Hi all. Using syslog-ng version 1.4.15. I'm trying to set up a network of machines all running syslog-ng in a testbed. Some machines run Solaris 5.8, others are Sun-Cobalts runing a flavor of Linux. I have successfully compiled when necessary and replaced all the syslogd with syslog-ng on my 4 test machines. Now the hard part is making them all talk to each other, and discovering how to set them to use different ports and TCP vs UDP in some cases. I have the following questions so far: Question 1: Is it possible to specify the upd port to listen on, ie something like "source s_udp { udp (666); };" and then instruct the syslog-ng on the sending machine to use that UDP port as a destination? When I tried the above, I got a parsing error when starting up syslog-ng. My whole test scenario is to have one machine called "A1" at the top level "A", that will listen on port 514 for syslog messages using a TCP connection from machine "B1" at level "B". Machine "B1" is a syslog consolidator, that passes syslog messages to A1 over TCP(514) and receives syslogs from other machines "C1", "C2" on level "C". I want to try to configure machine "C1" to output to machine "B1" using UDP(514), and at the same time have machine "C2" forward its syslogs to machine "B1" using TCP(514). It's possible to have many machines at level "C" all writing to machine "B1"'s port TCP(514), right? For the bonus point, can someone help me with the pertinent syntax for source, destination and log statements for my 4 machines? My job depends on me making this work... 8-) (If someone can replace my generic code below with exact code that will be parsed OK...) Machine A1 (10.5.11.9 - Solaris 5.8) source s_tcp { }; destination d_jnr { usertty("jnriopel"); }; log { source (s_tcp); destination (d_jnr); }; Machine B1 (10.5.10.4 - Linux) source s_tcp { frommachineC2}; source s_udp { frommachineC1}; destination d_tcp { tomachineA1 }; log { source (s_tcp, s_udp); destination (d_tcp); }; Machine C1 (10.5.2.8 - Linux) source src {unix stream }; destination d_udptoB1 { udp (machineB1 }; log { source (src); destination (d_udptoB1); }; Machine C2 (10.5.2.16 - Linux) source src {unix stream }; destination d_TCPtoB1 { tcp (machineB1 }; log { source (src); destination (d_TCPtoB1); }; Question 2: PMI, but I understand from my IP theory that I can send messages to another machine using UDP whether that machine is listening or not and not get errors, whereas is I want to talk using TCP, the machine I am talking to needs to have a listen set up first, ie I need to have syslog-ng running on A1 before I can start it on B1 otherwise B1 will complain about not being able to set up the connection, right? Will messages get lost or queued while waiting for A1 to start listening? Question 3: What is the syntax of the source and destination statements for two machines using syslog-ng and wanting to communicate over TCP port 666, say? (As in my link between A1 and B1 above except for the non-standard port number.) Jacques