[syslog-ng] syslog-ng looping problem
Jeff Gates
Jeff.Gates at maxsp.com
Mon Jan 15 23:43:27 CET 2007
Hello,
I'm currently running Fedora 6. I installed eventlog-0.2.6+20070115 and
syslog-ng-2.0.1+20070115 and started syslog-ng and all goes well.
Then if I do a logger command:
logger [test:test123]
this works
but if I run
logger [status:test123]
syslog-ng goes onto a loop and fills up my disk.
This only happens when resolv.conf is configured but the DNS server not
up.
I can reproduce it by setting the resolv.conf to:
domain maxsp.com
#nameserver 192.168.1.53
#nameserver 63.198.110.86
And you can see in the syslog-ng.conf where I'm using the Status in the
filter.
]# cat syslog-ng.conf
options { sync (0);
time_reopen (10);
log_fifo_size (10000);
long_hostnames (on);
use_dns (no);
use_fqdn (yes);
create_dirs (no);
keep_hostname (yes);
};
# Input source for syslog
source src {
internal();
udp();
tcp();
unix-stream("/dev/log");
# file("/proc/kmsg" log_prefix("kernel: "));
};
# Standard Unix syslog bucketes
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
#log { source(src); filter(f_filter1); destination(d_cons); };
#log { source(src); filter(f_filter2); destination(d_mesg); };
log { source(src); filter(f_filter3); destination(d_auth); };
log { source(src); filter(f_filter4); destination(d_mail); };
log { source(src); filter(f_filter5); destination(d_mlal); };
log { source(src); filter(f_filter6); destination(d_spol); };
log { source(src); filter(f_filter7); destination(d_boot); };
log { source(src); filter(f_filter8); destination(d_cron); };
# Filter for useful log data before sending upstream
filter f_apps {
match("[Application:Activescan]")
or match("[Application:Expert]")
or match("[Application:BCAmonitor]")
;
};
filter f_alert_message {
match("Type:High")
or match("Type:Medium")
or match("\\[Status:")
or match("\\[status:")
or match("\\[zippy:")
;
};
# Full log messages file
destination std {
file("/var/log/messages"
owner(root) group(root) perm(0600) dir_perm(0700)
create_dirs(yes)
);
};
log {
source(src);
destination(std);
};
## set up logging to loghost
destination loghost {
tcp("logsink.maxsp.com" port(514));
};
# send to loghost
log {
source(src);
filter(f_apps);
filter(f_alert_message);
destination(loghost);
};
Thanks,
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20070115/a477502c/attachment-0001.htm
More information about the syslog-ng
mailing list