Here's the patch in line. Seems to have caused problems as an attachment. --- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.init 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.init 2008-01-15 15:45:44.000000000 +0000 @@ -13,7 +13,7 @@ # Source function library. . /etc/init.d/functions -binary="/sbin/syslog-ng" +binary="/usr/sbin/syslog-ng" [ -x $binary ] || exit 0 --- syslog-ng-2.0.7/contrib/rhel-packaging/syslog-ng.conf 2007-04-19 19:37:16.000000000 +0000 +++ rhel4/contrib/rhel-packaging/syslog-ng.conf 2008-01-15 15:59:28.000000000 +0000 @@ -1,5 +1,5 @@ # -# configuration file for syslog-ng, customized for remote logging +# configuration file for syslog-ng # source s_internal { internal(); }; @@ -7,21 +7,24 @@ log { source(s_internal); destination(d_syslognglog); }; -# Local sources, filters and destinations are commented out -# If you want to replace sysklogd simply uncomment the following -# parts and disable sysklogd +# Local sources, filters and destinations are commented out. +# +# If you want to replace syslogd and klogd simply uncomment +# the following parts. You will also need to modify +# /etc/logrotate.d/syslog and /etc/logrotate.d/syslog-ng +# appropriately. # # Local sources # #source s_local { # unix-dgram("/dev/log"); -# file("/proc/kmsg" log_prefix "kernel:"); +# file("/proc/kmsg" log_prefix("kernel:")); #}; # # Local filters # #filter f_messages { level(info..emerg); }; #filter f_secure { facility(authpriv); }; -#filter f_mail { facility(mail); }; +#filter f_maillog { facility(mail); }; #filter f_cron { facility(cron); }; #filter f_emerg { level(emerg); }; #filter f_spooler { level(crit..emerg) and facility(uucp, news); }; @@ -47,15 +50,16 @@ #log { source(s_local); filter(f_local7); destination(d_bootlog); }; #log { source(s_local); filter(f_messages); destination(d_messages); }; - -# Remote logging -source s_remote { - tcp(ip(0.0.0.0) port(514)); - udp(ip(0.0.0.0) port(514)); -}; - -destination d_separatedbyhosts { - file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); -}; - -log { source(s_remote); destination(d_separatedbyhosts); }; +# Remote logging. Uncomment these lines if you want this node to +# log messages that are being sent to it from other nodes. +# +#source s_remote { +# tcp(ip(0.0.0.0) port(514)); +# udp(ip(0.0.0.0) port(514)); +#}; +# +#destination d_separatedbyhosts { +# file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes)); +#}; +# +#log { source(s_remote); destination(d_separatedbyhosts); }; ________________________________ From: joe_fegan@hotmail.com To: syslog-ng@lists.balabit.hu Date: Wed, 16 Jan 2008 16:32:49 +0000 Subject: [syslog-ng] 2.0.7 contrib/rhel-packaging/syslog-ng.conf typos Hi, The example syslog-ng.conf in contrib/rhel-packaging of 2.0.7 has some syntax errors and this patch fixes them. I also noticed that this syslog-ng.conf configures syslog-ng to take over logging of messages from remote machines, but not logging of local messages. I think this mix is odd; it should either take over from syslogd altogether or not at all. This patch resolves that mix by commenting out the remote config. The idea is that installing syslog-ng will not interfere with syslogd up front, but will give you hints on how to do it later if you want. Please consider part or all of this patch for upstream. Joe. ________________________________ Join the all-new Windows Live Messenger family Click here! _________________________________________________________________ Get 30 Free Emoticons for your Windows Live Messenger http://www.livemessenger-emoticons.com/en-ie