Hello everybody, I have posted that on syslog-ng mailing-list, but i don't have any answer for now... I try to submit my problem to debian's experts ;)
-- I work for a lange society, and we use syslog-ng for 5 years now. We have a centralized server with storage tank to keep logs securly. Concretely, we have 2 centralized servers syslog-ng in chrooted environement, and 50 clients servers. Since we use TLS transport in place of stunnel workaround, we have many issues : - First of all, many logs aren't writen in $HOST folder but in IPADDRESS folder. So, to be clear, this is an exemple : # ls drwxr-x--- 8 root adm 4,0K 1 mars 00:07 10.0.0.1 drwxr-x--- 53 root adm 4,0K 19 mars 00:35 host1 I assume that host1 have 10.0.0.1 IP address and # tree 192.168.100.79/2012-03/ 10.0.0.1/2012-03/ ├── 02-user-10.0.0.1.log.bz2 ├── 06-user-10.0.0.1.log.bz2 ├── 07-user-10.0.0.1.log.bz2 ├── 08-user-10.0.0.1.log.bz2 ├── 09-user-10.0.0.1.log.bz2 ├── 12-user-10.0.0.1.log.bz2 ├── 13-user-10.0.0.1.log.bz2 ├── 14-user-10.0.0.1.log.bz2 ├── 15-user-10.0.0.1.log.bz2 ├── 16-user-10.0.0.1.log.bz2 └── 19-user-10.0.0.1.log # tree host1/2012-03/ |grep 19- ├── 19-apache.access-host1.log ├── 19-apache.error-host1.log ├── 19-authpriv-host1.log ├── 19-auth-host1.log ├── 19-cron-host1.log ├── 19-daemon-host1.log ├── 19-kern-host1.log ├── 19-mail-host1.log ├── 19-nagios-host1.log ├── 19-puppetd-host1.log ├── 19-syslog-host1.log └── 19-user-host1.log (we have this problem with many servers) In facility "user" for host 10.0.0.1 in fact i have log for snmptrapd... But why ?? We have config for snmpd but not for snmptrapd... So i have tried to define a default facility => failed After i have tried many dns and hostnames options => failed As anyone here have a way to search for me ? If you need more details, i'm your's. Kind regards. -- JG