[syslog-ng] Logs sent to wrong destination

Renato Bezerra renatobamorim at gmail.com
Thu Jul 17 21:09:26 CEST 2014


Hi,

I'm using syslog-ng in a long time, but recently i noted that, in some
cases, the log has sent to a wrong destination.

I have many devices sending logs to my host, the problem appears when the
server receive webservers logs, they are delivered to a different
destination and I don't known how.

here is the configuration:

destination apache {
       file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR"
       owner(ll)
       group(ll)
       perm(0644)
       dir_perm(0755)
       create_dirs(yes));
};

filter f_apache {
    (
        host("xxx.xxx.xxx.82") or
        host("xxx.xxx.xxx.137")
    );
};

log {
    source(aaa);
    filter(f_apache);
    destination(apache);
};

The ip address xxx.xxx.xxx.137 send a duplicate log event to another
directory, without any other configuration.

Have you seen this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140717/859e7395/attachment.htm 


More information about the syslog-ng mailing list