I'v put the localhost on source, but it's an error, i change it for the Ip adress of the nic that i connect to the tap.

 

But syslog call from remote server continu to goes in the /var/log/message instead of /var/log/SPSSOWL1/$YEAR/$MONTH/$DAY/$HOST.log"

Like it's configure in the syslog-ng.conf.

 

Do you want i paste here my syslog-ng.conf ? (i only change source net { udp(ip(127.0.0.1) port(514)); };  for    source net { udp(ip(192.168.33.8) port(514)); };

 

 

 

Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel:   Francis.provencher@Msp.gouv.qc.ca
 
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +