[syslog-ng] Syslog-ng writes log entries to 2 different logs
Balazs Scheidler
bazsi at balabit.hu
Mon Sep 27 14:57:12 CEST 2010
On Mon, 2010-09-20 at 12:58 -0400, Burton Simonds wrote:
> I am using syslog-ng 3.1.2 and I am having a problem that I can not figure out.
>
> Our network gear sends messages to syslog-ng, and then it filters them
> based on device type, and name.
>
> There is one firewall, that is matching both the firewalls filter and
> the switches filter, and is subsequently writing to both locations.
>
> in the example below, host 1.2.3.5 is logging to both the switches
> log dir and the firewalls log dir even though it is only referenced in
> the firewalls filter.
>
> Other then the obvious possibilities, (Yes, I have confirmed that the
> ip address is only referenced in one filter) does anyone have any
> ideas on what I should look at?
host() takes a regular expression. Are you sure '.' (which matches any
character) is not biting you here?
--
Bazsi
More information about the syslog-ng
mailing list