[syslog-ng] Duplicate Messages in line.
Ricardo A Reis
ricardo_bsd at yahoo.com.br
Wed Jul 27 16:53:02 CEST 2005
Hi all,
I've a problem with squid and loghost saw tail |logger ,
apparently i have duplicate entry in the same line.
Log output,
--------------------
11:42:46 arapacu.epm.br [user.notice] squid_access: 1122475366.008
220 172.16.160.185 TCP_MISS/200 437 GET http://kh.google.com/flatfile? -
DIRECT/216.239.39.93 application/octet-stream squid_access:
1122475366.008 220 172.16.160.185 TCP_MISS/200 437 GET
http://kh.google.com/flatfile? - DIRECT/216.239.39.93
application/octet-stream
--------------------
syslog-ng resume,
--------------------------------------------------------
options {
sync(0);
use_fqdn(yes);
keep_hostname(yes);
chain_hostnames(no);
long_hostnames(no);
create_dirs(yes);
group(syslog);
dir_group(syslog);
perm(0640);
dir_perm(0750);
stats(3600);
time_reopen(10);
log_msg_size(10240);
log_fifo_size(4096);
dns_cache(yes);
use_dns(yes);
stats (3600);
mark (600);
bad_hostname("gconfd");
};
source src {
unix-dgram("/var/run/log");
unix-dgram("/var/run/logpriv" perm(0600));
internal(); file("/dev/klog");
};
source s_stunnel {
tcp(ip("127.0.0.1")
port(514)
keep-alive(yes)
max-connections(300));
};
source s_udp { udp(); };
destination r_squida { file
("/syslog/clients/$HOST/squid_access/$YEAR.$MONTH.$DAY"
template("$HOUR:$MIN:$SEC $HOST
[$FACILITY.$PRIORITY] $MSG $MSG\n") template_escape(no));
};
filter f_squida { match ("squid_access"); };
log { source(src); source(s_udp); source(s_stunnel); filter(f_squida);
destination(r_squida);
flags(final); };
Thanks for Advanced,
Atenciosamente
Ricardo A. Reis
UNIFESP - SENAI
More information about the syslog-ng
mailing list