I have syslog-ng-3.1.3-1.rhel5.i386.rpm open version installed and want syslog clients to send to the syslog-ng server; The intention is to have the server send all logs to a final syslog destination and a keep a copy in a file locally. The only thing that is working is I am seeing SYSLOG packest via tcpdump. No messages come to the local file and no messages go to the final destination. I installed the rpm and there was no mode option (server, relay, client) I could chose. Your help is appreciated. Here is the syslog conf I am using: @version:3.0 # # Relay all logs to final destination # options { mark_freq(30); keep_hostname(yes); }; source s_local { unix-stream("/dev/log"); internal(); }; source s_network { syslog(transport(udp)); }; destination d_syslog_udp { syslog("xx.xx.xx.xx" transport("udp") ); }; log { source(s_local); source(s_network); destination(d_syslog_udp); }; # # Keep a copy of logs coming over the network locally in a file for Splunk # source s_network { syslog(transport(udp));}; destination d_file { file("/var/log/messages" ); }; log { source(s_network); destination(d_file); }; Julian Bentayeb Lawrence Livermore National Laboratory Information and Communications Systems 925-424-5702
