"vinod" == vinod samant <vinod.samant.123@gmail.com> writes:
vinod> Hi Gergely, vinod> My configuration my of both client and server side. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> client confg<<<<<<<<<<<<<<<<<<<<<<<<<<< vinod> @version:3.13 vinod> @include "scl.conf" vinod> @define allow-config-dups 1 ...and herein lies one of your problems. You have multiple blocks with the same name (`s_local`, `d_network`, etc). Only one of them will be active, the last one. In case of the client config, it will only forward apache logs, because the last `s_local` block sources from there. If you want to forward system and internal logs too, you'll have to name the block differently. And likely forward to a different port, because in the examples I provided, the server-side will only handle the apache logs correctly. vinod> >>>>>>>>>>>>>>>>>>>>> server side cong<<<<<<<<<<<<<<<<<<<<<<<<<<<< [...] vinod> source s_network{ vinod> udp(); vinod> tcp(); vinod> }; vinod> log { source(s_network); destination(d_from_net); }; The above two snippets will make syslog-ng listen on the default udp & tcp ports, and route every message to the `d_from_net` destination. Which happens to be `/var/log/from_net`. vinod> source s_net { vinod> network(flags(no-parse)); vinod> }; Because the `s_network` source uses the default ports, and so does this, this will not be able to start, because the previous one already occupies the port. vinod> log{ vinod> source (s_net); vinod> parser (p_apache); vinod> destination(d_apache); vinod> }; For the above reason, `s_network` will see no traffic, and nothing will get routed this way. This is why your logs end up in `/var/log/from_net`. I would suggest starting from the simple - but complete - examples I gave, and extending it step-by-step to include other logs than apache. -- |8]