Hello, I have an interesting problem. I have a loghost with the servername of FFLOGSVR. Everything works wonderfully except that FFLOGSVR isn't logging its own logs. When I perform the command "logger FFLOGSVR" I do not see entry in my syslog. I have attached my syslog-ng.conf for review. Thank you in advance, -- - Doug Hanks = dhanks(at)gmail(dot)com # Syslog-ng (new generation) configuration file # syslog.conf by Doug Hanks 9/25/04 # Global options options { time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (yes); use_fqdn (no); create_dirs(yes); dns_cache(yes); keep_hostname(yes); }; # Define where the logs come from - udp and /dev/log only source gateway { unix-stream("/dev/log"); internal(); udp(port(514)); }; # Define some filters so we can break down the logs by facility filter f_auth { facility(auth); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; # LogWatch filter f_logwatch { match("su") or match("ssh") or match("sudo"); }; # SU filter f_su_0 { match("su: from [a-zA-Z0-9]+ to") or # AIX match("'su [a-zA-Z0-9]+' succeeded for") or # Solaris match(": su : \+"); # HPUX }; filter f_su_1 { match("su: BAD SU from") or # AIX match("'su [a-zA-Z0-9]+' failed for") or # Solaris match(": su : \-"); # HPUX }; # SSH filter f_ssh_0 { match("Accepted [a-zA-Z0-9]+ for") or # AIX, Solaris, and HPUX match("[a-zA-Z0-9]+ authentication for user [a-zA-Z0-9]+ accepted"); # SAP }; filter f_ssh_1 { match("Failed [a-zA-Z0-9]+ for") or # AIX, Solaris, and HPUX match("[a-zA-Z0-9]+ authentication for user [a-zA-Z0-9]+ failed"); # SAP }; # SUDO filter f_sudo_0 { match("sudo:"); }; filter f_sudo_1 { match("sudo:") and ( match("command not allowed") or match("user NOT in sudoers") ); }; # Define containers where you want to stuff the logs destination localhost { file("/usr/logs/syslog/messages.all"); }; destination loghost { file("/usr/logs/HOSTS/$HOST/messages" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) ); }; # Program template for alerts destination fifo_alert { program("/usr/local/sbin/email-syslog-alert" template("$HOST:$PROGRAM:$MSG\n") template-escape(yes) ); }; # SU log destination su_0 { file("/usr/logs/syslog/messages.su0"); }; destination su_1 { file("/usr/logs/syslog/messages.su1"); }; # SSH logs destination ssh_0 { file("/usr/logs/syslog/messages.ssh0"); }; destination ssh_1 { file("/usr/logs/syslog/messages.ssh1"); }; # SUDO logs destination sudo_0 { file("/usr/logs/syslog/messages.sudo0"); }; destination sudo_1 { file("/usr/logs/syslog/messages.sudo1"); }; # LogWatch destination logwatch { file("/usr/logs/syslog/logwatch.log"); }; # Regular syslogs destination authlog { file("/usr/logs/syslog/messages.auth"); }; destination cron { file("/usr/logs/syslog/messages.cron"); }; destination daemon { file("/usr/logs/syslog/messages.daemon"); }; destination kern { file("/usr/logs/syslog/messages.kern"); }; destination lpr { file("/usr/logs/syslog/messages.lpr"); }; destination user { file("/usr/logs/syslog/messages.user"); }; destination mail { file("/usr/logs/syslog/messages.mail"); }; destination debug { file("/usr/logs/syslog/messages.debug"); }; destination messages { file("/usr/logs/syslog/messages"); }; destination console { file("/dev/console"); }; # Bring the sources, filters (if any) together and shove it in a log (read destination) log { source(gateway); destination(localhost); }; log { source(gateway); destination(loghost); }; # FIFO alert log { source(gateway); filter(f_su_1); destination(fifo_alert); }; log { source(gateway); filter(f_ssh_1); destination(fifo_alert); }; log { source(gateway); filter(f_sudo_1); destination(fifo_alert); }; # Log SU to roots log { source(gateway); filter(f_su_0); destination(su_0); }; log { source(gateway); filter(f_su_1); destination(su_1); }; # Log SSH stuff log { source(gateway); filter(f_ssh_0); destination(ssh_0); }; log { source(gateway); filter(f_ssh_1); destination(ssh_1); }; # Log SUDO stuff log { source(gateway); filter(f_sudo_0); destination(sudo_0); }; log { source(gateway); filter(f_sudo_1); destination(sudo_1); }; # A master log of SSH, SUDO and SU for LogWatch log { source(gateway); filter(f_logwatch); destination(logwatch); }; # Break down the logs further log { source(gateway); filter(f_auth); destination(authlog); }; log { source(gateway); filter(f_cron); destination(cron); }; log { source(gateway); filter(f_daemon); destination(daemon); }; log { source(gateway); filter(f_kern); destination(kern); }; log { source(gateway); filter(f_mail); destination(mail); }; log { source(gateway); filter(f_user); destination(user); }; log { source(gateway); filter(f_debug); destination(debug); }; log { source(gateway); filter(f_messages); destination(messages); }; log { source(gateway); filter(f_emergency); destination(console); };