I got that part fixed thanks Zoltan. My next question is I set up this box (AIX 5.3) to be the central server and configure a client to forward syslog and it looks like the client is doing it: # /usr/sbin/syslogd -d 0821-600 /usr/sbin/syslogd: continuing without SRC support syslogd: bind: errno = 67 logmsg: pri 53, flags 8, from t01labax08, msg syslogd: bind: errno = 67 off & running.... init cfline(*.debug @10.13.6.83) cfline(*.debug;mail.none @10.13.6.83) cfline(*.crit @10.13.6.83) cfline(mail.debug @10.13.6.83 ) 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83 7 7 X 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 X FORW: 10.13.6.83 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 X FORW: 10.13.6.83 X X 7 X X X X X X X X X X X X X X X X X X X X X X FORW: 10.13.6.83 logmsg: pri 56, flags 8, from t01labax08, msg syslogd: restart Logging to FORW 10.13.6.83 Logging to FORW 10.13.6.83 syslogd: restarted readfds = 0x10 got a message (-1, 0x10) readfds = 0x10 got a message (-1, 0x10) 10.13.6.83 is my designated server and its seems it is not getting the forwarded log messages, here is how my syslog.conf for remote logging: source s_tcp { # syslog(transport(tcp)); udp(ip(10.13.6.83) port(514)); tcp(ip(10.13.6.83) port(5149) max-connections(333)); }; destination d_tcp { file("/var/log/messages_tcp" owner("root") group("adm") perm(0640)); }; I do not see any traffic coming to my client t01labax08 going to my syslog server and /var/log/messages_tcp not even been created. Again what am I missing here? Sorry I'm syslog-ng newbie here.... Thanks and regards, Agustin Lozada UNIX System Admin 713-207-2474 From: Zoltán Pallagi [mailto:pzolee@balabit.hu] Sent: Thursday, March 18, 2010 1:42 PM To: Syslog-ng users' and developers' mailing list; Lozada, Agustin T Subject: Re: [syslog-ng] Server conf for syslog-ng.conf Hi, replace this line: source s_network { syslog(transport(tcp))}; with this one(missing semicolon at the end of last bracket): source s_network { syslog(transport(tcp));}; 2010.03.18. 19:29 keltezéssel, Lozada, Agustin T írta: @version:3.0 options { time_reap(30); mark_freq(10); keep_hostname(yes); }; source s_local { unix-stream("/dev/log"); internal();}; source s_network { syslog(transport(tcp))}; destination d_logs { file( "/var/log/syslog-ng/logs.txt" owner("root") group("root") perm(0777) ); }; log { source(s_local); source(s_network); destination(d_logs); }; -- pzolee