[syslog-ng] Re: logs written twice
Nick Baronian
kvetch at gmail.com
Wed Nov 1 21:07:01 CET 2006
Okay I think I see my problem.
Currently, I am getting the same messages logged to a couple files
For instance, the localhost's log directory has the following in it
-rw-r----- 1 root root 107 Nov 1 14:39 messages
-rw-r----- 1 root root 107 Nov 1 14:39 syslog
both files contain the same messages in the log.
I guess because of my filter lines the syslog file and the messages
file are going to log a lot of the same stuff. Is this correct?
filter f_syslog { not facility(authpriv, mail) and not match(ppp.*LCP); };
filter f_messages { level(info..warn) and not facility(auth, authpriv,
mail, news); };
destination syslog { file("/u01/logs/$HOST/syslog"); };
destination messages { file("/u01/logs/$HOST/messages"); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_messages); destination(messages); };
Is this what most people do? Why not just remove the filter for the
messages since the syslog kind of catches it all and the messages
drops so little?
If I don't want the the same messages logged to both files I would
need to remove one of the two filters, right?
Thanks,
Nick
More information about the syslog-ng
mailing list