Hello,

I have compiled syslog-ng (latest ver syslog-ng 1.6.4) on AIX 5.1 and have configured the client to send sudo logs to the centrilized server. The Network part is working fine, and I know my binary compiled OK.

In addition to sudo activity logging I was going to send logs, produced by the other daemon--sudoscriptd--which logs all root shell activities to some predefined file on the same server (for testing) and later I will send it too. In my case: var/log/sudoscript. I was going to centrilized this one as well, but for now I can't figured out why syslog-ng is NOT READING from the source file.

Also, I was trying: source sudo_scr {pipe("/var/log/sudoscript"); }; - with no success.

PLEASE HELP!

##HERE IS MY syslon-ng.conf####

#cat syslog-ng.conf
options { sync (0);
        mark (10);
          time_reopen (10);
          log_fifo_size (2000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
        };
source sys { unix-dgram("/dev/log" ); internal(); }; #STANDARD staff. This works.

source sudo_scr {file("/var/log/sudoscript"); }; # THIS IS FILE WHICH GROWS as sudoscript writes to it.

#syslog-ng CAN"T READ from it.

destination internal_1 { file("/var/log/sudologs/sudolog"); }; #THIS IS TEMP. DESTINATION FILE (EMPTY?)

destination host01 { tcp(1.5.7.15 port(514)); }; #THIS IS WORKING PART TOO
filter f_sudo { facility(local2); };

log { source(sudo_scr); destination(internal_1); }; # THIS IS NOT WORKING PART

log { source(sys); filter(f_sudo); destination(host01); }; # THIS PART IS WORKING