[rsyslog] Duplicate entries

Rainer Gerhards rgerhards at hq.adiscon.com
Sun May 25 10:57:35 CEST 2008 

Mhhh... I don't see anything bad nor have found any past reference to
duplicated messages. In later versions, this may (very unlinkely) happen
by intension to prevent message loss when a TCP connection breaks. This
was introduced to cope with the unreliability of TCP syslog:

http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.ht
ml

However, this is not in the version you have. Can you report anything
specific on the message duplication? Also, would it be an option to
upgrade to the latest v2-stable version (which is 2.0.5). Note that the
difference is only bug fixes, no new functionality is being added to v2.

Rainer

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Stephen Carville
> Sent: Sunday, May 25, 2008 6:23 AM
> To: rsyslog-users
> Subject: [rsyslog] Duplicate entries
> 
> omething weird is happening with rsyslog.
> 
> The good news is I dont seem to lose anything even when the sub-morons
> in charge of the network load a six month old firewall config when
> they click the wrong button in the GUI.
> 
> The bad news is that, lately, I have been seeing duplicate entries in
> the messages table but not in the other tables.  At first I thought it
> was beacause there might be a few machines still running both syslog
> and rsyslog.  However, I tracked doen and zapped the rogue syslog
> processes and the problem still persists.
> 
> I know I'm a little down rev but I'd like to out off an upgrade unitl
> after the next audit.  However, if this is a "known issue" I'll
> certainly upgrade and take whatever licks it costs.
> 
> Current config:
> 
> $ rsyslogd -v
> rsyslogd 2.0.1, compiled with:
>         FEATURE_PTHREADS (dual-threading):      Yes
>         FEATURE_REGEXP:                         Yes
>         FEATURE_LARGEFILE:                      Yes
>         FEATURE_NETZIP (message compression):   Yes
>         SYSLOG_INET (Internet/remote support):  Yes
>         FEATURE_GSSAPI (GSSAPI Kerberos 5 support):     No
>         FEATURE_DEBUG (debug build, slow code): No
> 
> ############### Server rsyslog.conf file #######################
> 
> $ModLoad MySQL
> 
> *.info;mail.none;authpriv.none;cron.none
> >127.0.0.1,messages,syslogger,<password>
> 
> authpriv.*
> >127.0.0.1,secure,syslogger.<password>
> 
> mail.*                                                  -
> /var/log/maillog
> 
> cron.*                                                  /var/log/cron
> 
> *.emerg                                                 *
> 
> uucp,news.crit
> /var/log/spooler
> 
> local7.*
> /var/log/boot.log
> 
> ###################### Host rsyslog.conf file #######################
> 
> *.info;mail.none;authpriv.none;cron.none       /var/log/messages
> *.info;mail.none;authpriv.none;cron.none    @@scacisys01
> 
> auth,authpriv.*                             /var/log/secure
> auth,authpriv.*                             @@scacisys01
> 
> # Log all the mail messages in one place.
> mail.*                                         -/var/log/maillog
> 
> cron.*                                      /var/log/cron
> 
> *.emerg                                     *
> 
> uucp,news.crit                              /var/log/spooler
> 
> local7.*                                   /var/log/boot.log
> 
> 
> --
> Stephen Carville
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog

More information about the rsyslog mailing list