[gentoo-user] syslog-ng problem after updating to 3.8

[gentoo-user] syslog-ng problem after updating to 3.8

[covici]

[-- Attachment #1: Type: text/plain, Size: 372 bytes --]

Hi.  I was using syslog-ng 3.7 without any errors,  but after upgrading
to 3.8, every day during my cron.daily, I get two copies of the message
which says
error: syslog-ng:7 duplicate log entry for /var/log/messages

I could not find  any release notes to tell me what they did which would
cause this error -- anybody have a clue?


Thanks in advance for any suggestions.

[-- Attachment #2: syslog-ng.conf --]
[-- Type: text/plain, Size: 3556 bytes --]

@version: 3.4
# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo,v 1.2 2013/06/02 01:18:35 mr_bones_ Exp $
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/show_bug.cgi?id=426814
@include "scl.conf"


options { dir_perm(0755); perm(0644); chain_hostnames(no);
     threaded(yes);
     chain_hostnames(no);

     # The default action of syslog-ng is to log a STATS line
     # to the file every 10 minutes.  That's pretty ugly after a while.
     # Change it to every 12 hours so you get a nice daily update of
     # how many messages syslog-ng missed (0).
     stats_freq(43200);
     # The default action of syslog-ng is to log a MARK line
     # to the file every 20 minutes.  That's seems high for most
     # people so turn it down to once an hour.  Set it to zero
     # if you don't want the functionality at all.
     mark_freq(3600);
          keep_hostname(yes); };

source local {
unix-dgram("/run/systemd/journal/syslog");
	udp(ip(0.0.0.0) port(514));
	internal();
};

# kern.=debug						/var/log/kernel

filter f_1 {
	facility(kern) and level(debug..emerg);
};

destination d_1 { 
	file("/var/log/kernel" create_dirs(yes));
};

log { source(local); filter(f_1); destination(d_1); };

# kern.err							/dev/console

filter f_2 {
	facility(kern) and level(err..emerg);
};

destination d_2 { 
	file("/dev/console" create_dirs(yes));
};

log { source(local); filter(f_2); destination(d_2); };

# *.debug;mail.none;news.none;authpriv.none	   /var/log/messages

filter f_3 {
	level(debug..emerg);
};

filter f_4 {
	not facility(mail);
};

filter f_5 {
	not facility(news);
};

filter f_6 {
	not facility(authpriv);
};

destination d_3 { 
	file("/var/log/messages" create_dirs(yes));
};

log { source(local); filter(f_3); filter(f_4); filter(f_5); filter(f_6); destination(d_3); };

# authpriv.*	/var/log/secure

filter f_7 {
	facility(authpriv) and level(debug..emerg);
};

destination d_4 { 
	file("/var/log/secure" create_dirs(yes));
};

log { source(local); filter(f_7); destination(d_4); };

# mail.*	/var/log/maillog

filter f_8 {
	facility(mail) and level(debug..emerg);
};

destination d_5 { 
	file("/var/log/maillog" create_dirs(yes));
};

log { source(local); filter(f_8); destination(d_5); };

# *.emerg *

filter f_9 {
	level(emerg);
};

destination d_6 { 
	usertty("*");
};

log { source(local); filter(f_9); destination(d_6); };

# news.=crit	 /var/log/news/news.crit

filter f_10 {
	facility(news) and level(crit..emerg);
};

destination d_7 { 
	file("/var/log/news/news.crit" create_dirs(yes));
};

log { source(local); filter(f_10); destination(d_7); };

# news.=err		 /var/log/news/news.err

filter f_11 {
	facility(news) and level(err..emerg);
};

destination d_8 { 
	file("/var/log/news/news.err" create_dirs(yes));
};

log { source(local); filter(f_11); destination(d_8); };

# news.notice	 /var/log/news/news.notice

filter f_12 {
	facility(news) and level(notice..emerg);
};

destination d_9 { 
	file("/var/log/news/news.notice" create_dirs(yes));
};

log { source(local); filter(f_12); destination(d_9); };

# local7.*	  /var/log/boot.log

filter f_13 {
	facility(local7) and level(debug..emerg);
};

destination d_10 { 
	file("/var/log/boot.log" create_dirs(yes));
};

log { source(local); filter(f_13); destination(d_10); };

# local0.*     /var/log/dhcpcd.log

filter f_14 {
	facility(local0) and level(debug..emerg);
};

destination d_11 { 
	file("/var/log/dhcpcd.log" create_dirs(yes));
};

log { source(local); filter(f_14); destination(d_11); };


[-- Attachment #3: Type: text/plain, Size: 151 bytes --]



-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici@ccs.covici.com

Re: [gentoo-user] syslog-ng problem after updating to 3.8

[Alan McKinnon]

On 10/07/2014 13:27, covici@ccs.covici.com wrote:
> Hi.  I was using syslog-ng 3.7 without any errors,  but after upgrading
> to 3.8, 


I take it you mean 3.4.7 -> 3.4.8?

> every day during my cron.daily, I get two copies of the message
> which says
> error: syslog-ng:7 duplicate log entry for /var/log/messages
> 
> I could not find  any release notes to tell me what they did which would
> cause this error -- anybody have a clue?


It's been a while since I dealt with that beast called syslog-ng, but
looking at your .conf I see:

log { source(local); filter(f_3); filter(f_4); filter(f_5); filter(f_6);
destination(d_3); };


Single log entries can easily match many of those filters leading to
duplicate entries all being written to d_3

The final flag is what deals with that. Use it in your filters to stop
processing for that message when matched.



I can't explain the change since 3.4.8 - perhaps it's a bug fix that
didn;t make it into the ChangeLog?




> 
> 
> Thanks in advance for any suggestions.
> 
> 
> 
> 
> 


-- 
Alan McKinnon
alan.mckinnon@gmail.com