[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    Re: [syslog-ng]missing messages
From:       Kevin <kkadow () gmail ! com>
Date:       2005-04-29 21:52:42
Message-ID: dc718edc05042914524abe4c8b () mail ! gmail ! com
[Download RAW message or body]

On 4/28/05, Andrew Culver <aculver@uwo.ca> wrote:
> I have syslog-ng running on a central logging host. Messages received
> are stored first in a per-host log and then in a per-facility log. The
> messages that go into the per-facility logs depend on filters that I
> define, but EVERYTHING from a host should appear in its per-host logs.
> 
> I'm finding that many messages from some hosts are appearing in the
> per-service log but not in the per-host logs. Has anyone else
> experienced anything like this? Any solutions? TIA

Interesting problem. I notice that your per-host filters use pattern matches,
but the per-service logs are matches against the log facility.  Perhaps there
is something about the messages or the pattern that causes some
of the events not to match the host patterns?

I have something similar, where I log messages to certain destinations based
on the source host, and separately match on priority to send  'critical'
messages to an additional destination.

To accomplish this, I use a set of exact matches instead of regex patterns,
so my filters look like filter f_somehost { host("host") or host("ip") };


Do you see any pattern in time or content or format for events that do not
get written to the per-host logfile?

Kevin Kadow
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html


[prev in list] [next in list] [prev in thread] [next in thread]