LINUX.ORG.RU

Syslog-ng дублирует сообщения.


0

1

Здравствуйте. Что-то творится с syslog-ng, он почему то дважды дублирует сообщения. Вот конфиг:


source src_lst22 { udp(ip("192.168.101.122") port(515)); };
destination messages_hst { file("/var/log.hosting/$HOST/messages.$HOST"); };
destination security_hst { file("/var/log.hosting/$HOST/security.$HOST"); };
destination authlog_hst { file("/var/log.hosting/$HOST/auth.log.$HOST"); };
destination maillog_hst { file("/var/log.hosting/$HOST/maillog.$HOST"); };
......
......
......
filter f_auth { facility(auth); };
filter f_authpriv { facility(authpriv); };
filter f_not_authpriv { not facility(authpriv); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_ftp { facility(ftp); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_security { facility(security); };
filter f_user { facility(user); };
filter f_uucp { facility(uucp); };
filter f_local0 { facility(local0); };
filter f_local1 { facility(local1); };
filter f_local2 { facility(local2); };
filter f_local3 { facility(local3); };
filter f_local4 { facility(local4); };
filter f_local5 { facility(local5); };
filter f_local6 { facility(local6); };
filter f_local7 { facility(local7); };
filter no_apache { not facility(local2); };
filter f_messages { level(info) and not facility(auth, authpriv, mail, news); };
filter httpd_pr { program(httpd);};
filter nginx_pr { program(nginx);};
filter f_emerg { level(emerg); };
filter f_alert { level(alert..emerg); };
filter f_crit { level(crit..emerg); };
filter f_err { level(err..emerg); };
filter f_warning { level(warning..emerg); };
filter f_notice { level(notice..emerg); };
filter f_info { level(info..emerg); };
filter f_debug { level(debug..emerg); };
filter f_is_debug { level(debug); };
filter only_info { level(info); };
filter only_err  { level(err); };
filter f_ppp { program("ppp"); };
filter f_slip { program("startslip"); };
filter f_proftpd { program("proftpd"); };
filter f_clamd { program("clamd");};
filter f_clamd_not { not program("clamd");};
filter f_proftpd_not { not program("proftpd"); };
filter f_clamscan { program("clamscan");};
filter f_apache_not { not program ("apache");};
filter f_cron_not {not program ("cron");};
log { source(src_lst22); filter(f_err); filter(no_apache);destination(console_hst);  flags(final); };
log { source(src_lst22); filter(f_kern); filter(f_warning);filter(no_apache); destination(console_hst); flags(final);  };
log { source(src_lst22); filter(f_auth); filter(f_notice);filter(no_apache); destination(console_hst); flags(final); };
log { source(src_lst22); filter(f_mail); filter(f_crit);filter(no_apache); destination(console_hst); flags(final); };
log { source(src_lst22); filter(f_kern); filter(f_debug);filter(no_apache); destination(messages_hst); flags(final); };
log { source(src_lst22); filter(f_lpr); filter(f_info);filter(no_apache); destination(messages_hst); flags(final); };
log { source(src_lst22); filter(f_mail); filter(f_crit);filter(no_apache); destination(messages_hst); flags(final);  };
log { source(src_lst22); filter(f_news); filter(f_err);filter(no_apache); destination(messages_hst); flags(final);  };
log { source(src_lst22); filter(f_security); destination(security_hst); flags(final); };
log { source(src_lst22); filter(f_auth); filter(f_info); destination(authlog_hst); flags(final);  };
log { source(src_lst22); filter(f_authpriv);  filter(f_auth);  filter(f_info); destination(authlog_hst); flags(final);  };
log { source(src_lst22); filter(f_mail); filter(f_info); filter(f_clamd_not);destination(maillog_hst);flags(final); };
log { source(src_lst22); filter(f_lpr); filter(f_info); destination(lpd-errs_hst); flags(final);  };
log { source(src_lst22); filter(f_ftp); filter(f_info); destination(xferlog_hst); flags(final);  };
log { source(src_lst22); filter(f_cron); destination(cron_hst); flags(final);  };
log { source(src_lst22); filter(f_is_debug); destination(debuglog_hst); flags(final);  };
log { source(src_lst22); filter(f_emerg); destination(allusers_hst); flags(final);  };
log { source(src_lst22); filter(f_slip); destination(slip_hst); flags(final); };
log { source(src_lst22); filter(f_ppp); destination(ppp_hst); flags(final); };
log { source(src_lst22); filter(f_proftpd); destination(proftpd_hst); flags(final); };
log { source(src_lst22); filter(f_ftp); destination(proftpd_hst); flags(final); };
log { source(src_lst22); filter(f_clamd); destination(clamd_hst); flags(final); };
log { source(src_lst22); filter(f_local3); filter(f_info); destination(clamscan_hst); flags(final); };
log { source(src_lst22); filter(f_local6); filter(f_info); destination(svn.up_hst); flags(final); };
log { source(src_lst22); filter(f_local2); filter(only_info); destination(apache_hst_access); flags(final);};
log { source(src_lst22); filter(f_local2); filter(only_err);  destination(apache_hst);  flags(final); };
log { source(src_lst22); filter(f_local7); filter(only_err);  destination(nginx_hst);  flags(final); };
log { source(src_lst22); filter(f_local7); filter(only_info); destination(nginx_hst_access);  flags(final); };
log { source(src_lst22); filter(f_local4); filter(only_info); destination(php_hst);  flags(final); };
log { source(src_lst22); filter(f_messages);filter(no_apache); filter(f_cron_not);  destination(messages_hst);  flags(final); };
log { source(src_lst22); filter(f_notice); filter(f_proftpd_not); filter(f_not_authpriv); filter(no_apache); destination(messages_hst); flags(final); };

Открываем lst122# tail -f auth.log.lsp13

Jun 27 14:16:18 lsp13 su: amihailov to root on /dev/pts/0
Jun 27 14:16:18 lsp13 su: amihailov to root on /dev/pts/0
Jun 27 14:16:18 lsp13 su: amihailov to root on /dev/pts/0
Jun 27 14:16:18 lsp13 su: amihailov to root on /dev/pts/0
Jun 28 15:44:29 lsp13 sshd[38277]: Received disconnect from 192.168.0.241: 11: disconnected by user
Jun 28 15:44:29 lsp13 sshd[38277]: Received disconnect from 192.168.0.241: 11: disconnected by user
И во многих лог файлов аналогично.

★★★★

Проблема была в источнике - syslog, который слал сообщения, слал их дважды.

Slack ★★★★ ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.