Your syslog.conf file is not correct. You have two additional log files declared but you are also logging everything (except mail) to syslog. When you want another logfile, you must exclude that facility from syslog:
mail.debug /var/adm/syslog/mail.log
*.info;mail.none;lpr.none;local2.none;user.none /var/adm/syslog/syslog.log
lpr,local2.debug /tmp/PdLog2
user.info /opt/CA/UnicenterDSM/logs/dsmEventLog.log
Two very important rules about syslog.conf:
1. Each line is processed with any regard to a previous line. You can log things to 10 different files if you want. But the line for syslog.log must exclude what you want to be logged somewhere else. Otherwise, you get double logging.
2. syslog.conf must NEVER have any spaces. If a space appears ANYWHERE on a line, it is silently ignored, ie, becomes a comment. All spacing is by tab characters. Use cat -vt to list syslog.conf. It will look like this:
# local5 (ftpd) logged only to /var/adm/syslog/local5.log
# kern (kernel messages) logged only to /var/adm/syslog/kern.log
# daemon (daemon messages) logged only to /var/adm/syslog/daemon.log
# auth (authentication messages) logged only to /var/adm/syslog/auth.log
# lpr (lp messages) logged only to /var/adm/syslog/lp.log
*.info;mail.none;local0.none;local5.none;auth.none;user.none;lpr.none;daemon.notice;kern.notice;^I/var/adm/syslog/syslog.log
mail.debug^I/var/adm/syslog/mail.log
local5.info^I/var/adm/syslog/ftpd.log
auth.info^I/var/adm/syslog/auth.log
daemon.info^I/var/adm/syslog/daemon.log
kern.info^I/var/adm/syslog/kern.log
lpr.info^I/var/adm/syslog/lpr.log
Bill Hassell, sysadmin
