"Shaw, Richard W" wrote:
Hi Drew
I've tried your extra setting but I still get nothing about our cisco routers in the cisco.log or the sys.log files I'd setup for syslog-ng. I do however still get them via the syslogd. Is there something I'm missing out of the source bit of the code ?
maybe it helps: (please excuse my lame english) it works for me the following way : cisco router logging facility daemon logging source-interface Loopback0 logging xx.xx.xx.212 logging xx.xx.xx.213 source-interface is important because if you don't do that the sender ip is the outgoing interface ip !!! the syslog servers are sun boxes. a year ago i did not managed it letting syslog-ng recieving (machine)internal syslog messages(solaris problem) - so i did a very dirty trick - changed the default syslog entry in the /etc/services to another port. now my old sylogs comes up and listens on another udp port. now i can start syslog-ng with: source net { udp(ip(xx.xx.xx.xx) port(514)); }; check which syslog is running with: lsof -i udp:514 now you should get an line with "syslog-ng". for testing use snoop or tcpdump ... xxxxxx:/usr/local/syslog-ng/etc>snoop -d hme0 udp port 514 Using device /dev/hme (promiscuous mode) zswitch5 -> xxxxxx SYSLOG C port=1028 <190>%MGMT-6-LOGINFA now you should get messages into you syslog-ng files. every following error should be a result from syslog-ng misconfiguration. bye werner Life is not fair. But the root password helps --------------------------------------------- email: werner.dundler@austrocontrol.at