SEC and SYSLOG-NG

I'm trying to use SEC now, instead of SWATCH. Any progress on getting things up on your website?

If I manually run against a log file, it works great, but I'm trying to integrate it into syslog-ng.

I saw a post where you showed the following:

#######################################
destination d_sec {
program("/usr/local/sbin/sec.pl -input=\"-\" -conf=/usr/local/etc/sec.conf >/var/log/sec.err 2>&1");

};

# send all logs to sec
log {
        source(src);
        filter(f_not_brightmail);
        destination(d_sec);
};
#######################################

I made up my own filter to include all facilities so as to watch for everything. But I'm not getting it to work, it never reports back. If I do a "ps -ef", I can see that syslog-ng did start up the SEC process… but no luck.

Any help would be appreciated.

Thanks,
Chris

*******************************
The information contained in this message may be privileged and/or confidential and 
protected from disclosure. If the reader of this message is not the intended recipient, 
or an employee or agent responsible for delivering this message to the intended recipient, 
you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. Note that any views or opinions presented in this 
message are solely those of the author and do not necessarily represent those of Ameren. 
All emails are subject to monitoring and archival. Finally, the recipient should check 
this message and any attachments for the presence of viruses. Ameren accepts no liability 
for any damage caused by any virus transmitted by this email. If you have received this in 
error, please notify the sender immediately by replying to the message and deleting the 
material from any computer. Ameren Corporation 
*******************************