[syslog-ng] strange message handling in syslog-ng
Nate Campi
nate at campin.net
Thu Feb 2 02:19:18 CET 2006
On Wed, Feb 01, 2006 at 09:15:42AM -0800, BURRUSS, RICHARD S (ASI) wrote:
>
> I am trying to set up a new central syslogd server. I want to keep
> logging locally as well as on the new server. I have my syslogd.conf
> from the local machines and my syslog-ng.conf from the central server
> listed below. The problem I am having is that some messages being sent
> to the log server are not being sorted by their hostname field. They are
> instead being broken down into many different directories as shown in
> the example below. So, instead of the message going to the correct
> directory for that hostname it is creating numerous new directories with
> the name of that part of the message beginning with a ".". Odd.
>
> I can't figure out why it is these messages are being handled this way.
> Can anyone help please?
This will help:
http://www.campin.net/syslog-ng/faq.html#bad_filenames
You'll want to stop creating directories based on the $HOST macro, you
get bogus values in there all the time. The ones you know about can be
eliminated using the bad_hostname() option, but you should use a macro
like $HOST_FROM, as detailed in the FAQ.
HTH,
--
Nate
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.
More information about the syslog-ng
mailing list