[syslog-ng]Getting Logs in Triplicate

Rhugga syslog-ng@lists.balabit.hu
Mon, 17 Jan 2005 06:52:44 -0800 (PST) 

I'm trying to parse cron, mail, and everything else into 3 files but getting 3 copies of each log
entry. I also want copies of each log message to be placed in a subdirectory based on each
hostname. (So I should have 2 copies of each log message, one in the appropriate master file and
then one in the appropriate file under a directory with same name as the source host)

Here is my conf:
<snip>
# Catch All Filter For Mail and Everything Else
filter f_master_syslogs   { not facility(mail) and not facility(cron); };
filter f_master_maillogs  { facility(mail); };
filter f_master_cronlogs  { facility(cron); };

destination master_syslogs  { file("/var/log/syrrx/master_syslog", owner(root), group(root),
perm(0640), dir_perm(0750), create_dirs(yes), ); };
destination master_maillogs { file("/var/log/syrrx/master_maillog", owner(root), group(root),
perm(0640), dir_perm(0750), create_dirs(yes), ); };
destination master_cronlogs { file("/var/log/syrrx/master_cronlog", owner(root), group(root),
perm(0640), dir_perm(0750), create_dirs(yes), ); };
destination host_logs  { file("/var/log/syrrx/$HOST/syslog", owner(root), group(root), perm(0640),
dir_perm(0750), create_dirs(yes), ); };
destination host_mail  { file("/var/log/syrrx/$HOST/maillog", owner(root), group(root),
perm(0640), dir_perm(0750), create_dirs(yes), ); }


destination console { file("/dev/tty10"); };
log { source(src); filter(f_console); destination(console); };

destination xconsole { pipe("/dev/xconsole"); };
log { source(src); filter(f_console); destination(xconsole); };

destination root { usertty("root"); };
log { source(src); filter(f_alert); destination(root); };

# Catch All
log { source(src); filter(f_master_syslogs); destination(master_syslogs); };
log { source(src); filter(f_master_maillogs); destination(master_maillogs); };
log { source(src); filter(f_master_cronlogs); destination(master_cronlogs); };


# Host Based Log Files
log { source(src); filter(f_file-0202); destination(host_logs); };
log { source(src); filter(f_file-0201); destination(host_logs); };
....

log { source(src); filter(f_db-0201_mail); destination(host_mail); };
log { source(src); filter(f_db-0202_mail); destination(host_mail); };
....


Currently I get 3 copies of each log in both places. (the master log and then the one under the
host's subdirectory)

Any ideas what I missed?

=====
Chuck Carson - Sr. Systems Engineer
Syrrx, Inc. - www.syrrx.com
10410 Science Center Drive
San Diego, CA 92121
Work: 858.622.8528
Fax:  858.550.0526