Hi,
2. a capture of the network traffic which proves that the logs arrive to your host Network traffic is definetly arriving at my host, because *this* works:
############################################################## source net { udp(ip("0.0.0.0") port(514)); }; destination netlog { file("/var/log/netlog/net.log" template( "[$YEAR/$MONTH/$DAY $HOUR:$MIN:$SEC] '$HOST' '$PRIORITY' $MESSAGE\n")); }; log { source(net); destination(netlog); }; ##############################################################
The file /var/log/netlog/net.log is written and has the following content:
[2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302013: Built outbound TCP connection 1296007 for proxy :192.168.xx.xx/8080 (192.168.xx.xx/8080) to inside:192.168.xx.xx/39564 (192.168.xx.xx.1/39564) [2008/09/18 16:24:44] '192.168.xx.xx' 'info' %ASA-6-302014: Teardown TCP connection 1296007 for proxy:192.1 68.xxx.xxx/8080 to inside:192.168.xxx.xxx/39564 duration 0:00:00 bytes 1343 TCP FINs etc.
OK, so syslog-ng gets the log from the network. Your config seems valid to me, so I fear I can't help you further :( You could try to start syslog-ng in verbose mode to see whether it complains about the destination. Regards, Sandor -------------------------------------------------------- NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.