For whatever reason, my syslogd probe IS configured to listen on the UDP port by default... I confirmed this by stopping syslogd, starting syslog-ng and then trying to restart syslogd. Syslogd would not start because it could not hook to port 514... Creating the /etc/default/syslogd was the answer. There is also a "-t" option for syslogd that may also do the same thing. As for your other suggestion. I was unable to get syslogd to forward anything to @localhost. It would complain at startup it was undefined (it is not). When I put @theactualhostname, no compaints on startup, but that didn't seem to do it either. So I went back and took the @theactualhostname definition out of syslogd.conf (making syslogd.conf "stock") and put the sun-streams src back in syslog-ng. That seems to have done the trick. Both syslogd and syslog-ng "see" local system messages and take appropriate action(s). So I guess there is no issue with syslog & syslog-ng "sharing" the /dev/log stream. Can someone confirm I won't run into problems with this config? So now I believe I have the best of both worlds... The SA can have his syslog.conf file and whatever files he wants to do there. All remote syslog traffic is received and managed by syslog-ng. The SA never liked the fact that forwarded syslog messages "gummed up" /var/adm/messages anyway... ;-) Thanks, Jim Brunke ------------------------------------------------------------------------------- - From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng- admin@lists.balabit.hu] On Behalf Of Pedroche, Raúl Sent: Wednesday, July 14, 2004 3:52 AM To: 'syslog-ng@lists.balabit.hu' Subject: RE: [syslog-ng]syslog-ng on Sol8 - newbie questions The idea would be configuring syslogd to not to listen on UDP and send messages to it, while syslog-ng listens on UDP socket and does not read from /dev/log. You can add a line "LOG_FROM_REMOTE=NO" to /etc/default/syslogd (but it should not be necessary, as Solaris syslogd does not listen on UDP port by default) and add a line to /etc/syslog.conf alike to whatever.whatever,*.somethingelse @localhost Then create (and use) an UDP source in syslog-ng.conf and NOT a source of type sun-streams. -----Original Message----- From: jbrunke@ctsgi.com [mailto:jbrunke@ctsgi.com] Sent: Tuesday, July 13, 2004 10:18 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]syslog-ng on Sol8 - newbie questions I'm running Solaris 8. I would like to setup syslog-ng and syslogd to operate together. Reading the faq, it says: Q: I'm new to syslog-ng. Is there a way for syslog-ng and syslogd to co- exist?... A: Yes, syslog-ng can accept messages from stock syslogd using the udp() source. Can anyone give me more specifics on how to setup the source for this setup? We've got syslogs forwarded from our network gear to this box so I want to make sure syslog-ng can get those forwarded messages from syslogd. Also, can anyone give a suggested filter setup for the following syslog.conf entry: local7.notice;*.err;kern.debug;daemon.notice;mail.none /var/log/error.log Thanks, Jim _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html ********************************************************************** COLT Telecom Espana S.A. Oficina Registrada en: Telemaco, 5 28027 Madrid Tel. +34 91 789 9000 This message is subject to and does not create or vary any contractual relationship between COLT Telecommunications, its subsidiaries or affiliates ("COLT") and you. Internet communications are not secure and therefore COLT does not accept legal responsibility for the contents of this message. Any view or opinions expressed are those of the author. The message is intended for the addressee only and its contents and any attached files are strictly confidential. If you have received it in error, please telephone the number above. Thank you. **********************************************************************