[syslog-ng] How to deal with duplicate log entries
Balazs Scheidler
bazsi at balabit.hu
Mon Jul 26 16:48:44 CEST 2010
On Wed, 2010-07-21 at 12:00 -0700, Chuck wrote:
>
> I have the following log statgements.. (Im basically trying to mirror
> what solaris 10's default syslogl.conf does):
>
> log { source (s_streams); filter (f_emerg);
> destination (l_messages); };
> log { source (s_streams); filter (f_err);
> destination (l_messages); };
> log { source (s_streams); filter (f_kern); filter (f_debug);
> destination (l_messages); };
> log { source (s_streams); filter (f_daemon); filter (f_notice);
> destination (l_messages); };
> log { source (s_streams); filter (f_mail); filter (f_crit);
> destination (l_messages); };
> log { source (s_streams); filter (f_mail); filter (f_debug);
> destination (l_syslog); };
> log { source (s_streams); filter (f_auth); filter (f_info);
> destination (l_authlog); }; # sshd logging
>
> However when sending to daemon.err I get duplicate messages...
>
> Should I change line 2 to this:
> log { source (s_streams); filter (f_err); filter (not
> f_daemon) destination (l_messages); };
>
> Or should I hard-code every facility like so:
> log { source (s_streams); filter (f_err); filter (f_daemon)
> destination (l_messages); };
> log { source (s_streams); filter (f_err); filter (f_mail)
> destination (l_messages); };
> log { source (s_streams); filter (f_err); filter (f_auth)
> destination (l_messages); };
> ...
flags(final) is probably what you are looking for.
--
Bazsi
More information about the syslog-ng
mailing list