[syslog-ng] Logging to dirs with $HOST gives me strange results
Markus Strangl
Markus.Strangl at sonydadc.com
Mon Apr 14 11:51:52 CEST 2008
Hi syslog-ng users,
I'm running a central syslog-ng 2.0.6 server with a rather simple ruleset,
just to collect copies of the
syslogs from a bunch of machines. They are running Solaris 9 and 10, with
the onboard syslog,
forwarding with syslog.conf "*.alert @logso01".
Syslog-NG's logging targets are set up like that:
source net { udp(); };
destination messages { file("/logs/$HOST/messages"); };
log { source(net); filter(f_high); destination(messages); };
Options are set to use the /etc/hosts file, and all hosts are listed
there.
In theory, this should give me one directory for each hosts that's
forwarding its log messages.
However, in practice, I get quite a lot of useless directories as well,
that don't match any real host.
root at logso01:/logs>ls
\"/ \011Corrupt/ \011PLOGI/ \011SONY_AIT/ \011got/
\011offline/
\011/ \011Error/ \011SCSI/ \011failed/ \011i/
\011transport/
(C) SC admso01-qfs archso03-mgm nrgdev
nrgstg jumpso01-qfs testso01
nrgso01 US archso01-mgm archsrv-qfs nrgprod1-qfs
epldev logso01 testso02-qfs
All Use archso01-xfcu by nrgprod2-qfs for
prodso01-mgm
IBM Use, archso02-mgm cutapsrv nrgprod3-qfs
gconfd stgaoma
Licensed Version archso02-xfcu delso01-sn nrgso01-qfs
ddpso01-qfs svnso01-mgm
It looks like under some condition, syslog-ng doesn't use the source
hostname for the $HOST
config directrive, but the first word of the log message. Is this a
(known?) bug, or is there any way
to circumvent that behaviour? Please advise.
Yours
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7069 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080414/dae0e6b9/attachment.bin
More information about the syslog-ng
mailing list