Hi Martin Thanks for this advice. I was thinking something along these lines. However the problem was that during the installation itself it removed the syslogd deamon so I need to work around that issue and then make the appropriate modifications to the syslog-ng.conf files. For the initial impl I think we would want to just use 'non default' protocol/port on syslog-ng and use standard syslogd for everything else. This seems easy enough with the syslog-ng conf files. We will juat have to work on the installation script problems I guess. Maybe there is a way to non remove syslogd during install but we did not remember having that option at install time. Thanks for the advice. matt -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Martin Schütte Sent: Thursday, November 27, 2008 4:24 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] running syslog-ng and syslogd concurrently? Matt Camuto schrieb:
Has anybody ever run syslogd (in either agent or server mode) on the same machine with syslogd running. Any guidance there would be highly appreciated. We are not in the position to do a hard cross over to syslog-ng for our production environment.
Have not done this myself but some hints: The problem is that the message sources (kernel log buffer, syslog socket, UDP ports) should only be read by one daemon. Thus you should use syslogd to receive messages from the regular sources and let it log everything to an additional fifo or a local socket. (The capabilities are system dependend, if your syslogd does not support fifos then you could use socat to pipe to a socket). Then configure syslog-ng to use this new fifo/socket as a source. -- Martin ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html