I suggest using a much simplified syslog-ng.conf for testing. Try something like this: options { check_hostname(yes); # check if the hostname contains valid characters use_dns(no); # do not resolve names for speed dns_cache(no); # no DNS cache since we do not resolve names keep_hostname(yes); # keep hostnames to enable related macros chain_hostnames(no); # do not track / forward syslog forwarder chain # options related to file and directories create_dirs(yes); }; destination d_separatedbyhosts { file("/data/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY"); }; The destination will automatically split out the data, creating separate directories and files for *anything* received. I would also suggest a simpler network source (for testing) source s_network { udp(); tcp(); }; log { source(s_network); destination(d_separatedbyhosts); }; Then when you see a packet come in *TO* the syslog-ng box with tcpdump, you can immediately verify whether or not it is logged. Once that is working, you can move back to your desired configuration file (and if something breaks, you know you are at least getting the logs). Jim ---- Riyas Ahamed <Riyas.Ahamed@csscorp.com> wrote:
Hi,
I have configured a syslog-ng server to capture network logs. I can able to fetch network logs of three devices.
But in fourth network device I can able to see packets are get polling into the syslog server in port 514 by using tcpdump command but I cannot find the network device in syslogng front end.
Syslog OS : CentOS release 6.5 (Final)
Syslog Version : syslog-ng 3.2.5
Along with this mail I have attached configuration file of syslogng server.
Please help me to resolve this issue.
Regards, N.B.RIAZ AHMED (9047166496)