[syslog-ng]Getting Logs in Triplicate
Wolfgang Braun
syslog-ng@lists.balabit.hu
Tue, 18 Jan 2005 19:29:11 +0100
On Tue, Jan 18, 2005 at 09:14:49AM -0800, Rhugga wrote:
> So let me understand what you wrote:
> If I use 'logger -p user.err my test message' your saying this is
> getting logged at multiple priorities and/or facilies?
No, but it might get logged by different rules like
*.err @loghost
user.err @loghost
This would log your test message twice since syslogd doesn't stop at the
first match.
> Or do you mean:
>
> user.err /some/file
> user.crit /some/file
> Do you mean this syslog config will cause the previous logger statement
> to log twice? If so, that would make sense, but I don't think the
> problem I am seeing is caused by this.
Your example would get logged once I think -- but you got the idea, yes.
> Ugh, I'm at a loss and the documentation is severely limiting.
>
> Any ideas?
Try this on your Solaris box:
in syslog.conf:
user.debug /var/log/experimental
user.info /var/log/experimental
user.notice /var/log/experimental
user.warning /var/log/experimental
user.err /var/log/experimental
user.crit /var/log/experimental
user.alert /var/log/experimental
user.emerg /var/log/experimental
touch /var/log/experimental
kill -HUP syslogd
then
# logger -p user.debug 'this gets logged once (1)'
(matches user.debug)
# logger -p user.info 'this gets logged twice (2)'
(matches user.debug and user.info)
# logger -p user.alert 'this gets logged (7) times'
(matches user.debug, ... user.alert)
If it doesn't then I'm wrong obviously ;)
--
Wolfgang Braun, Dipl.-Inform. (FH)
<wolfgang.braun@gmx.de>
gpg-key: 1024D/4B32CE55
gpg-fingerprint: 7F0F DE82 94A5 B476 0E08 4972 AC95 31A3 4B32 CE55