One thing more.
source local { sun-door("/etc/.syslog_door"); internal(); };
I tryed with:
source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); };
And thats what a i get:
do_init_afstreams_source: Cannot open sun-stream /dev/log (Operation not supported on transport endpoint) Error initializing configuration, exiting.
Most probably you ran syslog-ng with unix-stream("/dev/log") or something like this, which removes your original log device, and creates a unix socket. Newer versions refuse to overwrite non-socket files. This is how it should look like: lrwxrwxrwx 1 root root 27 Jan 13 1998 /dev/log -> ../devices/pseudo/log@0:log btw: I suggest you to use 1.3.13. Lot of things have been cleaned up, some features have been added, and it should be quite stable now. Debian Linux has it as a package, and the only bugs reported were compilation issues on Alpha and PPC. (and of course the recently reported bugs with the program() destination) As soon as I've a little bit more time, I clean these up, and release 1.4.0. In the 1.5.x versions I plan to implement authentication and encryption support, date manipulation (adding the year field for instance), an inter-syslog-ng protocol (which uses tagging, so newer meta- and non-meta fields can be added easier) and maybe rewrite rules to modify log lines along the way. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt