[syslog-ng] Logs sent to wrong destination

Renato Bezerra renatobamorim at gmail.com
Thu Jul 17 21:31:05 CEST 2014 

Hi Jakub,

Thanks for the fast reply. I have others conf files, each one to a
different device type that I include on main configuration (just for
organization), all confs are based on "host" filter.

The source is a tcp class on my main configuration, if you judge necessary
I can send the others confs, but on none of then i put this ip address on
filters.




---
Renato Bezerra


2014-07-17 16:16 GMT-03:00 Jakub Jankowski <shasta at toxcorp.com>:

> On 17.07.2014 21:09, Renato Bezerra wrote:
> > Hi,
> >
> > I'm using syslog-ng in a long time, but recently i noted that, in some
> > cases, the log has sent to a wrong destination.
> >
> > I have many devices sending logs to my host, the problem appears when
> > the server receive webservers logs, they are delivered to a different
> > destination and I don't known how.
> >
> > here is the configuration:
> >
> > destination apache {
> >         file("/var/log/webserver/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR"
> >         owner(ll)
> >         group(ll)
> >         perm(0644)
> >         dir_perm(0755)
> >         create_dirs(yes));
> > };
> >
> > filter f_apache {
> >      (
> >          host("xxx.xxx.xxx.82") or
> >          host("xxx.xxx.xxx.137")
> >      );
> > };
> >
> > log {
> >      source(aaa);
> >      filter(f_apache);
> >      destination(apache);
> > };
> >
> > The ip address xxx.xxx.xxx.137 send a duplicate log event to another
> > directory, without any other configuration.
> >
> > Have you seen this?
>
> Well, is that your *entire* configuration? I very much doubt so. You
> should post the entire config, not just this snippet. How are we
> supposed to know what this "another directory" is, and what filtering
> you apply in the log {} block that sends logs to it?
>
>
>
> J.
>
>
> --
> Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
> GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140717/7836e878/attachment.htm

More information about the syslog-ng mailing list