[syslog-ng] Syslog-ng writes log entries to 2 different logs
Matthew Hall
mhall at mhcomputing.net
Mon Sep 20 19:17:46 CEST 2010
On Mon, Sep 20, 2010 at 12:58:47PM -0400, Burton Simonds wrote:
> in the example below, host 1.2.3.5 is logging to both the switches
> log dir and the firewalls log dir even though it is only referenced in
> the firewalls filter.
>
> Other then the obvious possibilities, (Yes, I have confirmed that the
> ip address is only referenced in one filter) does anyone have any
> ideas on what I should look at?
It might be worth trying the appropriate combinations of -d and -v to
get some debug tracing data on the way the logs are being processed.
Hopefully somebody who has used the host filter could help in more
detail. I have not needed that one yet because there are way too many
hosts on my network for it to help me.
Matthew.
More information about the syslog-ng
mailing list