[syslog-ng] Syslog-ng writes log entries to 2 different logs
Robert Fekete
frobert at balabit.com
Mon Sep 20 22:34:38 CEST 2010
On 09/20/2010 07:17:46 PM, Matthew Hall wrote:
> On Mon, Sep 20, 2010 at 12:58:47PM -0400, Burton Simonds wrote:
> > in the example below, host 1.2.3.5 is logging to both the switches
> > log dir and the firewalls log dir even though it is only referenced
> in
> > the firewalls filter.
> >
> > Other then the obvious possibilities, (Yes, I have confirmed that
> the
> > ip address is only referenced in one filter) does anyone have any
> > ideas on what I should look at?
>
> It might be worth trying the appropriate combinations of -d and -v to
> get some debug tracing data on the way the logs are being processed.
>
> Hopefully somebody who has used the host filter could help in more
> detail. I have not needed that one yet because there are way too many
> hosts on my network for it to help me.
>
> Matthew.
Hi Burton,
until you find the real reason for the dupplicate messages, you can try
to use the flags(final) option in the first log statement. Maybe it
helps.
Regards,
Robert
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
More information about the syslog-ng
mailing list