[syslog-ng] file written in the wrong place

[Paolo Supino]

Hi 

 I've installed syslog-ng 1.6.8 on a Linux FC4 system to act as a
centeralized logging server. For a while everything was fine, until I
tried to add another statement to one of the filters. After the
addition syslog-ng started writing the destination files in the wrong
places, writing the same file in 2 locations and ignoring messages sent
from certain origins. 
Here are the relevant parts of my syslog-ng.conf: 
# Global options
options { sync (0);
          time_reopen (1);
          log_fifo_size (999999);
          long_hostnames (yes);
          use_dns (yes);
          dns_cache(yes);
          dns_cache_size(1000);
          dns_cache_expire(604800);
          use_fqdn (yes);
          create_dirs (yes);
          keep_hostname (yes);
        };

# source
source s_net { udp(ip("192.168.1.100") port(514)); };

# destinations
destination d_switch { file("/var/log/company/switches/$HOST.log"
perm(0644)); };
destination d_edge { file("/var/log/company/edge_devices/$HOST.log"
perm(0644)); };
destination d_fw { file("/var/log/company/firewalls/$HOST.log"
perm(0644)); };
destination d_router { file("/var/log/company/routers/$HOST.log"
perm(0644)); };

# filters
filter f_edge        { host("edge*") or host("10.10.*"); };
filter f_router      { host("3600-primary") or host("backbone-3550") or
host("secondary-3550"); };
filter f_switch      { host("sw*") or host("backbone-5510") or
host(pp8600*); };
filter f_fw          { host("fw*"); };

# wrap everything up
log { source(s_net); filter(f_switch); destination(d_switch); };
log { source(s_net); filter(f_router); destination(d_router); };
log { source(s_net); filter(f_edge); destination(d_edge); };
log { source(s_net); filter(f_fw); destination(d_fw); };


# end of configuration file 

when I run the command `find /var/log/company -type f -print` I get the
following output: 
./firewalls/fw-backup.log
./firewalls/edge-location1.log
./firewalls/fwmgmt.log
./edge_devices/edge-location2.log
./edge_devices/edge-location3.log
./edge_devices/edge-location4.log
./edge_devices/edge-location5.log
./edge_devices/edge-location6.log
./edge_devices/edge-location7.log
./edge_devices/edge-location8.log
./edge_devices/edge-location9.log
./edge_devices/edge-location1.log
./edge_devices/edge-location10.log
./edge_devices/edge-location11.log
./switches/edge-location3.log
./switches/fw-backup.log
./switches/edge-location6.log
./switches/edge-location7.log
./switches/edge-location11.log
./switches/edge-location12.log

I tried to upgrade syslog-ng to 1.6.9 but it didn't resolve the
problems. Any idea on why this happnes and how to fix this will be
greatly appriciated.


TIA 
Paolo 

PS - the systems sending the syslog messages are nortel switches,
Checkpoint firewalls and edge devices. 








	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/