List, I am trying (in vain) to get swatch to work with syslog-ng. Here is a list of my system specifics: Freebsd 6.2 syslog-ng-1.6.11 swatch-3.1.1_1 stunnel-4.20 mysql-client-5.1.14 mysql-server-5.1.14 Ok so here is the problem. I can get swatch to read a file via the tail-file option: destination swatch { program("/usr/local/bin/swatch --config-file=/root/.swatchrc --tail-file=/var/log/all.log"); }; This works fine. However when I try to use the read-pipe option, nothing ever comes out: destination swatch { program("/usr/local/bin/swatch --read-pipe=\"cat /dev/fd/0\""); }; I even tried using my mysql.pipe and creating a fifo pipe (swatch.pipe) just for swatch: destination swatch.pipe { pipe("/var/log/swatch.pipe" template("$FULLDATE $HOST $FACILITY:$PRIORITY $MSG\n")); }; destination swatch { program("/usr/local/bin/swatch --config-file=/root/.swatchrc --tail-file=/var/log/swatch.pipe"); }; No dice. My log statement is the same for all of them: log { source(logserver); filter(f_no_stats); destination(swatch); }; with logserver being: source logserver { tcp(ip(127.0.0.1) port(5141) keep-alive(yes) max_connections(100)); }; Which runs over stunnel. Everything else works fine, dumping to mysql, or to a flat file. I tried putting all the destinations on one line, and then separating them out still no dice. From what I've read on the web this is pretty easy to setup. Can anyone tell me what I am doing wrong. Thanks in advance. I am including a copy of my syslog-ng.conf file: # # FreeBSD /etc/syslog.conf file. # # # options # options { long_hostnames(off); keep_hostname(yes); bad_hostname("gconfd"); bad_hostname("^(ctld.|cmd|tmd|last)$"); log_fifo_size(4096); use_dns(yes); dns_cache(yes); time_reopen(10); stats(3600); sync(0); }; # # sources # source localhost { unix-dgram("/var/run/log"); unix-dgram("/var/run/logpriv" perm(0600)); #udp(); #tcp(ip(127.0.0.1) port(5141) keep-alive(yes) max_connections(100)); internal(); file("/dev/klog"); }; source logserver { tcp(ip(127.0.0.1) port(5141) keep-alive(yes) max_connections(100)); }; # # destinations # destination messages { file("/var/log/messages"); }; destination security { file("/var/log/security"); }; destination authlog { file("/var/log/auth.log"); }; destination maillog { file("/var/log/maillog"); }; destination lpd-errs { file("/var/log/lpd-errs"); }; destination xferlog { file("/var/log/xferlog"); }; destination cron { file("/var/log/cron"); }; destination debuglog { file("/var/log/debug.log"); }; destination consolelog { file("/var/log/console.log"); }; destination all { file("/var/log/all.log"); }; destination newscrit { file("/var/log/news/news.crit"); }; destination newserr { file("/var/log/news/news.err"); }; destination newsnotice { file("/var/log/news/news.notice"); }; destination slip { file("/var/log/slip.log"); }; destination ppp { file("/var/log/ppp.log"); }; destination console { file("/dev/console"); }; destination allusers { usertty("*"); }; # Custom destinations destination mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY' , '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; destination archive { file("/var/log/servers/$HOST/$YEAR/$MONTH/$DAY/$FACILITY/$HOST-$FACILITY.$ YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; destination swatch { program("/usr/local/bin/swatch --read-pipe=\"cat /dev/fd/0\""); }; #destination swatch { program("/usr/local/bin/swatch --config-file=\"/root/.swatchrc\" --read-pipe=\"/bin/cat /dev/fd/0 \""); }; #destination swatch.pipe { pipe("/var/log/swatch.pipe" template("$FULLDATE $HOST $FACILITY:$PRIORITY $MSG\n")); }; #destination swatch { program("/usr/local/bin/swatch --config-file=/root/.swatchrc --tail-file=/var/log/all.log"); }; #destination sec { program("/usr/local/bin/sec -input=\"-\" -conf=/usr/local/etc/sec/general.sec"); }; # # log facility filters # filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_not_authpriv { not facility(authpriv); }; filter f_console { facility(console); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_security { facility(security); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; # # log level filters # filter f_emerg { level(emerg); }; filter f_alert { level(alert..emerg); }; filter f_crit { level(crit..emerg); }; filter f_err { level(err..emerg); }; filter f_warning { level(warning..emerg); }; filter f_notice { level(notice..emerg); }; filter f_info { level(info..emerg); }; filter f_debug { level(debug..emerg); }; filter f_is_debug { level(debug); }; # # program filters # filter f_ppp { program("ppp"); }; filter f_slip { program("startslip"); }; # # custom filters # filter f_no_stats { not match("STATS: dropped 0"); }; # # *.err;kern.warning;auth.notice;mail.crit /dev/console # log { source(localhost); filter(f_err); destination(console); }; log { source(localhost); filter(f_kern); filter(f_warning); destination(console); }; log { source(localhost); filter(f_auth); filter(f_notice); destination(console); }; log { source(localhost); filter(f_mail); filter(f_crit); destination(console); }; # # *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages # log { source(localhost); filter(f_notice); filter(f_not_authpriv); destination(messages); }; log { source(localhost); filter(f_kern); filter(f_debug); destination(messages); }; log { source(localhost); filter(f_lpr); filter(f_info); destination(messages); }; log { source(localhost); filter(f_mail); filter(f_crit); destination(messages); }; log { source(localhost); filter(f_news); filter(f_err); destination(messages); }; # # security.* /var/log/security # log { source(localhost); filter(f_security); destination(security); }; # # auth.info;authpriv.info /var/log/auth.log log { source(localhost); filter(f_auth); filter(f_info); destination(authlog); }; log { source(localhost); filter(f_authpriv); filter(f_info); destination(authlog); }; # # mail.info /var/log/maillog # log { source(localhost); filter(f_mail); filter(f_info); destination(maillog); }; # # lpr.info /var/log/lpd-errs # log { source(localhost); filter(f_lpr); filter(f_info); destination(lpd-errs); }; # # ftp.info /var/log/xferlog # log { source(localhost); filter(f_ftp); filter(f_info); destination(xferlog); }; # # cron.* /var/log/cron # log { source(localhost); filter(f_cron); destination(cron); }; # # *.=debug /var/log/debug.log # log { source(localhost); filter(f_is_debug); destination(debuglog); }; # # *.emerg * # log { source(localhost); filter(f_emerg); destination(allusers); }; # # uncomment this to log all writes to /dev/console to /var/log/console.log # console.info /var/log/console.log # log { source(localhost); filter(f_console); filter(f_info); destination(consolelog); }; # # Log to mysql and the archive directory # log { source(logserver); filter(f_no_stats); destination(mysql); destination(archive); }; # # Swatch # #log { source(logserver); filter(f_no_stats); destination(all); }; log { source(logserver); filter(f_no_stats); destination(swatch); }; # # Local server # log { source(localhost); filter(f_no_stats); destination(archive); destination(mysql); }; # # DEBUG # #log { source(localhost); destination(all); }; And a copy of my .swatchrc watchfor /fail/ mail=robert.coward.ctr@deploymenthealth.osd.mil echo exec echo $0 | mail -s\"notice\" $0 R. V. C. R. V. C.