[syslog-ng]Filtering out multiple entries in log files due to different level

Nick Chondropoulos nickc@calgary.geoquest.slb.com
Tue, 2 Apr 2002 13:21:35 -0700 (MST)


I just started testing syslog-ng in our enviroment a few days ago.
I've been able to do what I want for the most part but the one thing 
that I'm stuck on (and it's probably a stupid admin trick I've missed) 
is to remove multiple entries from a log file due to level reporting.

The necessary bit of backgound:

Solaris 8 10/01 on both the client and server.
The config file is:

---------------------------------------------------------------------

options {
   sync(0);
   time_reopen(10);
   log_fifo_size(100);
   keep_hostname (no);
   chain_hostnames (no);
   create_dirs (yes);
};


source net {
   udp ();
};

destination all_by_host-facility {
   file 
("/var/logs/$HOST/$FACILITY/$YEAR/$HOST.$FACILITY.$YEAR.$MONTH.log");
};

destination all_by_facility {
   file 
("/var/logs/$FACILITY/$YEAR/$MONTH/$FACILITY.$LEVEL.$YEAR.$MONTH.log");
};

log {
   source(net);
   destination(all_by_host-facility);
   destination(all_by_facility);
};


---------------------------------------------------------------------

I get the logs to split out by hostname year etc. but I get multiple 
entries in a log file the higher the level. The idea was to log a 
facility per file so I expected a single entry in the log file which I 
guess was a woring assumption.

Is there a way to stop the following from happening:
client> logger -p auth.emerg EMERG

server> tail <log>
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG

and replace it with a single line of:
Apr  1 18:20:00 cdm010 nickc: [ID 702911 auth.emerg] EMERG

Is it even a syslog-ng config question? Maybe it's an OS question.

TIA
Nick

-------------------------------+------------------+-------------------
Nick Chondropoulos             | Schlumberger     |    ZHTW H ELLAS
Senior UNIX Systems Manager    | 525 3rd Ave S.W. | 
nickc@calgary.geoquest.slb.com | Calgary, AB      | If it's not
P) 403-509-4000                | CANADA           | dedicated hardware
F) 403-509-4170                | T2P 0G4          | it's crap!
-------------------------------+------------------+-------------------
                       QUOMODO ARDUUM ESSE POSSIT