[syslog-ng] Logs sent to wrong destination
Jakub Jankowski
shasta at toxcorp.com
Thu Jul 17 21:16:46 CEST 2014
On 17.07.2014 21:09, Renato Bezerra wrote:
> Hi,
>
> I'm using syslog-ng in a long time, but recently i noted that, in some
> cases, the log has sent to a wrong destination.
>
> I have many devices sending logs to my host, the problem appears when
> the server receive webservers logs, they are delivered to a different
> destination and I don't known how.
>
> here is the configuration:
>
> destination apache {
> file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR"
> owner(ll)
> group(ll)
> perm(0644)
> dir_perm(0755)
> create_dirs(yes));
> };
>
> filter f_apache {
> (
> host("xxx.xxx.xxx.82") or
> host("xxx.xxx.xxx.137")
> );
> };
>
> log {
> source(aaa);
> filter(f_apache);
> destination(apache);
> };
>
> The ip address xxx.xxx.xxx.137 send a duplicate log event to another
> directory, without any other configuration.
>
> Have you seen this?
Well, is that your *entire* configuration? I very much doubt so. You
should post the entire config, not just this snippet. How are we
supposed to know what this "another directory" is, and what filtering
you apply in the log {} block that sends logs to it?
J.
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list