[syslog-ng]Entries being logged to /var/log/messages as wellas /var/log/HOSTS//$MONTH/$DAY/$HOS

Bill Nash syslog-ng@lists.balabit.hu
Sat, 29 Jan 2005 10:46:15 -0800 (PST) 

Syslog will log to multiple destinations if you set them. As below, you 
have multiple facilities still logging to messages.

Does your 'src' source include your network ports, for receiving data from 
remote hosts? If it does, separate it to a new source and pair it with 
your 'std' destination, exclusively. This will keep your local logs 
separate from your remote logs.

- billn

On Sat, 29 Jan 2005, Fred Turner wrote:

> Sure, it's as follows.
>
> destination debug { file("/var/log/debug"); };
> destination messages { file("/var/log/messages"); };
>
>
> log { source(src); filter(f_daemon); destination(messages); };
> log { source(src); filter(f_kern); destination(messages); };
> log { source(src); filter(f_lpr); destination(lpr); };
> log { source(src); filter(f_mail); destination(mail); };
> log { source(src); filter(f_user); destination(messages); };
> log { source(src); filter(f_uucp); destination(uucp); };
> log { source(src); filter(f_mail); destination(maillog); };
> log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
> log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
> log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
> log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
> log { source(src); filter(f_news); filter(f_err); destination(newserr); };
> log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
> log { source(src); filter(f_messages); destination(messages); };
> log { source(src); filter(f_emergency); destination(console); };
>
>
>
>
>>>> Bill Nash <billn@billn.net> 1/29/2005 1:15:26 PM >>>
>
> Can you include your log directive? Chances are, that's the culprit.
>
> - billn
>
>
> On Sat, 29 Jan 2005, Fred Turner wrote:
>
>> Hi, I'm new to syslog-ng and have configured it to be a loghost for many different firewall appliances. So I setup an automatic sorting entry as per the faq as follows:
>>
>> destination std {
>>        file("/var/log/HOSTS/$MONTH/$DAY/$HOST-$YEAR-$MONTH-$DAY"
>>                owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
>>        );
>>
>>
>> Which works prefect The only problem is that it's also putting them in the /var/log/messages log.
>>
>> How Can I stop the behavior as it's creating a huge /var/log/messages log.
>>
>>
>> Thanks
>>
>>
>> ==================================================================
>>
>> NOTE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of BBi Enterprises Inc.
>> Finally, the recipient should check this email and any attachments for the presence of viruses. BBi Enterprises Inc. accepts no liability for any damage caused by any virus transmitted by this email.
>>
>>
>> _______________________________________________
>> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
>> https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>>
>>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>
> ==================================================================
>
> NOTE: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of BBi Enterprises Inc.
> Finally, the recipient should check this email and any attachments for the presence of viruses. BBi Enterprises Inc. accepts no liability for any damage caused by any virus transmitted by this email.
>
>
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>