I have syslog-ng-3.1.3-1.rhel5.i386.rpm open version installed and want syslog clients to send to the syslog-ng server; The intention is to have the server send all logs to a final syslog destination and a keep a copy in a file locally.

The only thing that is working is I am seeing SYSLOG packest via tcpdump.

No messages come to the local file and no messages go to the final destination.

I installed the rpm and there was no mode option (server, relay, client) I could chose.

Your help is appreciated.

Here is the syslog conf I am using:

@version:3.0

#

# Relay all logs  to final destination

#

                options {

                mark_freq(30);

                keep_hostname(yes);

                };

                source s_local { unix-stream("/dev/log"); internal(); };

                source s_network { syslog(transport(udp)); };

                destination d_syslog_udp {

                syslog("xx.xx.xx.xx" transport("udp")

                );

                };

                log { source(s_local); source(s_network);

                      destination(d_syslog_udp); };

#

# Keep a copy of logs coming over the network  locally in a file for Splunk

#

                source s_network { syslog(transport(udp));};

                destination d_file {

                file("/var/log/messages"

                );

                };

                log { source(s_network); destination(d_file); };

Julian Bentayeb

Lawrence Livermore National Laboratory

Information and Communications Systems

925-424-5702