<span style="font-family: courier new,monospace;">Hello,</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">I am using the sunfreeware build of syslog-ng 3.04 on a Solaris 10 Update 8 system:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">syslog-ng 3.0.4</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#1b5d618e301ad94aa20e692ffba16469dece8d10</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Compile-Date: Sep 2 2009 05:14:23</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-Threads: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Debug: off</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-GProf: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Memtrace: off</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-Sun-STREAMS: on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Sun-Door: on</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-IPv6: on</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Spoof-Source: on</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-TCP-Wrapper: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-SSL: on</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-SQL: off</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Enable-Linux-Caps: off</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Enable-Pcre: on</span><br style="font-family: courier new,monospace;">
<br>My internal() source is working but the sun-streams source is not.<br><br><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Here are my options:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">options {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> use_fqdn(no);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> flush_lines(0);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> dir_perm(0755);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> dir_group(sysadmin);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> dir_owner(root);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> perm(0644);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> stats_freq(300);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> use_dns(no);</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> create_dirs(yes);</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> time_reopen(10); </span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Here are my sources:</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source s_internal { internal(); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">source s_udp { udp(); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">source s_tcp { tcp(); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">source s_streams { sun-streams ("/dev/log" door("/etc/.syslog_door")); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Here are my filters so far:</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"># Level Filters</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_emerg { level (emerg); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_alert { level (alert .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_crit { level (crit .. emerg); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_err { level (err .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_warning { level (warning .. emerg); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_notice { level (notice .. emerg); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_info { level (info .. emerg); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_debug { level (debug .. emerg); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"># Facility Filters</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_kern { facility (kern); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_user { facility (user); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_mail { facility (mail); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_daemon { facility (daemon); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_auth { facility (auth); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_syslog { facility (syslog); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_lpr { facility (lpr); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_news { facility (news); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_uucp { facility (uucp); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_cron { facility (cron); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_local0 { facility (local0); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local1 { facility (local1); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_local2 { facility (local2); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local3 { facility (local3); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_local4 { facility (local4); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local5 { facility (local5); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">filter f_local6 { facility (local6); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">filter f_local7 { facility (local7); };</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Here are my destinations so far:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"># Destinations: local files, the console, and the client files</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">destination l_internal { file ("/var/adm/syslog-ng"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination l_authlog { file ("/var/log/authlog"); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">destination l_messages { file ("/var/log/messages"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination l_maillog { file ("/var/log/maillog"); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">destination l_ipflog { file ("/var/log/ipflog"); };</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">destination l_imaplog { file ("/var/log/imaplog"); };</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">destination l_syslog { file ("/var/log/syslog"); };</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">destination l_console { file ("/dev/console"); };</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Here are my log statements:</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">log { source (s_internal); destination (l_internal); };</span> # <==== this one is working<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">log { source (s_streams); filter (f_kern); filter (f_debug); destination (l_messages); };</span> #<====== this on is not working<br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">I have tried the following logger tests and am not getting anything logged:</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p kern.debug "some message"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">logger -p kern.crit "some message"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">logger -p <a href="http://kern.info">kern.info</a> "some message"</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">I have restarted syslog-ng and ensured that it is using my most recent syslog-ng.conf file.</span><br><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Thanks for any help,</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">CC</span><br style="font-family: courier new,monospace;">