[syslog-ng] concatenated sendmail messages

[Fran Loehmann]

Hi,

I am new to syslog-ng and have set up a system using
eventlog-0.2.5 and syslog-ng-2.0.1

Local sendmail messages seem to have 2 entries together. I am
not sure if something is awry with the config included below,
but it seems to only happen with the sendmail entries from
sendmail running on the log host. 

I am trying to write messages to both /var/log/maillog and
/var/log/archive/2007-01-25. Messages logged from the sending
server seem ok but sendmail running on they log server appear to
be on the same line seperated by <22>. 

Messages in maillog and 2007-01-25 look the same.

Thanks for your help,
Fran

Example:
---------
Jan 25 13:20:12 secmgmt-cs01 sendmail[3050]: l0PIKCSY003050: from=<root at secmgmt-cs02.secmgmt.pvt>, size=619, class=0, nrcpts=1, msgi d=<200701251820.l0PIKCEu004718 at secmgmt-cs02.secmgmt.pvt>, proto=ESMTP, daemon=MTA, relay=secmgmt-cs02.secmgmt.pvt [10.200.1.5]<22>Ja n 25 13:20:12 sendmail[3051]: l0PIKCSY003050: to=<lhmn at secmgmt-cs01.secmgmt.pvt>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30856, dsn=2.0.0, stat=Sent

Config:
-------
#**********
# Options
#**********

options  {
  use_dns(persist-only);
  dns_cache_hosts(/etc/hosts);

  chain_hostnames(no);
  keep_hostname(yes);

  log_fifo_size(4096);
  log_msg_size(8192);

  stats(3600);
  sync(0);
  time_reopen(10);

  bad_hostname("sccp|tmm");
};

#*********
# Sources
#*********

## local
source s_local {
   unix-stream("/dev/log");
   file("/proc/kmsg" log_prefix("kernel: "));
   internal();
};

## remote
source s_remote {
   udp();
   tcp(ip(0.0.0.0) port(514) max-connections(300));
};


#*********
# Filters
#*********

## Local filters
filter f_messages { level(info..emerg); };
filter f_secure   { facility(authpriv); };
filter f_mail     { facility(mail); };
filter f_cron     { facility(cron); };
filter f_emerg    { level(emerg); };
filter f_spooler  { level(crit..emerg) and facility(uucp, news); };
filter f_local7   { facility(local7); };
#filter f_debug    { level(debug); };


## SEC
destination d_sec {
  program("/usr/local/bin/sec.pl -input=\"-\" -conf=/usr/local/etc/sec.conf");
};


## Archive - timestamped archives 
destination d_archive {
  file("/var/log/archive/$R_YEAR-$R_MONTH-$R_DAY" owner("root") group("logs") dir_group("logs") perm(0640) dir_perm(0750) create_dirs(yes));
};

#*****************
# Log statements
#*****************

# Send all logs to sec.pl
log { source(s_local); source(s_remote); destination(d_sec); };

# Send all logs to archive
log { source(s_local); source(s_remote); destination(d_archive); };


# Local logs - order DOES matter !
log { source(s_local); filter(f_emerg); destination(d_console); };
log { source(s_local); filter(f_secure); destination(d_secure); flags(final); };
log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); };
log { source(s_local); filter(f_cron); destination(d_cron); flags(final); };
log { source(s_local); filter(f_spooler); destination(d_spooler); };
log { source(s_local); filter(f_local7); destination(d_bootlog); };
log { source(s_local); filter(f_messages); destination(d_messages); };
#log { source(s_local); filter(f_debug); destination(d_debug); };