I've been working on setting up a syslog to do some event per second calculations. I'm trying to log all information from a host such as AIX or Linux to a single file. I can do this with the 'host' option but I am having problems combining this with the local facility option. I've been working with various iterations but here are the major components:

options {
sync(0);
time_reopen(10);
log_fifo_size(1000);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
owner(root);

};

source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
udp(ip(0.0.0.0) port(514));
};

source s_net { udp(); };

And here is an example of the log definitions:

destination sw-089 { file("/var/log/sw-089.log"); };
destination adm1r2 { file("/var/log/adm1r2.log"); };

filter f_adm1r2 { host("172.16.148.60"); };
filter f_sw-089 { facility(local4); };

log { source(s_sys); filter(f_sw-089); destination(sw-089); };
log { source(s_net); filter(f_adm1r2); destination (adm1r2); };

The facility locals seem to be working at all times, but the host does not... any ideas or suggestions?

Thanks,
Dan