oops. I should have left out the source(local) on the log line. Drew -----Original Message----- From: Hamilton, Andrew [mailto:Andrew.Hamilton@afccc.af.mil] Sent: Wednesday, February 19, 2003 1:43 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng]Trouble using syslog-ng on Solaris 8 Your config looks ok. If it is starting ok, make sure you are not still running syslogd. Also, you might try to log everything to a test log file to make sure your host is what you expect in your filters. You can set up something like this: destination all_net { file ("/var/log/net/$HOST.log"); }; log { source(local); source(net); destination(all_net); }; That would at least tell you the hosts that your syslog-ng daemon is seeing. Also you can run syslog-ng with the "-dv" switch to see if syslog-ng is actually catching the traffic. Regards, Drew -----Original Message----- From: Robin Brown [mailto:robin_brown@totalcomm.com] Sent: Wednesday, February 19, 2003 1:36 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Trouble using syslog-ng on Solaris 8 Hi, running solaris 8 and syslog-ng 1.5.26. It all seems to start just fine, no errors at startup or when running. But none of the logs get populated and I can see the UDP traffic is still coming in. Any way to see if it's simply not matching the host criteria for some reason? Below is my config, any help is appreciated: source net { udp(); }; source local { sun-streams("/dev/log" door("/etc/.syslog_door"));internal(); }; filter f_mine { host("router1") or host("router2") or host("router3"); }; filter f_theirs { host("xxx.xxx.xxx.79"); }; filter f_next { host("xxx.xxx.xxx.230") or host ("xxx.xxx.xxx.129"); }; filter f_right { host("xxx.xxx.xxx.14"); }; destination mine { file("/var/log/mine.log"); }; destination theirs { file("/var/log/theirs.log"); }; destination next { file("/var/log/next.log"); }; destination right { file("/var/log/right.log"); }; destination all { file("/var/adm/messages"); }; log { source(net); filter(f_mine); destination(mine); }; log { source(net); filter(f_theirs); destination(theirs); }; log { source(net); filter(f_next); destination(next); }; log { source(net); filter(f_right); destination(right); }; log { source(local); destination(all); }; Regards, Robin _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html