is there a reason not to just say
*.* @@rsyslog-server
and forward all of your logs there?
I think the issue is that auth and security map to the same value (looking
at the rsyslog documentation page, it identifies that auth and security do
the same thing)
David Lang
On Fri, 8 Jul 2011, Silas Silva wrote:
Date: Fri, 8 Jul 2011 17:47:17 -0300
From: Silas Silva <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: [email protected]
Subject: [rsyslog] Rsyslog logging sshd. Strange behaviour: duplicated sshd
log.
Hello all!
I'm using rsyslog in a cluster system to make a central log. In a
machine, I have the following rsyslog.conf snippet:
auth.* @@rsyslog-server
authpriv.* @@rsyslog-server
daemon.* @@rsyslog-server
kern.* @@rsyslog-server
security.* @@rsyslog-server
user.* @@rsyslog-server
The problem is that, if I have security.* uncommented, sshd output
(connect, disconnect, etc.) is duplicated. If I just let it commmented,
it logs just one line. I'm pretty sure my /etc/ssh/sshd_config has
SyslogFacility AUTH and LogLevel INFO.
rsyslog-server also has the same configuration snippet, so if I let
security.* uncommented, it duplicates sshd messages, 2 (because they are
already duplicated) turns 4.
Any help on this?
Thank you very much.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
