[rsyslog-notify] Forum Thread: logs received on TCP514 show up in /var/log/messages? - (Mode 'post')

[noreply at adiscon.com]

User: leonidas 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26938#p26938

Message: 
----------
Good day, everyone.  I am observing something very strange.  I have a
source generating syslog messages forwarding to an rsyslog server on TCP
10514.  Messages are received, written to a local file, then forwarded to
an Rsyslog collector.  The weird thing is that these received messages are
showing up in /var/log/messages??  I have looked at the config and can't
see any thing that would be doing this.  The config looks something like
this (pretty typical):

module(load="imuxsock"
module(load="imtcp")
input(type=imtcp" port="10514" ruleset="remote")
ruleset 
(name="local")
{
*.info;mail.none;
action( name="varlogmsg" type="omfile" file="/var/log/messages"
template="Rsyslog_FileFormat")      #you can see the local messages are
written to var/log/messages,
...a few others like this
*.info
action(name="archive" type="omfile" file =var/log/archive.log"             
                 #  and a 2nd write to var/log/archive.log file in a
completely different directory
}                                                                          
                                   

$defaultruleset local                                                      
              #set this so that any messages not bound would have a
ruleset.  I wonder if this is the problem??

#  Now we have the write of the received messages to the same archive file
ruleset
(name="remote")
{
action(name="writeremote" type="omfile"   file="/var/log/archive.log"
template="RSYSLOG_ForwardFormat")    and a 2nd write to var/log/archive.log
file
 in a completely different directory
}