"system@ra-schaal.de" <system@ra-schaal.de> writes:
I try to filter with syslog ng 3.2.4 log files from another server to local files.
The syslog-server receives all log entries from the remote-server.
If i let syslog-server write over "SOURCE network", the log is provided. But the integration in src local does not fold however.
I.e on syslog-server this works: log { source(network); destination(foo); };
but log { source(src); filter (f_foo); destination (d_foo) };
doesn´t contains any entries from the remote server.
That's because you have two sources that both try to listen on udp port 514, which will not work. A better solution would be to remove it from the src source, and use two sources in the log path. Something like this: source src {internal(); unix-dgram("/dev/log"); unix-dgram("/var/lib/named/dev/log"); }; source network { udp(port(514)); }; log { source(src); source(network); filter(f_foo); destination(d_foo); }; -- |8]