[syslog-ng]Getting Logs in Triplicate

Wolfgang Braun syslog-ng@lists.balabit.hu
Tue, 18 Jan 2005 19:29:11 +0100

On Tue, Jan 18, 2005 at 09:14:49AM -0800, Rhugga wrote:

> So let me understand what you wrote:

> If I use 'logger -p user.err my test message' your saying this is
> getting logged at multiple priorities and/or facilies?

No, but it might get logged by different rules like

*.err		@loghost
user.err	@loghost

This would log your test message twice since syslogd doesn't stop at the
first match.

> Or do you mean:
> user.err     /some/file
> user.crit    /some/file

> Do you mean this syslog config will cause the previous logger statement
> to log twice? If so, that would make sense, but I don't think the
> problem I am seeing is caused by this.

Your example would get logged once I think --  but you got the idea, yes.

> Ugh, I'm at a loss and the documentation is severely limiting.
> Any ideas?

Try this on your Solaris box:

in syslog.conf:

user.debug                                         /var/log/experimental
user.info                                          /var/log/experimental
user.notice                                        /var/log/experimental
user.warning                                       /var/log/experimental
user.err                                           /var/log/experimental
user.crit                                          /var/log/experimental
user.alert                                         /var/log/experimental
user.emerg                                         /var/log/experimental

touch /var/log/experimental
kill -HUP syslogd


# logger -p user.debug 'this gets logged once (1)'
(matches user.debug)

# logger -p user.info 'this gets logged twice (2)'
(matches user.debug and user.info)

# logger -p user.alert 'this gets logged (7) times'
(matches user.debug, ... user.alert)

If it doesn't then I'm wrong obviously ;)

Wolfgang Braun, Dipl.-Inform. (FH)
gpg-key:  1024D/4B32CE55 
gpg-fingerprint: 7F0F DE82 94A5 B476 0E08  4972 AC95 31A3 4B32 CE55