https://bugzilla.balabit.com/show_bug.cgi?id=218 --- Comment #1 from Balazs Scheidler <bazsi@balabit.hu> 2013-02-02 21:44:17 --- I think you misunderstand how syslogd works. That line in syslogd means that messages tagged facility "local6", severity "info" or above, should be written into /var/log/syslog. It is essentially a filter. You can do the same with syslog-ng, but you can also ask syslog-ng to send everything into a file regardless of filters. Here's a sample: # source omitted for brevity source s_local { ... }; filter f_oracle { facility(local6); } destination d_oracle { file("/var/log/oracle.log"); }; log { source(s_local); filter(f_oracle); destination(d_oracle); }; But if you want to put everything to the same file, you can completely omit the filter part: source s_local { ... }; destination d_syslog { file("/var/log/syslog"); }; log { source(s_local); destination(d_syslog); }; Basically, the "log" statement tells syslog-ng what actions to perform on messages coming from a (set of) sources. They establish connections between input and output channels of syslog-ng, potentially with additional processing. BTW: your source declaration is redundant, system() is a source that expands to the system specific local log transport of the underlying OS, on Solaris it expands to the stuff you wrote there. BTW/2: syslog-ng has a nice documentation, you might want to start with section 2.2, which outlines the basic processing model of syslog-ng. Hope this helps. source s_local { system(); sun-streams("/dev/log" door("/etc/.syslog_door")); }; -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.