[syslog-ng]Strange Directories created [I have read the listserv to no avail]
Nate Campi
syslog-ng@lists.balabit.hu
Sat, 1 Mar 2003 09:41:14 -0800
On Sat, Mar 01, 2003 at 09:05:46PM +1300, Harry Hoffman wrote:
> Hi All,
>
> My syslog-ng server reports various directories based off of kernel-messages
> instead of hostnames. I've read the listserv and tried the various options
> suggested by to no avail.
>
> Perhaps someone can help with a suggestion as to what is going wrong here?
>
> Info:
> syslog-ng-1.5.17-1
> config file looks like
> options { use_fqdn(yes); keep_hostname(no); use_dns(yes); long_hostnames(on);
> sync(3); log_fifo_size(1000); };
> ...
> destination hosts {
> file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"
> owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
> ...
> log { source(src); destination(hosts); };
> Directories look like this:
> /var/log/HOSTS
> ?for
> ?set
> host.auckland.ac.nz
>
> Any help would be greatly appreciated. I can't figure out where to go next.
I was going to update the FAQ with my experiences on this the other
night, but I only got around to adding something on truncated long lines.
Anyways, I had the same problem for a couple years, even rewriting
hostnames with the DNS name didn't stop those directories. It wasn't
until I rolled out syslog-ng to all my hosts, and had them log over TCP
did they stop appearing.
It really shouldn't matter what transport you use, but for me it did,
syslog-ng 1.5.x and about 75 linux and 75 solaris syslog clients. I have
a theory but no proof. Tell me, do you have a lot of Solaris syslog
clients?
--
Nate Campi http://www.campin.net