Shane, Here's my base /etc/syslog.conf for Solaris # Push to loghost (/etc/hosts or DNS) [syslog-ng] # syslog-ng handles prioritization/alerting *.warn;*.alert;*.emerg;*.err;*.info @loghost # Keep mail annoyances local mail.debug /var/log/syslog.mail # Keep consistency for debugging/console work kern.notice;auth.notice /dev/sysmsg kern.debug;daemon.notice;mail.crit /var/adm/messages When in doubt, be explicit (and syslog is m4 parsed so make sure the tabs are really tabs...) HTH, Stew -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Shane Presley Sent: Tuesday, July 05, 2005 12:43 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] syslog.conf for Solaris box to send to Syslog-NG server Hello, I have a syslog-ng centralized host, setup and working great. My routers and various other devices send their messages to it. I'd like to have my Solaris servers send to it as well. They run the solaris syslog deamon, not syslog-ng. I've included the syslog.conf below for a server that we have doing this (forwarding logs). But I didn't set this up myself, and I'd like to understand the format. The line that seems to forward the logs is # Send all messages to the logger *.debug @10.10.10.1 auth.notice @10.10.10.1 Is that sending all syslog messages? Basically we want anything that would normally be logged to /var/adm/messages to go the log server as well. Does the above line only mean debug, or does that mean anything debug or greater? Thanks Shane # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator *.alert root *.emerg * # Send all messages to the logger *.debug @10.10.10.1 auth.notice @10.10.10.1 # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root' user.emerg * _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html