Greetings. I must request your assistance. First I wish to say that I greatly appreciate the professional level of this list. I am looking forward to getting syslog-ng functioning properly, as it will greatly reduce my workload. It compiled .... I thought the rest would be easy ;-) I have read through most of the archived list, and thought I had this baby down, but I cannot get syslogs comming from sources other than from the local system to appear. I have tested with the following script and log everything except level(emerg), which is correct, and odly I do not get any facility(kern), which I thought I would, but which is also not quite so important at the moment. ... but still none from external sources. for f in {kern,user,daemon,auth,syslog,local0,local1,local2,local3,local4,local5,local6,l ocal7} do for i in {debug,info,notice,warning,err,crit,alert,emerg} do logger -p $f.$i "Facility $f Level $i" echo "Facility $f Level $i" done done Works great! My main goal is to receive and filter syslogs from Cisco routers, switches, and firewalls. If the standard syslogd is running I can see those external log entries in /var/adm/messages. They look like this: Sep 10 16:41:34 [112.139.47.241.225.185] 645: Sep 10 16:36:52: %SYS-5-CONFIG_I: Configured from console by kparis on vty0 (112.139.47.250) Sep 10 17:03:43 [112.139.47.241.225.185] 646: Sep 10 16:59:00: %SYS-5-CONFIG_I: Configured from console by kparis on vty1 (112.139.47.250) Sep 10 20:30:42 [112.139.47.244.196.210] 2036: Sep 10 20:25:25.921: %SYS-5- CONFIG_I: Configured from console by kparis on vty0 (112.139.47.250) Sep 10 20:30:57 [112.139.47.244.196.210] 2037: Sep 10 20:25:40.997: %SYS-5- CONFIG_I: Configured from console by kparis on vty0 (112.139.47.250) ( I still don't get the format of the host stamp [112.139.47.244.196.210] .... but I believe this is a syslogd thing, and don't think it's the culprit here. ) ( Clarification: Can the standard syslogd be running at the same time as syslog- ng? I have tried it both ways ) If I snoop the interface, I can see the syslog packets arrive. I fear I am missing something fairly basic. I believe I am having difficulty with the "source net", but I can't seem to find what is wrong when compared to the many examples I have seen on this list. None of the "source net" entries shown, nor any variation I can think of, seems to work. I have also tried changing "/etc/.syslog_door" to "/var/run/syslog_door", but this makes no difference either. If I can provide any more clues, I certainly will if I know how. Any help would be appreciated. ********************* Begin Config Stuff *************** Cisco Logging Config: logging buffered 9000 debugging logging rate-limit console 10 except errors logging source-interface FastEthernet1/0 logging 172.16.7.250 ( The default here is logging facility local7. I have also tried logging facility local6, which should werk too ... I am avoiding kern like the plague ) Platform: SunOS 172.16.7.250 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10 Version: syslog-ng-1.4.9a syslog-ng config: ( with which I expect to see any message that arrives except level(emerg) ) # /usr/local/etc/syslog-ng.conf # Start command: /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf - p /var/run/syslog-ng.pid # Re-start command: kill -HUP `cat /var/run/syslog-ng.pid` # Begin # -------- OPTIONS --------------- options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; # -------- SOURCES --------------- #source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); udp (ip(0.0.0.0) port(514)); }; # Didn't werk ... seperate out for clarity source src { sun-streams("/dev/log" door("/etc/.syslog_door")); }; source int { internal(); }; source net { udp(ip(172.16.7.250) port(514)); }; #source net { udp(); }; #source net { sun-streams("/dev/log" door("/etc/.syslog_door")); udp(ip (0.0.0.0) port(514)); }; # Something is not right in the source department ! # # -------- DESTINATIONS ---------- destination d_default { file("/var/adm/log/$MONTH/default"); }; # Many more places in mind # # -------- FILTERS --------------- filter f_debug { level(debug .. alert) and facility(kern, daemon, user, auth, syslog, local0, local1, local2, local3, local4, local5, local6, local7); }; # Catch all for now... I got a book of "matches" in my pocket # # -------- ACTIONS --------------- log { source(src); filter(f_debug); destination(d_default); }; # Add loggers to match added sources log { source(net); filter(f_debug); destination(d_default); }; log { source(int); filter(f_debug); destination(d_default); }; #log { source(src); filter(DEFAULT); destination(d_default); }; # Blast ... All that reading, and I think I still need some help # End Megs of thanks, Ken Paris Sr. Network Systems Engineer, Bluestar Solutions, Inc.