[syslog-ng] Hosts Logging Into Multiple Destinations (files) Bad Filter???

wiskbroom at hotmail.com wiskbroom at hotmail.com
Thu Jan 17 21:59:30 CET 2008 

Hello;

I thought that I had all of my hosts setup to log into /var/log/ABCcorp/$FULLHOST/$FULLHOST.log by default if not already defined by another filter, but I am seeing that they log to multiple destinations instead.

For instance, I have a host named linksys-1000, logs for this host get sent into:

/var/log/ABCcorp/accesspoints/linksys-1000/linksys-1000.log

as well as 

/var/log/ABCcorp/linksys-1000/linksys-1000.log

Also, I do not understand how /var/log/ABCcorp/$FULLHOST/$FULLHOST.log gets created and used in the first place, there is no filter setup like this.


Thanks all,

.vp


Here is a sample of my config file:

###########
# Destinations #
##########

destination D_switch       { file("/var/log/ABCcorp/switches/$FULLHOST.log"
                             perm(0644)); };
destination D_edge         { file("/var/log/ABCcorp/edge_devices/$FULLHOST.log"                        perm(0644)); };
destination D_firewall     { file("/var/log/ABCcorp/firewalls/$FULLHOST.log"                           perm(0644)); };
destination D_router       { file("/var/log/ABCcorp/routers/$FULLHOST.log"
                             perm(0644)); };
destination D_accesspoints { file("/var/log/ABCcorp/accesspoints/$FULLHOST.log"
                             perm(0644)); };
destination D_udp          { file("/var/log/ABCcorp/$FULLHOST.log"
                             perm(0644)); };

destination D_hosts          { file("/var/log/ABCcorp/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$HOST_$YEAR_$MONTH_$DAY"
                             owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };

#######
# Filters #
#######

destination D_db_discard     { file("/var/log/discard.log"); };


destination D_db_mysql {
        pipe("/var/log/mysql.pipe"
                template("INSERT INTO logs
                (host, facility, priority, level, tag, datetime, program, msg)
                VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC',
                '$PROGRAM', '$MSG' );\n") template-escape(yes));


filter F_edge        { host("edge*") or host("192.116.*"); };
filter F_router      { host("gw*") or host("rtr") or host("router"); };
filter F_switch      { host("sw*") or host("sw1") or host("sw2"); };
filter F_firewall    { host("^fw*"); };
filter F_accesspoints { host("^linksys*"); };
filter F_InternetIP  { host("192.116.19.*"); };

#######
#  Logs   #
#######

log { source(S_udp); filter(F_switch); destination(D_switch); };
log { source(S_udp); filter(F_router); destination(D_router); };
log { source(S_udp); filter(F_edge); destination(D_edge); };
log { source(S_udp); filter(F_firewall); destination(D_firewall); };
log { source(S_udp); filter(F_accesspoints); destination(D_accesspoints); };


log { source(S_udp); destination(D_udp);};
log { source(S_udp); destination(D_db_mysql); };




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20080117/9be99bbf/attachment.htm

More information about the syslog-ng mailing list