[syslog-ng] prevent duplicate messages in logs

Balazs Scheidler bazsi77 at gmail.com
Mon Jul 23 21:27:50 CEST 2012 

The best solution would be to use embedded log statements to take care
for local logging, then the top-most rule can be marked as final.

http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/index.html-single.html#concepts_embedded_logpaths


On Mon, Jul 23, 2012 at 9:31 AM, Sergey Naumov <sknaumov at gmail.com> wrote:
> It seems that a way to prevent duplicates is to save LogDestGroup
> pointers or names (to which message was already logged) into
> LogMessage struct. Then groupfinal flag can be introduced to prevent
> message to be logged twice to the same LogDestGroup. Are LogDestGroup
> pointers unique (one to one match between pointer value and group
> name)?
>
> Thanks in advance,
> Sergey Naumov.
>
> 2012/7/23, Sergey Naumov <sknaumov at gmail.com>:
>> Hello.
>>
>> I would like to ask what mechanism syslog-ng provides to prevent
>> duplicate messages in a log. In most common scenarios I can use
>> "final" flag, for example, when I want only logging on a local machine
>> (so when I have a single destination). But imagine, that user can
>> specify any combination of facilities/priorities and destinations, for
>> example, user want to log auth/>=info and all/>=notice to local
>> machine and auth/>=debug to remote. Then I have a problem: I can't use
>> "final" flag for these entries, because some messages (say
>> auth/>=info) will not be logged to remote host, but only auth/debug,
>> and if I don't use final flag, there will be duplicates of all
>> auth/>=notice messages in the local log. Is there a way to solve this
>> problem in general?
>> One way is to make a separate log entry for each facility/priority
>> combination and group all destinations there, but it won't work if
>> user specify some additional custom filters.
>>
>> Thanks in advance,
>> Sergey Naumov.
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>



-- 
Bazsi

More information about the syslog-ng mailing list