Hi Again, Below is the whole syslog-ng.conf file . Yes, it is not separating as in /host/somehost/year/month/day .. -- ## syslog-ng source remote { unix-stream("/var/run/log"); internal(); pipe("/dev/klog"); udp(ip(157.1.1.13) port(514)); tcp(ip(157.1.1.13) port(514) keep-alive(yes)); }; destination std { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) grou p(root) perm(0644) dir_perm(0755) create_dirs(yes)); }; log { source(remote); destination(std); }; destination authlog { file("/var/log/auth.log"); }; destination cron { file("/var/log/cron.log"); }; destination debug { file("/var/log/debug.log"); }; destination kern { file("/var/log/kern.log"); }; destination user { file("/var/log/userlog"); }; # This files are the log come from the mail subsystem. # destination maillog { file("/var/log/maillog"); }; destination security { file("/var/log/security"); }; destination messages { file("/var/log/messages"); }; -- Let me know if you need more info, fico On 9/27/05, catenate <infosec@gmail.com> wrote:
On 9/26/05, fico gid <ficohertz@gmail.com> wrote:
Hi Catenate,
From the tcpdump i can see the packets coming into the syslog server but apparently it is not sorting out properly. It goes to the default directory differentiated by only date and not hostname.
What could be the problem ?
What exactly is happening - you mean it logs to your destinations like /var/log/kern.log or that it logs to files below /var/log/hosts but not separated by hostname? Initially you said nothing was being logged at all. Please be specific.
Also, is that really your whole syslog-ng config file? Go ahead and send the whole thing, assuming it's not more than a few hundred lines.