I've installed syslog-ng 1.4.5 on a Solaris system and am having trouble
"seeing" messages I know are arriving from remote CISCO devices
on the local7 facility. (Or even messages via logger -p
local7.whatever.)
The source statement I have in syslog-ng.conf is:
source stdlog {
sun-streams("/dev/log" door("/etc/.syslog_door"));
internal(); };
(This is as suggested in the INSTALL file provided with the
package, except for the addition of the internal clause, the inclusion of
which makes no difference in the way syslog-ng is performing.)
I have a number of filters, destinations, and log clauses, with some
messages "log"ged more than once. (This multiple logging
practice seems to work fine on our AIX server.)
If I ignore all of the filters and simply log all output to
/var/adm/messages, it would appear all messages EXCEPT those
coming in on the local7 facility (we're also looking for local0 and
local1 messages, but I have not verified any have occurred and that
therefore syslog-ng is or is not handling those as well) go to the
messages file.
Is there something special I should be doing on a Solaris system (a realm
WAY outside my experience base) to include local7 logs? Is there a
modification to the above source statement that is required for messages
from external devices?
Thanks!
---
John A. Parker Senior
Programmer/Analyst - AIX Cornell
University
jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)