[syslog-ng]problem with multiply-defined source/filter/destin ation combinations?
Balazs Scheidler
bazsi@balabit.hu
Mon, 13 Jan 2003 15:04:57 +0100
On Mon, Jan 13, 2003 at 08:44:12AM -0500, Hamilton, Andrew wrote:
> Well. That was a hefty message. Anyway, syslog-ng will typically log
> messages only once unless you tell it otherwise. This is the default
> behavior. You may think that by adding another log line that sends the same
> message to a different destination you are telling it to do just that. That
> is incorrect. Once a message is logged it is then forgotten in a sense.
> The way to do this is to use multiple destinations on the same line. (i.e.,
> log { source(src); filter(filter1); destination(d1); destination(d2); }; ).
> This works well for me, I have been doing it for nearly 4 years. Syslog-ng
> will do exactly what you want to do you just have to tweak it a little. I
> have never done this before but in theory, and I guess someone else from the
> list can correct me if I'm wrong, you could write a log line from multiple
> sources as well. (i.e., log { source(s1); source(s2); filter(f1);
> destination(d1); destination(d2); }; ) etc... I think you can probably get
> the picture. That might help you clean up your config file a little. I hope
> this helps.
You are incorrect at your first point. syslog-ng sends messages to using all
matching log statements, thus:
log { source(src); destination(dst); };
log { source(src); destination(dst); };
results in each message delivered twice.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1