[syslog-ng] "above message repeats"

Andrew Morris morrisa at telusplanet.net
Tue May 10 18:12:49 CEST 2005 

One of the messages I'm getting (I'm sorting messages by hostname) is 
the "above message repeats n times" message, but syslog-ng is logging 
this under the host "above".  Shouldn't syslog-ng decide what the 
hostname is by the ip address it is connected from?  eg: host A 
connects, syslog-ng looks up the host by it's connecting ip address and 
uses that name resolution as the $HOST variable?  (Note, in this case 
all hosts are in a local hosts file)

So, why would it ever write to the file "above"?

Is this a bug, or am I missing something?

As per my previous messages, here's a quick rundown of the config: (used 
with 1.6.7)

options {
   # Don't trust the sender to supply a hostname.
   keep_hostname(no);
   # Don't track relayed messages.
   chain_hostnames(no);
   # Make sure the hostnames have valid characters.
   check_hostname(yes);
   # Since we're only tracking local hosts, don't worry about the fqdn.
   use_fqdn(no);
   # As soon as we get the log entry, write it to disk.
   sync(0);
   # Set the fifo size to 1024 lines.
   log_fifo_size(1024);
   # Increase the log_msg_size to 8192 bytes.
   log_msg_size(8192);
   # If we need a directory and it doesn't exist, create it and use
   # the permissions shown below.
   create_dirs(yes);
   perm(0644);
   dir_perm(0755);
   # Use an internal dns cache, but don't use any dns lookups.
   dns_cache(yes);
   use_dns(no);
};

source localsyslog {unix-stream("/dev/log");};
source kernellog {file("/proc/kmsg");};
source intsyslog {internal();};
source extsyslog {udp();};

destination syslog-ng {file("/logs/syslog-ng");};
destination messages {file("/var/log/messages");};
destination kernmessages {file("/var/log/kernel");};

destination hosts {
   file("/logs/hosts/$YEAR-$MONTH/$HOST"
        template("$DATE $HOST $MESSAGE\n")
        template_escape(yes)
   );
} ;

destination services {
   file("/logs/services/$YEAR-$MONTH/$PROGRAM"
        template("$DATE $HOST $MESSAGE\n")
        template_escape(yes)
   );
};

filter levelfilter { level(info..emerg); };

log { source(intsyslog); destination(syslog-ng); };
log { source(localsyslog); filter(levelfilter); destination(messages);};
log { source(kernellog); destination(kernmessages);};
log { source(extsyslog); source(localsyslog); destination(hosts); };
log { source(extsyslog); source(localsyslog); destination(services); };

More information about the syslog-ng mailing list