Author: Mark de Vries Date: To: exim users Subject: [exim] Question about syslog_duplication. (problem with dups on
remote syslog-ng host)
It not quite clear to me how this works.
In the spec. 49.4 it says:
- mainlog is mapped to LOG_INFO
- rejectlog is mapped to LOG_NOTICE
- paniclog is mapped to LOG_ALERT
"Many log lines are written to both mainlog and rejectlog, and some are
written to both mainlog and paniclog, so there will be duplicates if
these are routed by syslog to the same place. You can suppress this
duplication by setting syslog_duplication false."
If I set syslog_duplication to false, what happens to a line that is
normally sent to both mainlog and rejectlog? Is it sent as LOG_INFO or
LOG_NOTICE?
My real problem is:
I'm struggling with getting what is normally in the mainlog on a remote
(central) syslog-ng host. I want just a central single "mainlog" of some
exim instances, I don't want some of the stuff - like message headers -
that normally only ends up in the rejectlog.
The exim servers have a normal syslogd which is configured to forward
*.* to the syslog-ng host.
I'm trying different combinations of (no_)syslog_duplication and
filtering of the priority that is sent to the syslog-ng host, and also
which priorities the syslog-ng box is logging. But I keep getting either
no rejections in my log, or I get duplicates.. and the other stuff that
I'm trying to avoid.
Is anyone doing something like this, and what are the options and
syslog(-ng) filtering are you using?