Hey all,
I've got a pretty simple configuration as below:
module(load="imudp")
input(type="imudp" port="514")
$template
DynaFile,"/var/log/ext/%HOSTNAME%/%timestamp:::date-month%/%timestamp:::date-day%/%timestamp:::date-hour%.log"
*.* -?DynaFile
This appears to be working but I've noticed this oddity. I'm seeing logs
being sent to 2 locations, not duplicates from the looks of it. The
first location is the one specified in the template above, the other is
being sent to a file called *syslog* in /var/log/syslog. When looking at
the logs I'm not seeing any obvious differences between the messages. I
want all messages to go where I've defined the dynafile location. Does
anyone have any input as to what could be happening?
Here are some examples:
/var/log/ext/10.10.10.10/11/21$ tail 16.log
Nov 21 16:59:59 10.10.10.10 %ASA-6-106100: access-list inside_access_in
denied tcp inside/x.x.x.x(53194) -> outside/x.x.x.x(80) hit-cnt 1 first
hit [0xc58201ba, 0x38466015]
/var/log$ tail syslog
Nov 21 17:01:33 10.10.10.10 %ASA-6-106100: access-list inside_access_in
denied tcp inside/x.x.x.x(49548) -> outside/x.x.x.x(443) hit-cnt 1 first
hit [0xc58201ba, 0x6838bf3c]
Thanks,
Will
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
