Syslog-ng experts. I am very new to syslog-ng. I installed syslog-ng on a fresh Redhat 7.3 server. It defaults working with internal logging. So I configured my firewall to send syslog with facility set to log_user. I turned on Wireshark on the syslog-ng server and observed the firewall sending traffic to the server on udp 514. But the syslog server never created the directory structure and logs. I disabled the redhat firewall just to eliminate it as a possibility. Still no logging. So I don’t know what I am doing wrong at this point. I don’t know if this is a permission problem or some other configuration issue. I found someone that had posted a very basic syslog-ng configuration for firewalls. So I copied It into a firewall.conf I put in conf.d. Can anyone see what might be wrong with it? #################### options { create_dirs(yes); owner(root); group(root); perm(0640); dir_owner(root); dir_group(root); dir_perm(0750); }; ################################################## source s_udp { udp(port(514)); }; #Template for a new firewall in the firewalls.conf file #Entries to be changed: NAMEOFTHEFIREWALL and IPOFTHEFIREWALL ################################################## filter f_NAMEOFTHEFIREWALL { host("192.168.30.1"); }; destination d_NAMEOFTHEFIREWALL { file("/var/log/firewalls/PA/$YEAR/$MONTH/$YEAR-$MONTH-$DAY.PA.log"); }; log { source(s_udp); filter(f_NAMEOFTHEFIREWALL); destination(d_NAMEOFTHEFIREWALL); }; Tim Tyler Network Engineer Beloit College