[rsyslog] Duplicate entries
Stephen Carville
stephen.carville at gmail.com
Sun May 25 06:23:22 CEST 2008
omething weird is happening with rsyslog.
The good news is I dont seem to lose anything even when the sub-morons
in charge of the network load a six month old firewall config when
they click the wrong button in the GUI.
The bad news is that, lately, I have been seeing duplicate entries in
the messages table but not in the other tables. At first I thought it
was beacause there might be a few machines still running both syslog
and rsyslog. However, I tracked doen and zapped the rogue syslog
processes and the problem still persists.
I know I'm a little down rev but I'd like to out off an upgrade unitl
after the next audit. However, if this is a "known issue" I'll
certainly upgrade and take whatever licks it costs.
Current config:
$ rsyslogd -v
rsyslogd 2.0.1, compiled with:
FEATURE_PTHREADS (dual-threading): Yes
FEATURE_REGEXP: Yes
FEATURE_LARGEFILE: Yes
FEATURE_NETZIP (message compression): Yes
SYSLOG_INET (Internet/remote support): Yes
FEATURE_GSSAPI (GSSAPI Kerberos 5 support): No
FEATURE_DEBUG (debug build, slow code): No
############### Server rsyslog.conf file #######################
$ModLoad MySQL
*.info;mail.none;authpriv.none;cron.none
>127.0.0.1,messages,syslogger,<password>
authpriv.* >127.0.0.1,secure,syslogger.<password>
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
###################### Host rsyslog.conf file #######################
*.info;mail.none;authpriv.none;cron.none /var/log/messages
*.info;mail.none;authpriv.none;cron.none @@scacisys01
auth,authpriv.* /var/log/secure
auth,authpriv.* @@scacisys01
# Log all the mail messages in one place.
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
--
Stephen Carville
More information about the rsyslog
mailing list