Sorry (in advance) if this is a dimwitted question……

I've slurped down and compiled these components on my Solaris 8 system:
pkg-config-0.19; glib-2.8.1; eventlog-0.2.3+20050116+1856; and finally the non-snapshot flavor of syslog-ng 1.9.5.

Everything appears to have compiled OK, and I am able to load and execute syslog-ng, and it actually operates, albeit not exactly right (which is the driver for this email).

I have a 1.6.8 version of syslog-ng that "eats" my (fairly simple) config file, and sorts thru the incoming syslog traffic, filtering it to one of three primary target files, based upon facility/level combinations.  These log statements all use a flags-final setting.  There is one final (fourth) log statement that feeds a catch-all file, with anything not distributed to the first three files.  When using the 1.6.8 executable, these four files accumulate data, as anticipated (i.e. everything works just fine).

However, when I attempt to utilize the new 1.9.5 executable (on the same system), nothing is fed to the first three files.  The only file getting any input is the final, catch-all file.  Essentially, the only difference between the catch-all statement, and the filtered statements, is the existence of the filters on those statements, which reference filters similar to this:

filter f_1 { facility(local5) and level(debug..emerg); };

It's not clear to me why the filtering activity is failing.  Again, those filters are fine in a 1.6.8 setting.

So… I'm looking for any input as to what might be a potential root problem.  Obviously, there are a whole set of different pre-req components for the 1.9.5 world.  I'm not sure if I'm dealing with some compatibility problem amongst the component versions that I've selected(?), or if the problem lies elsewhere.

Thanks for any and all input and suggestions.

Marvin Nipper
Director of Security
Stream
mailto:marvin.nipper@stream.com
PGP Key ID: 0xD3EB5CE5 (RSA); 0x8EE28551 (DSS/DH)