Hi,<br><br>I am not getting all the messages  in the message log files . If someone helps me , it will be really appreciated.<br>We have remote servers , where we are keeping the log files too. <br><br>I feel that the problem is in the filter.  Please correct me.  I want all the logs will be reported .<br>
<br>Mentioning below the configuration file on each server. These are all same throughout.<br><br>Thanks in advance.<br><br>_________________________________________________________<br>options {       sync (0);<br>                time_reopen (10);<br>
                log_fifo_size (1000);<br>                long_hostnames(off);<br>                use_dns (yes);<br>                use_fqdn (no);<br>                create_dirs (yes);<br>                keep_hostname (yes);<br>
                stats (3600);<br>};<br><br>source src {    unix-stream(&quot;/dev/log&quot;);<br>                internal();<br>                pipe(&quot;/proc/kmsg&quot;);<br>    };<br><br># Remote logging<br>################<br>
## Auth log<br>destination loghost1 { tcp(&quot;<a href="http://log1.xx.org">log1.xx.org</a>&quot; port(514)); };<br>destination loghost2 { tcp(&quot;<a href="http://log2.xx.org">log2.xx.org</a>&quot; port(514)); };<br>destination loghost3 { tcp(&quot;<a href="http://log3.xx.org">log3.xx.org</a>&quot; port(514)); };<br>
filter f_auth { facility(auth); };<br>log { source(src); filter(f_auth); destination(loghost1); };<br>log { source(src); filter(f_auth); destination(loghost2); };<br>log { source(src); filter(f_auth); destination(loghost3); };<br>
#<br>## Authpriv log<br>destination loghost1 { tcp(&quot;<a href="http://log1.xx.org">log1.xx.org</a>&quot; port(514)); };<br>destination loghost2 { tcp(&quot;<a href="http://log2.xx.org">log2.xx.org</a>&quot; port(514)); };<br>
destination loghost3 { tcp(&quot;<a href="http://log3.xx.org">log3.xx.org</a>&quot; port(514)); };<br>filter f_authpriv { facility(auth, authpriv); };<br>log { source(src); filter(f_authpriv); destination(loghost1); };<br>
log { source(src); filter(f_authpriv); destination(loghost2); };<br>log { source(src); filter(f_authpriv); destination(loghost3); };<br><br>##  Everything log<br>destination loghost1 { tcp(&quot;<a href="http://log1.xx.org">log1.xx.org</a>&quot; port(514)); };<br>
destination loghost2 { tcp(&quot;<a href="http://log2.xx.org">log2.xx.org</a>&quot; port(514)); };<br>destination loghost3 { tcp(&quot;<a href="http://log3.xx.org">log3.xx.org</a>&quot; port(514)); };<br>filter f_everything { level(debug..emerg); };<br>
log { source(src); filter(f_everything); destination(loghost1); };<br>log { source(src); filter(f_everything); destination(loghost2); };<br>log { source(src); filter(f_everything); destination(loghost3); };<br>#<br># Local logging<br>
################<br><br># Local Destinations<br>#%%%%%%%%%%%%%%%%%%%<br>destination authpriv { file(&quot;/var/log/authpriv.log&quot;); };<br>destination auth { file(&quot;/var/log/auth.log&quot;); };<br>destination syslog { file(&quot;/var/log/syslog.log&quot;); };<br>
destination messages { file(&quot;/var/log/messages.log&quot;); };<br>destination cron { file(&quot;/var/log/cron.log&quot;); };<br>destination daemon { file(&quot;/var/log/daemon.log&quot;); };<br>destination kernel { file(&quot;/var/log/kernel.log&quot;); };<br>
destination lpr { file(&quot;/var/log/lpr.log&quot;); };<br>destination mail { file(&quot;/var/log/mail.log&quot;); };<br>destination debug { file(&quot;/var/log/debug.log&quot;); };<br>#<br>#<br>destination console { usertty(&quot;root&quot;); };<br>
destination console_all { file(&quot;/dev/tty12&quot;); };<br><br># Local Filters<br>###############<br>filter f_syslog { not facility(authpriv, mail); };<br>filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); };<br>
filter f_authpriv { facility(auth, authpriv); };<br>filter f_auth { facility(auth); };<br>filter f_cron { facility(cron); };<br>filter f_daemon { facility(daemon); };<br>filter f_kernel { facility(kern); };<br>filter f_lpr { facility(lpr); };<br>
filter f_mail { facility(mail); };<br>filter f_debug { not facility(auth, authpriv, news, mail); };<br>#<br>#<br>filter f_emergency { level(emerg); };<br>filter f_info { level(info); };<br>filter f_notice { level(notice); };<br>
filter f_warn { level(warn); };<br>filter f_crit { level(crit); };<br>filter f_err { level(err); };<br><br># Local Log<br>############<br>log { source(src); filter(f_syslog); destination(syslog); };<br>log { source(src); filter(f_messages); destination(messages); };<br>
log { source(src); filter(f_authpriv); destination(authpriv); };<br>log { source(src); filter(f_auth); destination(auth); };<br>log { source(src); filter(f_cron); destination(cron); };<br>log { source(src); filter(f_daemon); destination(daemon); };<br>
log { source(src); filter(f_kernel); destination(kernel); };<br>log { source(src); filter(f_lpr); destination(lpr); };<br>log { source(src); filter(f_mail); destination(mail); };<br>log { source(src); filter(f_debug); destination(debug); };<br>
#<br>log { source(src); filter(f_emergency); destination(console); };<br>log { source(src); destination(console_all); };<br>#<br><br>## END /etc/syslog-ng/syslog-ng.conf<br><br><br>_________________________________________________________<br>