAY");};
log { source(external); filter(f_dns-a); destination (d_dns-a); };
- Vinay Bharel <vinay@bharel.com>