Matt, Thanks. Somehow though, I don't think that worked. Here is my config file. # this file show more or less all the features of syslog-ng options {sync(0); create_dirs(yes);}; source int { unix-stream("/dev/log"); internal(); }; source src { udp(port(514)); }; destination everything { file("/NetscreenLogs/$HOST/$HOST.$MONTH-$DAY-$YEAR.log" owner(NetscreenLogs) group(NetscreenLogs) perm(0777) dir_perm(0777)); }; destination internallogs { file("/var/log/messages"); }; log { source(src); destination(everything); }; log { filter(DEFAULT); destination(internallogs); }; All I am trying to do is have my remote boxes send their syslog messages to my server, and have the server create some semblance of a directory structure. Simple. But, when I watch packets with tcpdump, it seems there are A LOT more udp port 514 packets than there are log records. My tcpdump sessions shows hundreds of udp port 514 packets while my tail -f of my log RARELY updates. Am I losing data?!?!?!? Brian Leveille ------------------- Senior Internetworking Engineer DefendNet Solutions, Inc. www.defendnet.com -----Original Message----- From: matthew.copeland@honeywell.com [mailto:matthew.copeland@honeywell.com] Sent: Wednesday, November 08, 2000 5:22 PM To: 'syslog-ng@lists.balabit.hu' Subject: Re: [syslog-ng]Real time .conf? Add sync(0) to your config file. Matthew M. Copeland Software Engineer On Wed, 8 Nov 2000, Brian Leveille wrote:
What conf settings can I use for my syslog-ng.conf file so that messages are written to disk the instant they are received?
Thanks,
Brian Leveille ------------------- Senior Internetworking Engineer DefendNet Solutions, Inc. www.defendnet.com
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng